Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects infected or not


  • This topic is locked This topic is locked
20 replies to this topic

#1 Mike JT

Mike JT

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 03 August 2010 - 03:46 AM

Hi, I'm new to this forum and could rally do with some advice.
For days now I've been experiencing unwanted redirects when using google. The first time I click on a search result link instead of going to that site my browser is redirected via the IP address 72.233.76.66 and then to a random search engine - some I've heard of some not.
If I go back to the google results page and click on the same link again I am taken to the page I requested.

This does not happen every time I use the pc.

I am running Kaspersky Internet Security 2010 Build 9.0.0.736 which does not identify any malware.
I have also used a variety of other tools (some of which escape me now) however they include: SuperAntiSpyware 4.41.1000, Malwarebytes 1.46 and I have run the F Secure Rescue CD version 3.11 with up to date definition files. Everything reports the pc clean.

At this time I haven't encountered the problem today - coincidence or not I have Java Script disabled in Firefox.

I guess my concern is - is my pc safe to use or not.

I've just downloaded the latest version of Hijackthis - log file as follows:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:18:49, on 03/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
D:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Michael\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.plus.net/index_nlp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Freecorder FLV Service] "D:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\AVP9\mzvkbd3.dll,C:\DOCUME~1\ALLUSE~1\AVP9\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - D:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7952 bytes


Any advice would be very much appreciated.

Mike

BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:05:32 AM

Posted 11 August 2010 - 02:08 AM

Hello, Mike JT.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.
We need to run Defogger
  1. Please download DeFogger to your desktop.
  2. Double click DeFogger to run the tool.
  3. The application window will appear
  4. Click the Disable button to disable your CD Emulation drivers
  5. Click Yes to continue
  6. A 'Finished!' message will appear
  7. Click OK
  8. DeFogger will now ask to reboot the machine - click OK
Note: If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until the end of the fix.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
We need to run an Anti-Rootkit (ARK) scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

If GMER crashes, hangs or blue-screens, do the following
  1. Please Download Rootkit Unhooker Save it to your desktop.
  2. Now double-click on RKUnhookerLE.exe to run it.
  3. Click the Report tab, then click Scan.
  4. Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  5. Wait till the scanner has finished and then click File, Save Report.
  6. Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.
Note:You may get this warning. If so, please ignore it.
"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"


In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log/RKUnhooker log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:05:32 AM

Posted 14 August 2010 - 01:05 AM

Hello Mike JT
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:05:32 AM

Posted 16 August 2010 - 12:48 AM

Due to lack of feedback, this topic has been closed. If you need this topic reopened, please send me a PM with the address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:05:32 AM

Posted 21 August 2010 - 02:29 PM

Topic reopened as per user's request.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#6 Mike JT

Mike JT
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 22 August 2010 - 02:56 AM

Thanks for your help aommaster!

I've run the programs as you advised.

DeFogger ran but did not ask for a reboot - don't know if this is significant but I rebooted anyway.

RSIT - after clicking 'continue' at the disclaimer the following error was reported:

HiJackThis error details:

An unexpected error occurred at procedure: modRegistry - IniGetString(sFile=system.ini, sSection-boot,sValue=Shell)
Error #5 - Invalid procedure call or argument
Windows Version: Windows NT 5.01.2600
MSIE Version: 7.0.5730.11
Hijackthis version: 2.0.4

After sending error details to Trend Micro the program continued.

Logs here:

log.txt

Logfile of random's system information tool 1.08 (written by random/random)
Run by Michael at 2010-08-21 19:49:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (14%) free of 36 GB
Total RAM: 1526 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:54:33, on 21/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Documents and Settings\Michael\Desktop\RSIT.exe
C:\Program Files\trend micro\Michael.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.plus.net/index_nlp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Freecorder FLV Service] "D:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\AVP11\mzvkbd3.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - D:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7806 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Michael backup.job
C:\WINDOWS\tasks\Michael scan and fix.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
Freecorder Toolbar - C:\Program Files\Freecorder\tbFre1.dll [2010-07-28 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll [2010-07-01 68280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [2010-07-01 191160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} - Freecorder Toolbar - C:\Program Files\Freecorder\tbFre1.dll [2010-07-28 2515552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-04 102490]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-04 708698]
"EPM-DM"=c:\acer\epm\epm-dm.exe [2005-06-01 192512]
"ePowerManagement"=C:\Acer\ePM\ePM.exe [2005-03-15 2893824]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PCMService"=C:\Program Files\Arcade\PCMService.exe [2005-03-09 49152]
"LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe [2005-07-25 32768]
"PowerKey"=C:\Program Files\Launch Manager\PowerKey.exe [2002-08-30 94208]
"LManager"=C:\Program Files\Launch Manager\HotkeyApp.exe [2005-06-06 69632]
"CtrlVol"=C:\Program Files\Launch Manager\CtrlVol.exe [2003-09-16 20480]
"LMgrOSD"=C:\Program Files\Launch Manager\OSDCtrl.exe [2005-07-25 241664]
"Wbutton"=C:\Program Files\Launch Manager\Wbutton.exe [2005-07-25 81920]
"DiskeeperSystray"=C:\Program Files\Executive Software\Diskeeper\DkIcon.exe [2005-07-26 184408]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
"QuickTime Task"=D:\Program Files\QuickTime Alternative\QTTask.exe [2010-03-17 421888]
"Freecorder FLV Service"=D:\Program Files\Freecorder\FLVSrvc.exe [2009-11-15 158752]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-07-01 357096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
C:\Program Files\Acer\eRecovery\Monitor.exe [2005-06-29 352256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\Michael\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\DOCUME~1\ALLUSE~1\AVP11\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2010-07-01 228024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BsScanner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveTrack"=1
"NoFileAssociate"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-21 19:49:23 ----D---- C:\rsit
2010-08-21 19:49:23 ----D---- C:\Program Files\trend micro
2010-08-15 10:13:12 ----A---- C:\ComboFix.txt
2010-08-15 09:58:49 ----ASH---- C:\hiberfil.sys
2010-08-14 10:01:43 ----D---- C:\555
2010-08-13 16:16:18 ----A---- C:\WINDOWS\system32\drivers\ql1080.sys
2010-08-12 08:26:06 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-12 08:25:51 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-12 08:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-12 08:20:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-12 08:20:41 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-12 08:18:20 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-12 08:18:06 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-08 09:16:44 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-03 08:59:21 ----D---- C:\WINDOWS\Minidump
2010-08-03 08:13:20 ----A---- C:\WINDOWS\imsins.BAK
2010-08-03 08:13:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-01 14:40:00 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-01 13:30:23 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-01 13:30:23 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-01 13:30:23 ----A---- C:\WINDOWS\system32\java.exe
2010-08-01 13:30:23 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-28 19:59:15 ----D---- C:\WINDOWS\temp
2010-07-28 18:22:50 ----A---- C:\Boot.bak
2010-07-28 18:22:45 ----RASHD---- C:\cmdcons
2010-07-28 18:19:34 ----A---- C:\WINDOWS\zip.exe
2010-07-28 18:19:34 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-28 18:19:34 ----A---- C:\WINDOWS\SWSC.exe
2010-07-28 18:19:34 ----A---- C:\WINDOWS\SWREG.exe
2010-07-28 18:19:34 ----A---- C:\WINDOWS\sed.exe
2010-07-28 18:19:34 ----A---- C:\WINDOWS\PEV.exe
2010-07-28 18:19:34 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-28 18:19:34 ----A---- C:\WINDOWS\MBR.exe
2010-07-28 18:19:34 ----A---- C:\WINDOWS\grep.exe
2010-07-28 18:19:24 ----D---- C:\WINDOWS\ERDNT
2010-07-28 18:19:00 ----D---- C:\Qoobox
2010-07-28 18:01:48 ----A---- C:\WINDOWS\system32\drivers\hitmanpro35.sys
2010-07-28 18:01:35 ----D---- C:\Documents and Settings\All Users\Application Data\Hitman Pro
2010-07-28 18:01:34 ----D---- C:\Program Files\Hitman Pro 3.5
2010-07-28 17:41:44 ----A---- C:\TDSSKiller.2.4.0.0_28.07.2010_17.41.44_log.txt
2010-07-25 06:56:28 ----D---- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2010-07-25 06:56:19 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-25 06:56:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-25 06:56:17 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-22 10:20:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-07-22 10:20:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2010-08-21 19:49:23 ----RD---- C:\Program Files
2010-08-21 19:48:58 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-08-21 19:47:21 ----A---- C:\WINDOWS\ModemLog_SoftV90 Data Fax Modem with SmartCP.txt
2010-08-21 19:22:27 ----D---- C:\Program Files\Mozilla Thunderbird
2010-08-17 07:37:35 ----D---- C:\WINDOWS\system32\drivers
2010-08-17 07:04:21 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-15 13:11:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-15 10:14:01 ----D---- C:\WINDOWS\Prefetch
2010-08-15 10:10:07 ----N---- C:\WINDOWS\system.ini
2010-08-15 10:10:07 ----D---- C:\WINDOWS
2010-08-15 10:06:24 ----D---- C:\WINDOWS\system32
2010-08-15 10:06:24 ----D---- C:\WINDOWS\AppPatch
2010-08-15 10:06:22 ----D---- C:\Program Files\Common Files
2010-08-13 16:42:23 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-13 16:21:08 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-08-13 16:18:26 ----D---- C:\WINDOWS\system32\config
2010-08-12 16:52:07 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-12 08:35:10 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-12 08:35:00 ----RSD---- C:\WINDOWS\assembly
2010-08-12 08:27:06 ----HD---- C:\WINDOWS\inf
2010-08-12 08:26:50 ----D---- C:\WINDOWS\system32\en-US
2010-08-12 08:26:50 ----D---- C:\Program Files\Internet Explorer
2010-08-12 08:26:02 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-12 08:25:18 ----SHD---- C:\WINDOWS\Installer
2010-08-12 08:25:18 ----D---- C:\Config.Msi
2010-08-12 08:24:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-12 08:23:58 ----D---- C:\WINDOWS\WinSxS
2010-08-12 08:18:42 ----D---- C:\WINDOWS\Debug
2010-08-12 08:18:22 ----D---- C:\Program Files\Movie Maker
2010-08-11 11:50:32 ----D---- C:\Documents and Settings\Michael\Application Data\Juniper Networks
2010-08-06 20:41:16 ----SHD---- C:\System Volume Information
2010-08-06 20:28:22 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-08-06 20:27:51 ----D---- C:\Program Files\Kaspersky Lab
2010-08-03 19:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-28 19:58:40 ----SD---- C:\WINDOWS\Tasks
2010-07-28 18:22:50 ----RASH---- C:\BOOT.INI
2010-07-28 17:56:41 ----D---- C:\Program Files\Freecorder
2010-07-28 09:24:05 ----D---- C:\Program Files\Mozilla Firefox
2010-07-27 07:30:35 ----A---- C:\WINDOWS\system32\shell32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
R0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
R0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 kl1;kl1; C:\WINDOWS\system32\DRIVERS\kl1.sys [2010-06-09 132184]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-06-04 43872]
R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
R0 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kl2;kl2; C:\WINDOWS\system32\DRIVERS\kl2.sys [2010-06-09 11352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-06-22 482392]
R1 RapportBuka;RapportBuka; \??\C:\WINDOWS\system32\drivers\RapportBuka.sys []
R1 RapportKELL;RapportKELL; \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys []
R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15.sys;int15.sys; \??\C:\Program Files\Acer\eRecovery\int15.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2010-01-06 1596768]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-12-15 207232]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 KMWDFILTER;HIDUASDesc; C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-02-05 6144]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 POWERKEY;POWERKEY; \??\C:\Program Files\Launch Manager\POWERKEY.sys []
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-04 193216]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S1 mailKmd;mailKmd; C:\WINDOWS\system32\drivers\mailKmd.sys []
S1 Wbutton;Wbutton; C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-01-10 449888]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-22 369024]
S3 catchme;catchme; \??\C:\DOCUME~1\Michael\LOCALS~1\Temp\catchme.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 humaxfl;HUMAX - Filter Driver; C:\WINDOWS\system32\DRIVERS\humaxfl.sys [2004-06-25 19584]
S3 humaxst;HUMAX - Stub Driver; C:\WINDOWS\system32\DRIVERS\humaxst.sys [2004-06-25 2944]
S3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-11-02 19472]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 SE26bus;Sony Ericsson Device 038 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE26bus.sys [2006-05-01 61600]
S3 SE26mdfl;Sony Ericsson Device 038 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE26mdfl.sys [2006-05-01 9360]
S3 SE26mdm;Sony Ericsson Device 038 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE26mdm.sys [2006-05-01 97184]
S3 SE26mgmt;Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE26mgmt.sys [2006-05-01 88688]
S3 se26nd5;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS); C:\WINDOWS\system32\DRIVERS\se26nd5.sys [2006-08-28 18704]
S3 SE26obex;Sony Ericsson Device 038 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE26obex.sys [2006-08-28 86560]
S3 se26unic;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM); C:\WINDOWS\system32\DRIVERS\se26unic.sys [2006-05-01 90768]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-06-28 42752]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass-Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2005-06-06 1273344]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 AVP;Kaspersky Anti-Virus Service; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-07-01 357096]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\Diskeeper\DkService.exe [2005-07-26 606316]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-04-15 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DfSdkS;Defragmentation-Service; D:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.08 2010-08-21 19:54:42

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eManager for Notebook-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer ePowerManagement-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
AMUST Disk Cleaner 1.0-->"C:\Program Files\AMUST\Disk Cleaner\unins000.exe"
AMUST Registry Cleaner-->"C:\Program Files\AMUST\Registry Cleaner\unins000.exe"
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:D:\Program Files\FLV Player\Uninstall\uninstall.xml"
Arcade 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
Ashampoo WinOptimizer 6.60-->"D:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\unins000.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AutoStreamer-->MsiExec.exe /X{D9CDB463-BB48-4B80-B1B6-5B940A4621E0}
BBC iPlayer Desktop-->msiexec /qb /x {BEA18030-8B42-1286-EF64-CDA6BD083888}
BBC iPlayer Desktop-->MsiExec.exe /I{BEA18030-8B42-1286-EF64-CDA6BD083888}
CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
ConvertHelper 2.1-->"C:\Program Files\ConvertHelper\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CuteFTP 6 Home-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E6B1F8A7-2EF2-47DC-B7D4-BA7E0C885D56}
Disc2Phone-->MsiExec.exe /X{C01408FC-117C-44B7-8B0C-17794E526A01}
Diskeeper Home Edition-->MsiExec.exe /X{8F66DDC0-5674-4286-A6A8-2AD67E6CF081}
Freecorder 4.0 Application-->"C:\WINDOWS\Freecorder\uninstall.exe" "/U:D:\Program Files\Freecorder\Uninstall\uninstall.xml"
Freecorder Toolbar-->C:\PROGRA~1\FREECO~1\UNWISE.EXE /U C:\PROGRA~1\FREECO~1\INSTALL.LOG
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 1.99.1-->D:\Downloads\Kaspersky\HijackThis.exe /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
ImageMixer VCD2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}
Jali Designer v1.13-->"D:\Jali Designer\unins000.exe"
Java™ 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Kaspersky Internet Security 2011-->MsiExec.exe /I{66F1F013-008F-4875-B283-5A814B820347}
Kaspersky Internet Security 2011-->MsiExec.exe /I{66F1F013-008F-4875-B283-5A814B820347}
Launch Manager V1.0.8.8-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\SETUP.EXE" -l0x9
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media eLinker-->D:\Program Files\Humax Digital\Media eLinker\uninstall.exe
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Suite 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=SUITE VERSION=11
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.24)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NTI Backup NOW! 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{ED79C7E1-386E-4C12-81C7-8FEFB6D396B5} /l1033 BUN4
NTI CD & DVD-Maker Gold-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{65C39C99-F2C0-4286-A37A-23182E9A5E8E} /l1033 CDM7
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime Alternative 1.70-->"D:\Program Files\QuickTime Alternative\unins000.exe"
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Rapport-->msiexec /x{1DD81E7D-0D28-4ceb-87B2-C041A4FCB215} /lvx+ "C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\logs\uninstall.log"
Rapport-->MsiExec.exe /X{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Sage Accounts V11.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9B4F367E-94AD-40A4-8060-460CE4A98C45}
Sage MIS 3.01-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Informer50\Uninst.isu"
Security Update for Windows Internet Explorer 7 (KB2183461)-->"C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
SoftV90 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025\HXFSETUP.EXE -U -IVEN_8086&DEV_266D&SUBSYS_006A1025
Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers-->MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite-->MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Theorica Divx ;-) Codecs (remove only)-->D:\Program Files\Theorica Divx ;-) Codecs\Uninstall.exe
TMPGEnc DVD Author 2.0-->MsiExec.exe /I{F8BB72FB-615E-4CF6-963D-B37550D4639E}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: Kaspersky Internet Security (disabled)
FW: Kaspersky Internet Security (disabled)

======System event log======

Computer Name: ACER-684C9A655D
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
ql1080

Record Number: 77979
Source Name: Service Control Manager
Time Written: 20100716191619.000000+060
Event Type: error
User:

Computer Name: ACER-684C9A655D
Event Code: 1002
Message: The IP address lease 192.168.0.4 for the Network Card with network address 0014A45D5347 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 77977
Source Name: Dhcp
Time Written: 20100716191543.000000+060
Event Type: error
User:

Computer Name: ACER-684C9A655D
Event Code: 1002
Message: The IP address lease 192.168.0.2 for the Network Card with network address 000AE4EDC8E6 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 77971
Source Name: Dhcp
Time Written: 20100716191149.000000+060
Event Type: error
User:

Computer Name: ACER-684C9A655D
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0014A45D5347. The IP address being used is 169.254.49.24.

Record Number: 77952
Source Name: Dhcp
Time Written: 20100715180301.000000+060
Event Type: warning
User:

Computer Name: ACER-684C9A655D
Event Code: 1002
Message: The IP address lease 192.168.0.2 for the Network Card with network address 000AE4EDC8E6 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 77931
Source Name: Dhcp
Time Written: 20100715180018.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: ACER-684C9A655D
Event Code: 1
Message:
Record Number: 18980
Source Name: OviSuite
Time Written: 20100711143018.000000+060
Event Type: error
User:

Computer Name: ACER-684C9A655D
Event Code: 1
Message:
Record Number: 18979
Source Name: OviSuite
Time Written: 20100711143018.000000+060
Event Type: error
User:

Computer Name: ACER-684C9A655D
Event Code: 1
Message:
Record Number: 18978
Source Name: OviSuite
Time Written: 20100711143018.000000+060
Event Type: error
User:

Computer Name: ACER-684C9A655D
Event Code: 1
Message:
Record Number: 18977
Source Name: OviSuite
Time Written: 20100711143018.000000+060
Event Type: error
User:

Computer Name: ACER-684C9A655D
Event Code: 1
Message:
Record Number: 18976
Source Name: OviSuite
Time Written: 20100711143018.000000+060
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Executive Software\Diskeeper;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Teleca Shared;D:\Program Files\QuickTime Alternative\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Gmer ran OK.

Log is here:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-21 20:02:57
Windows 5.1.2600 Service Pack 3
Running: d0e8b8tf.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\awrcqkog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA86D9E5E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xA8541D82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xA86DA754]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xA86DB580]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xA86DBACA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xA854248E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xA86D8CD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xA86DB9B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xA86D9A4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xA86DB884]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xA86D9BF6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xA86DBBEA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xA86DA3DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xA86DB91A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xA86DD2C6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xA85425DA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xA8545D54]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xA8545D86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xA86DAEB2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xA86DE4DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xA86D97DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA86D9872]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xA86DACC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xA86DD3B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xA86D8CAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xA86D8CBE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xA86DDB2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xA86D999E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xA86DBB60]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xA854253E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xA86D8E90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xA86DBA40]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenProcess [0xA8541EC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xA86DD8C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xA86DBC80]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xA85420B8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xA85421EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xA86D990A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xA86D9542]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xA86DDE66]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xA8545E5E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xA86DD758]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xA8545DC8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xA8545DFA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xA86DBFE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xA86DBEAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xA86DD060]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xA8545E2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xA86DE380]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xA86D867E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xA86DB2CA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xA8541D30]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xA854263A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xA86DC908]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xA86DD556]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xA86DDFB6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetValueKey [0xA8545CEC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xA86DE0A8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xA8541CD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xA86DD1EA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateProcess [0xA8541C30]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xA8541C78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xA86DDD0A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xA86DA314]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9FA0 5 Bytes JMP A86CC90C \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE87E 5 Bytes JMP A86CCCE4 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2508 80501D40 12 Bytes [B8, D3, 6D, A8, AC, 8C, 6D, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 25A8 80501DE0 4 Bytes JMP 86A85421
.text ntkrnlpa.exe!ZwCallbackReturn + 2684 80501EBC 16 Bytes [C8, 5D, 54, A8, FA, 5D, 54, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2778 80501FB0 12 Bytes [A8, E0, 6D, A8, D4, 1C, 54, ...] {TEST AL, 0xe0; INSD ; TEST AL, 0xd4; SBB AL, 0x54; TEST AL, 0xea; SHR DWORD [EBP-0x58], 0x1}

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1968] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1968] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1968] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [E0, 13, 46, 6C] {LOOPNZ 0x15; INC ESI; INSB }
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[4028] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[4028] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[4028] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [E0, 13, 46, 6C] {LOOPNZ 0x15; INC ESI; INSB }

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Again I don't know if it's significant but since running these programs Windows has twice told me it's recovered from a serious error whilst reading my hard disk.

I wasn't sure whether to attach the logs or paste them here so hope the above is OK.

Thanks again for your support.

Mike

#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:05:32 AM

Posted 22 August 2010 - 11:11 AM

Hello, Mike JT.
The error you got is probably due to the GMER run, since GMER can sometimes be unstable. Copying and pasting the logs is fine smile.gif

What problems are you having with your system?

It appears that you have previous run Combofix. Please post up the results of the combofix log located at c:\Combofix.txt

Also, I would like to bring to your attention Combofix's disclaimer:
QUOTE
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

Running Combofix without a helper's instructions can render your computer unbootable. See this topic for more information on Combofix. If you are getting help elsewhere, let me know so we can avoid confusion.


In your next reply, please include the following:
  • Combofix.txt
  • If you are being helped elsewhere

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#8 Mike JT

Mike JT
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 23 August 2010 - 02:53 AM

I ran ComboFix at the request of Kaspersky Labs. They had been helping me but I have heard nothing from them for some time.

My apologies as I failed to mention this before.

I have attached the combofix log as asked, here:

ComboFix 10-08-12.03 - Michael 13/08/2010 16:21:02.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1526.1147 [GMT 1:00]
Running from: c:\documents and settings\Michael\Desktop\555.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\DRIVERS\ql1080.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-07-13 to 2010-08-13 )))))))))))))))))))))))))))))))
.

2010-08-13 15:16 . 2001-08-17 13:52 40320 ----a-w- c:\windows\system32\drivers\ql1080.sys
2010-08-13 15:16 . 2001-08-17 13:52 40320 ----a-w- c:\windows\system32\dllcache\ql1080.sys
2010-08-06 19:41 . 2010-08-06 19:41 404152 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\mcouas.dll
2010-08-06 19:41 . 2010-08-06 19:41 166584 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\klwtblc.dll
2010-08-06 19:41 . 2010-08-06 19:41 125624 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\shellex.dll
2010-08-06 19:41 . 2010-08-06 19:41 113336 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\sbstart.exe
2010-08-06 19:41 . 2010-08-06 19:41 129720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\shellex.dll
2010-08-06 19:41 . 2010-08-06 19:41 113336 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\sbstart.exe
2010-08-06 19:41 . 2010-08-06 19:41 404152 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\mcouas.dll
2010-08-06 19:41 . 2010-08-06 19:41 170680 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\klwtblc.dll
2010-08-06 19:36 . 2010-08-06 19:36 283984 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-08-06 19:28 . 2010-08-06 19:28 -------- d--h--we c:\documents and settings\All Users\AVP11
2010-08-01 13:40 . 2010-08-01 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-01 12:30 . 2010-08-01 12:30 503808 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-25956d49-n\msvcp71.dll
2010-08-01 12:30 . 2010-08-01 12:30 499712 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-25956d49-n\jmc.dll
2010-08-01 12:30 . 2010-08-01 12:30 348160 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-25956d49-n\msvcr71.dll
2010-08-01 12:30 . 2010-08-01 12:30 61440 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7aa0f1b9-n\decora-sse.dll
2010-08-01 12:30 . 2010-08-01 12:30 12800 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7aa0f1b9-n\decora-d3d.dll
2010-08-01 12:30 . 2010-08-01 12:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-28 17:01 . 2010-07-29 18:26 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-28 17:01 . 2010-07-28 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-07-28 17:01 . 2010-07-28 17:01 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-07-27 07:14 . 2010-07-27 07:14 69436 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-25 05:56 . 2010-07-25 05:56 -------- d-----w- c:\documents and settings\Michael\Application Data\Malwarebytes
2010-07-25 05:56 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-25 05:56 . 2010-07-25 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-25 05:56 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-22 09:20 . 2010-08-01 12:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-22 09:20 . 2010-08-01 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-14 18:35 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 15:43 . 2009-03-23 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-13 13:52 . 2006-02-21 17:50 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-12 11:29 . 2009-03-08 09:49 1 ----a-w- c:\documents and settings\Michael\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-11 10:50 . 2009-09-04 19:22 -------- d-----w- c:\documents and settings\Michael\Application Data\Juniper Networks
2010-08-06 19:41 . 2010-06-28 18:47 283984 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\avengine.dll
2010-08-06 19:41 . 2010-06-12 18:32 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-08-06 19:41 . 2010-06-12 18:32 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-08-06 19:28 . 2009-02-21 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-08-06 19:27 . 2010-06-12 18:31 -------- d-----w- c:\program files\Kaspersky Lab
2010-07-28 16:56 . 2010-05-20 19:03 -------- d-----w- c:\program files\Freecorder
2010-07-11 14:36 . 2006-02-05 19:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-02 14:56 . 2010-07-02 14:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-01 20:35 . 2010-07-01 20:35 228024 ----a-w- c:\windows\system32\klogon.dll
2010-07-01 19:01 . 2010-07-01 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-07-01 19:01 . 2010-07-01 19:01 -------- d-----w- c:\documents and settings\Michael\Application Data\PC Suite
2010-07-01 18:57 . 2010-07-01 18:54 -------- d-----w- c:\program files\Nokia
2010-07-01 18:57 . 2010-07-01 18:57 -------- d-----w- c:\program files\DIFX
2010-07-01 18:56 . 2010-07-01 18:55 12212040 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-07-01 18:55 . 2010-07-01 18:55 13930312 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-07-01 18:55 . 2010-07-01 18:55 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-07-01 18:55 . 2010-07-01 18:55 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-07-01 18:55 . 2010-07-01 18:55 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-07-01 18:55 . 2010-07-01 18:55 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-07-01 18:54 . 2010-07-01 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-07-01 18:53 . 2010-07-01 18:55 103404272 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-07-01 18:22 . 2010-07-01 18:22 68256 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\english\setup.exe
2010-07-01 07:06 . 2010-07-01 07:06 1037648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-06-30 12:31 . 1980-01-01 00:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 06:06 . 2010-06-30 06:06 271696 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-06-27 08:09 . 2008-11-07 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-24 12:15 . 1980-01-01 00:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 1980-01-01 00:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 1980-01-01 00:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 1980-01-01 00:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1980-01-01 00:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 1980-01-01 00:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-09-14 13:03 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 1980-01-01 00:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 18:35 . 2010-06-10 18:35 7931112 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\tmp\dn_000004f0_00008165\RapportSetup-Full.exe
2010-06-09 16:43 . 2010-06-09 16:43 11352 ----a-w- c:\windows\system32\drivers\kl2.sys
2010-06-09 16:43 . 2010-06-09 16:43 132184 ----a-w- c:\windows\system32\drivers\kl1.sys
2002-04-16 11:27 . 2002-04-16 11:27 5 --sha-w- c:\windows\system32\CdI5T.drv
2010-03-26 19:16 . 2010-03-26 11:12 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-26 19:16 . 2010-03-26 11:12 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2010-07-28 2515552]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2010-07-28 16:57 2515552 ----a-w- c:\program files\Freecorder\tbFre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2010-07-28 2515552]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre1.dll" [2010-07-28 2515552]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 192512]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-09 49152]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-06-06 69632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920]
"DiskeeperSystray"="c:\program files\Executive Software\Diskeeper\DkIcon.exe" [2005-07-26 184408]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task"="d:\program files\QuickTime Alternative\QTTask.exe" [2010-03-17 421888]
"Freecorder FLV Service"="d:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-07-01 357096]

c:\documents and settings\Michael\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\docume~1\ALLUSE~1\AVP11\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2005-06-29 17:26 352256 ----a-w- c:\program files\acer\eRecovery\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 14:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 17:43 11352]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [02/03/2010 20:00 390528]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 14:47 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 14:47 116328]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [05/02/2006 02:34 2343]
S1 mailKmd;mailKmd; [x]
S3 DfSdkS;Defragmentation-Service;d:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [11/06/2010 14:34 406016]
S3 humaxfl;HUMAX - Filter Driver;c:\windows\system32\drivers\humaxfl.sys [25/06/2004 02:31 19584]
S3 humaxst;HUMAX - Stub Driver;c:\windows\system32\drivers\humaxst.sys [25/06/2004 02:31 2944]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]
.
Contents of the 'Scheduled Tasks' folder

2010-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]

2008-01-13 c:\windows\Tasks\Michael backup.job
- c:\program files\AMUST\Registry Cleaner\RegCleaner.exe [2008-01-13 17:13]

2008-01-13 c:\windows\Tasks\Michael scan and fix.job
- c:\program files\AMUST\Registry Cleaner\RegCleaner.exe [2008-01-13 17:13]

2010-06-11 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-01-13 09:31]

2008-01-13 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-01-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.plus.net/index_nlp.html
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC}
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\
FF - prefs.js: browser.startup.homepage - hxxp://portal.plus.net/index_nlp.html
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-DriverMax_RESTART - d:\program files\Innovative Solutions\DriverMax\devices.exe



**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(504)
c:\windows\system32\WININET.dll
c:\documents and settings\Michael\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\program files\CyberLink\Shared Files\CLRCEngine.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\acer\eManager\anbmServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Completion time: 2010-08-13 16:50:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-13 15:50
ComboFix2.txt 2010-07-29 08:38
ComboFix3.txt 2010-07-28 18:59

Pre-Run: 5,151,948,800 bytes free
Post-Run: 5,252,898,816 bytes free

- - End Of File - - 72EEB8BECE0C40B8E8B8C0D99A0D1166

Kaspersky also sent me a diagnostic tool called avz4 - this again produced a number of logs. As I say since posting these I've heard nothing back from Kaspersky - not sure if they will reply or not wacko.gif

I'm getting pretty desperate as I depend on the pc.

My problems (at least those I've observed) are as follows.

If I do a Google search the search results are displayed as normal. When I click on a search result link for the first time my browser is taken not to that site but to an apparently random search engine. This is not always the same site. What I have noticed is that the redirect seems to come via one of 2 IP addresses - 65.60.9.238 or 72.233.76.66.

If I close that unwanted tab/link and click on the google search result link a second time then the page I require is displayed.

My second problem is that a second copy of my web browser sometimes randomly opens - always displaying what appears to be the google search screen.

My worry with all this is just what is on my pc and what is it doing that I don't know about!

Kaspersky Internet Security reports no errors. I have also run a number of other AV programs, including an F Secure Rescue CD, Malwarebytes and Spybot. None of them recognise any problem and yet something isn't right.

I can confirm that I am not receiving any support from elsewhere - and will not make any changes to the computer without your say so.

I am very grateful for the support and time you're providing.

Mike

#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:05:32 AM

Posted 23 August 2010 - 12:31 PM

Hello, Mike JT.
No problem. Glad to help smile.gif

With regards to Kaspersky, if you do happen to receive a response from them, please let them know that you are receiving help elsewhere. Also, be sure not to run anything they ask you to run, since it could cause confusion and interfere with the fixes we do here.

I'm assuming you are still getting redirected, so let's do a few things. First please delete the copy of combofix you have.

We need to download a fresh copy of Combofix
  1. Please download a fresh copy of ComboFix from one of these locations:
    Link 1
    Link 2

NEXT:

We need to run a Combofix script
  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the codebox below into it. Do not copy the word "code".
    CODE
    Driver::
    mailKmd
  4. Save this as CFScript.txt, in the same location as ComboFix.exe
  5. Now, drag and drop CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

NEXT:

We need to run a custom OTL scan
  1. Please run OTL on your desktop.
  2. Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not copy the word "code".
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  3. Click the Run Scan button
  4. A report will open. Copy and Paste that report in your next reply.

In your next reply, please include the following:
  • ComboFix.txt
  • OTL Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#10 Mike JT

Mike JT
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 23 August 2010 - 02:38 PM

Hi,

Combofix log is here:

ComboFix 10-08-22.07 - Michael 23/08/2010 20:07:05.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1526.1137 [GMT 1:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Michael\Favorites\Grants Available for Cavity Wall Insulation and Loft Insulation..url

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_mailKmd


((((((((((((((((((((((((( Files Created from 2010-07-23 to 2010-08-23 )))))))))))))))))))))))))))))))
.

2010-08-21 18:49 . 2010-08-21 18:54 -------- d-----w- C:\rsit
2010-08-21 18:49 . 2010-08-21 18:54 -------- d-----w- c:\program files\trend micro
2010-08-14 09:01 . 2010-08-14 09:59 -------- d-----w- C:\555
2010-08-13 15:16 . 2001-08-17 13:52 40320 ----a-w- c:\windows\system32\drivers\ql1080.sys
2010-08-13 15:16 . 2001-08-17 13:52 40320 ----a-w- c:\windows\system32\dllcache\ql1080.sys
2010-08-06 19:41 . 2010-08-06 19:41 404152 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\mcouas.dll
2010-08-06 19:41 . 2010-08-06 19:41 166584 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\klwtblc.dll
2010-08-06 19:41 . 2010-08-06 19:41 125624 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\shellex.dll
2010-08-06 19:41 . 2010-08-06 19:41 113336 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\sbstart.exe
2010-08-06 19:41 . 2010-08-06 19:41 129720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\shellex.dll
2010-08-06 19:41 . 2010-08-06 19:41 113336 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\sbstart.exe
2010-08-06 19:41 . 2010-08-06 19:41 404152 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\mcouas.dll
2010-08-06 19:41 . 2010-08-06 19:41 170680 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\klwtblc.dll
2010-08-06 19:36 . 2010-08-06 19:36 283984 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-08-06 19:28 . 2010-08-06 19:28 -------- d--h--we c:\documents and settings\All Users\AVP11
2010-08-01 13:40 . 2010-08-01 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-01 12:30 . 2010-08-01 12:30 503808 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-25956d49-n\msvcp71.dll
2010-08-01 12:30 . 2010-08-01 12:30 499712 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-25956d49-n\jmc.dll
2010-08-01 12:30 . 2010-08-01 12:30 348160 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-25956d49-n\msvcr71.dll
2010-08-01 12:30 . 2010-08-01 12:30 61440 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7aa0f1b9-n\decora-sse.dll
2010-08-01 12:30 . 2010-08-01 12:30 12800 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7aa0f1b9-n\decora-d3d.dll
2010-08-01 12:30 . 2010-08-01 12:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-28 17:01 . 2010-07-29 18:26 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-28 17:01 . 2010-07-28 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-07-28 17:01 . 2010-07-28 17:01 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-07-27 07:14 . 2010-07-27 07:14 69436 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-25 05:56 . 2010-07-25 05:56 -------- d-----w- c:\documents and settings\Michael\Application Data\Malwarebytes
2010-07-25 05:56 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-25 05:56 . 2010-07-25 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-25 05:56 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 19:21 . 2009-03-23 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-23 07:32 . 2006-02-21 17:50 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-17 06:01 . 2009-03-08 09:49 1 ----a-w- c:\documents and settings\Michael\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-11 10:50 . 2009-09-04 19:22 -------- d-----w- c:\documents and settings\Michael\Application Data\Juniper Networks
2010-08-06 19:41 . 2010-06-28 18:47 283984 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\avengine.dll
2010-08-06 19:41 . 2010-06-12 18:32 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-08-06 19:41 . 2010-06-12 18:32 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-08-06 19:28 . 2009-02-21 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-08-06 19:27 . 2010-06-12 18:31 -------- d-----w- c:\program files\Kaspersky Lab
2010-08-01 12:33 . 2010-07-22 09:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-01 12:14 . 2010-07-22 09:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-28 16:56 . 2010-05-20 19:03 -------- d-----w- c:\program files\Freecorder
2010-07-11 14:36 . 2006-02-05 19:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-02 14:56 . 2010-07-02 14:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-01 20:35 . 2010-07-01 20:35 228024 ----a-w- c:\windows\system32\klogon.dll
2010-07-01 19:01 . 2010-07-01 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-07-01 19:01 . 2010-07-01 19:01 -------- d-----w- c:\documents and settings\Michael\Application Data\PC Suite
2010-07-01 18:57 . 2010-07-01 18:54 -------- d-----w- c:\program files\Nokia
2010-07-01 18:57 . 2010-07-01 18:57 -------- d-----w- c:\program files\DIFX
2010-07-01 18:56 . 2010-07-01 18:55 12212040 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-07-01 18:55 . 2010-07-01 18:55 13930312 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-07-01 18:55 . 2010-07-01 18:55 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-07-01 18:55 . 2010-07-01 18:55 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-07-01 18:55 . 2010-07-01 18:55 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-07-01 18:55 . 2010-07-01 18:55 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-07-01 18:54 . 2010-07-01 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-07-01 18:53 . 2010-07-01 18:55 103404272 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-07-01 18:22 . 2010-07-01 18:22 68256 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\english\setup.exe
2010-07-01 07:06 . 2010-07-01 07:06 1037648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-06-30 12:31 . 1980-01-01 00:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 06:06 . 2010-06-30 06:06 271696 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-06-27 08:09 . 2008-11-07 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-24 12:15 . 1980-01-01 00:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 1980-01-01 00:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 1980-01-01 00:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 1980-01-01 00:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1980-01-01 00:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 1980-01-01 00:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-09-14 13:03 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 1980-01-01 00:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 18:35 . 2010-06-10 18:35 7931112 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\tmp\dn_000004f0_00008165\RapportSetup-Full.exe
2010-06-09 16:43 . 2010-06-09 16:43 11352 ----a-w- c:\windows\system32\drivers\kl2.sys
2010-06-09 16:43 . 2010-06-09 16:43 132184 ----a-w- c:\windows\system32\drivers\kl1.sys
2002-04-16 11:27 . 2002-04-16 11:27 5 --sha-w- c:\windows\system32\CdI5T.drv
2010-03-26 19:16 . 2010-03-26 11:12 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-26 19:16 . 2010-03-26 11:12 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2010-07-28 2515552]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2010-07-28 16:57 2515552 ----a-w- c:\program files\Freecorder\tbFre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2010-07-28 2515552]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre1.dll" [2010-07-28 2515552]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 192512]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-09 49152]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-06-06 69632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920]
"DiskeeperSystray"="c:\program files\Executive Software\Diskeeper\DkIcon.exe" [2005-07-26 184408]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task"="d:\program files\QuickTime Alternative\QTTask.exe" [2010-03-17 421888]
"Freecorder FLV Service"="d:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-07-01 357096]

c:\documents and settings\Michael\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\docume~1\ALLUSE~1\AVP11\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2005-06-29 17:26 352256 ----a-w- c:\program files\acer\eRecovery\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 14:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 17:43 11352]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [02/03/2010 20:00 390528]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 14:47 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 14:47 116328]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [05/02/2006 02:34 2343]
S3 DfSdkS;Defragmentation-Service;d:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [11/06/2010 14:34 406016]
S3 humaxfl;HUMAX - Filter Driver;c:\windows\system32\drivers\humaxfl.sys [25/06/2004 02:31 19584]
S3 humaxst;HUMAX - Stub Driver;c:\windows\system32\drivers\humaxst.sys [25/06/2004 02:31 2944]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]
.
Contents of the 'Scheduled Tasks' folder

2010-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]

2008-01-13 c:\windows\Tasks\Michael backup.job
- c:\program files\AMUST\Registry Cleaner\RegCleaner.exe [2008-01-13 17:13]

2008-01-13 c:\windows\Tasks\Michael scan and fix.job
- c:\program files\AMUST\Registry Cleaner\RegCleaner.exe [2008-01-13 17:13]

2010-06-11 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-01-13 09:31]

2008-01-13 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-01-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.plus.net/index_nlp.html
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC}
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\
FF - prefs.js: browser.startup.homepage - hxxp://portal.plus.net/index_nlp.html
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5104)
c:\windows\system32\WININET.dll
c:\documents and settings\Michael\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\program files\CyberLink\Shared Files\CLRCEngine.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\acer\eManager\anbmServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-23 20:24:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-23 19:24
ComboFix2.txt 2010-08-15 09:13
ComboFix3.txt 2010-08-14 10:22
ComboFix4.txt 2010-08-13 15:50
ComboFix5.txt 2010-08-23 18:55

Pre-Run: 5,256,425,472 bytes free
Post-Run: 5,301,276,672 bytes free

- - End Of File - - F2547FCA8F43101A06FB648FE7371D75


OTL produced 2 logs - one called OTL and 1 called Extras.

OTL log is here:

OTL logfile created on: 23/08/2010 20:27:04 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.62 Gb Total Space | 4.96 Gb Free Space | 13.93% Space Free | Partition Type: NTFS
Drive D: | 36.00 Gb Total Space | 9.18 Gb Free Space | 25.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 2.93 Gb Total Space | 0.77 Gb Free Space | 26.18% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-684C9A655D
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/23 19:50:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2010/07/01 21:39:08 | 000,357,096 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/11/15 20:59:11 | 000,158,752 | ---- | M] (Applian Technologies, Inc.) -- D:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/26 18:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2005/07/25 14:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe
PRC - [2005/07/25 14:34:28 | 000,081,920 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2005/07/25 11:45:00 | 000,241,664 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exe
PRC - [2005/06/06 20:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2005/06/06 12:52:10 | 000,069,632 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2005/06/01 15:17:08 | 000,192,512 | ---- | M] (Acer Inc) -- C:\Acer\ePM\epm-dm.exe
PRC - [2005/04/15 12:01:46 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/03/09 19:59:26 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Arcade\PCMService.exe
PRC - [2005/02/04 12:12:58 | 000,102,490 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2002/08/30 16:02:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Launch Manager\Powerkey.exe


========== Modules (SafeList) ==========

MOD - [2010/08/23 20:18:57 | 000,012,800 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Michael\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2010/08/23 19:50:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
MOD - [2008/04/14 01:11:56 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2008/04/14 01:11:54 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/02/04 12:12:50 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/27 17:42:36 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Shared Files\CLRCEngine.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/01 21:39:08 | 000,357,096 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- D:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe -- (DfSdkS)
SRV - [2005/07/26 18:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/06/06 20:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\Wbutton.sys -- (Wbutton)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/06/22 19:24:00 | 000,482,392 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (kl1)
DRV - [2010/03/15 14:47:30 | 000,116,328 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/03/15 14:47:30 | 000,058,984 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2010/03/02 20:00:27 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)
DRV - [2010/01/06 18:09:40 | 001,596,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/03/25 14:29:52 | 000,130,432 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/10/09 14:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/04/13 19:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/04/03 14:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 14:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 14:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 14:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 14:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 14:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 14:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2006/08/28 15:23:00 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE26obex.sys -- (SE26obex)
DRV - [2006/08/28 15:22:58 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se26nd5.sys -- (se26nd5) Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS)
DRV - [2006/05/01 13:49:50 | 000,088,688 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE26mgmt.sys -- (SE26mgmt) Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM)
DRV - [2006/05/01 13:49:00 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE26mdm.sys -- (SE26mdm)
DRV - [2006/05/01 13:48:56 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE26mdfl.sys -- (SE26mdfl)
DRV - [2006/05/01 13:48:04 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE26bus.sys -- (SE26bus) Sony Ericsson Device 038 Driver driver (WDM)
DRV - [2006/05/01 13:47:24 | 000,090,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se26unic.sys -- (se26unic) Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM)
DRV - [2006/02/05 02:36:26 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005/04/19 11:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/07 19:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/03/04 17:37:26 | 000,008,704 | ---- | M] (Avocent/OSA Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/02/04 11:59:46 | 000,193,216 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/01/14 16:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 15:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2005/01/10 16:47:14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/22 02:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/12/17 18:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/15 16:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/15 16:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 16:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/07/19 14:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2004/06/28 13:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2004/06/25 02:31:28 | 000,019,584 | ---- | M] (HUMAX Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\humaxfl.sys -- (humaxfl)
DRV - [2004/06/25 02:31:28 | 000,002,944 | ---- | M] (HUMAX Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\humaxst.sys -- (humaxst)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/12/05 19:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/04/28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2000/12/19 19:29:52 | 000,002,343 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Launch Manager\POWERKEY.SYS -- (POWERKEY)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={sea...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portal.plus.net/index_nlp.html
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://portal.plus.net/index_nlp.html"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.6.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/04 07:38:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/01 13:30:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/08/06 20:28:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/07/11 15:36:58 | 000,000,000 | ---D | M]

[2008/07/07 11:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2010/08/21 19:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\extensions
[2009/10/30 08:03:51 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/05/20 20:03:45 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2008/06/11 06:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\extensions\{1BCA7BD8-8977-11DC-A9BD-548555D89593}
[2010/04/30 15:52:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/19 18:41:34 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/07/14 07:36:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/11/07 15:37:04 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2008/07/07 11:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\7bzrfkqf.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/08/19 15:09:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/01 13:30:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/06 20:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010/08/06 20:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/08/01 13:29:58 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/19 07:24:15 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/19 07:24:16 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/19 07:24:16 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/19 07:24:16 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/23 20:18:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe (Wistron)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe (Executive Software International, Inc.)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [Freecorder FLV Service] D:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PowerKey] C:\Program Files\Launch Manager\PowerKey.exe ()
O4 - HKLM..\Run: [QuickTime Task] D:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Michael\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.149 213.109.74.115
O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\AVP11\mzvkbd3.dll) - C:\Documents and Settings\All Users\AVP11\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/20 17:17:49 | 000,060,147 | ---- | M] () - D:\AutoData_2009_v3.24.5232812.TPB.torrent -- [ NTFS ]
O32 - AutoRun File - [2004/07/28 14:02:00 | 000,000,346 | ---- | M] () - F:\Autoexec.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/08/23 19:50:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2010/08/23 08:54:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Recent
[2010/08/21 19:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/08/21 19:49:23 | 000,000,000 | ---D | C] -- C:\rsit
[2010/08/17 07:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\avz4
[2010/08/14 10:01:43 | 000,000,000 | ---D | C] -- C:\555
[2010/08/13 16:16:18 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\drivers\ql1080.sys
[2010/08/13 16:16:18 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2010/08/12 16:53:02 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Michael\Desktop\HijackThis.exe
[2010/08/11 08:42:52 | 000,611,624 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Michael\Desktop\getsysteminfo4.exe
[2010/08/06 20:28:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\AVP11
[2010/08/03 08:59:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/01 14:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/01 14:38:23 | 009,190,248 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Michael\Desktop\SUPERAntiSpyware.exe
[2010/08/01 13:30:23 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/01 13:30:23 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/01 13:30:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/01 13:30:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/01 13:30:23 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/28 19:59:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/07/28 18:22:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/28 18:19:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/28 18:19:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/28 18:19:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/28 18:19:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/28 18:19:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/28 18:19:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/28 18:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/28 18:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/07/28 09:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\My Documents\EPA_Zip_pack_May_10
[2010/07/25 06:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Malwarebytes
[2010/07/25 06:56:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/25 06:56:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/25 06:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

========== Files - Modified Within 30 Days ==========

[2010/08/23 20:24:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/23 20:20:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/23 20:18:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/23 20:18:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/23 20:18:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/23 20:18:05 | 1600,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 20:17:24 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\Michael\ntuser.dat
[2010/08/23 20:17:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Michael\ntuser.ini
[2010/08/23 19:51:21 | 003,825,912 | R--- | M] () -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2010/08/23 19:50:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2010/08/22 08:58:48 | 004,844,768 | -H-- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\IconCache.db
[2010/08/21 19:39:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael\defogger_reenable
[2010/08/21 19:36:55 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\RKUnhookerLE.EXE
[2010/08/21 19:36:31 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\d0e8b8tf.exe
[2010/08/21 19:35:47 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\RSIT.exe
[2010/08/21 19:35:12 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Defogger.exe
[2010/08/17 07:00:34 | 006,079,521 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\avz4.zip
[2010/08/12 16:53:02 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Michael\Desktop\HijackThis.exe
[2010/08/12 16:50:46 | 000,124,598 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\GetSystemInfo_ACER-684C9A655D_Michael_2010_08_12_16_48_34.zip
[2010/08/12 10:50:26 | 000,321,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 08:26:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 08:24:45 | 000,510,480 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 08:24:45 | 000,447,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 08:24:45 | 000,073,898 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 08:42:52 | 000,611,624 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Michael\Desktop\getsysteminfo4.exe
[2010/08/10 09:19:40 | 000,013,423 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\B and Q SAR.odt
[2010/08/06 20:41:14 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/08/06 20:41:14 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/08/01 14:38:38 | 009,190,248 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Michael\Desktop\SUPERAntiSpyware.exe
[2010/08/01 13:29:58 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/01 13:29:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/01 13:29:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/01 13:29:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/01 13:29:58 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/29 19:26:56 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/29 19:25:24 | 000,000,098 | ---- | M] () -- C:\WINDOWS\ComponentList.xml
[2010/07/28 18:22:50 | 000,000,264 | RHS- | M] () -- C:\BOOT.INI
[2010/07/28 17:41:07 | 001,108,900 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\tdsskiller.zip
[2010/07/28 09:27:53 | 000,825,084 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\EPA_Zip_pack_May_10.zip
[2010/07/27 08:14:02 | 000,069,436 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/27 07:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/25 06:56:21 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2010/08/23 19:50:58 | 003,825,912 | R--- | C] () -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2010/08/21 19:39:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\defogger_reenable
[2010/08/21 19:36:47 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\RKUnhookerLE.EXE
[2010/08/21 19:36:23 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\d0e8b8tf.exe
[2010/08/21 19:35:38 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\RSIT.exe
[2010/08/21 19:35:04 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Defogger.exe
[2010/08/17 07:00:24 | 006,079,521 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\avz4.zip
[2010/08/15 09:58:49 | 1600,638,976 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/12 16:49:03 | 000,124,598 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\GetSystemInfo_ACER-684C9A655D_Michael_2010_08_12_16_48_34.zip
[2010/08/10 09:19:38 | 000,013,423 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\B and Q SAR.odt
[2010/08/03 08:13:20 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/28 18:22:50 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2010/07/28 18:22:46 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/28 18:19:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/28 18:19:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/28 18:19:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/28 18:19:34 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/28 18:19:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/28 18:01:48 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/28 17:40:41 | 001,108,900 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\tdsskiller.zip
[2010/07/28 09:27:52 | 000,825,084 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\EPA_Zip_pack_May_10.zip
[2010/07/27 08:14:02 | 000,069,436 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/25 06:56:21 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/12 12:43:07 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/01/17 10:10:27 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\housecall.guid.cache
[2008/02/15 15:12:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/01/21 16:33:54 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/01/16 12:55:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2007/09/04 13:30:36 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX3600E.ini
[2006/08/10 15:50:55 | 000,000,477 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/27 20:07:51 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/22 18:34:05 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/27 20:27:50 | 000,000,752 | ---- | C] () -- C:\WINDOWS\ChkMail.Ini
[2006/02/25 12:12:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/02/25 12:09:38 | 000,774,144 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/02/05 02:35:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2005/06/24 11:48:03 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2005/06/20 03:42:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/20 03:17:30 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/06/20 03:16:31 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/06/20 03:16:31 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/06/20 03:16:31 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/06/20 03:16:31 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/06/20 03:09:07 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/06/20 02:39:37 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2005/06/20 02:39:37 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2005/06/20 02:39:37 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/21 12:48:08 | 000,225,280 | ---- | C] () -- C:\WINDOWS\Capsule.dll
[2004/12/17 18:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/09/14 14:01:42 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/24 12:29:56 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\SDOApp.dll
[2004/08/12 12:22:10 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2004/08/12 12:22:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2004/08/12 12:21:44 | 000,086,063 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL
[2004/08/12 12:21:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2004/08/12 12:21:26 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2004/08/12 12:21:20 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2004/08/12 12:21:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2004/08/12 12:21:04 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2004/08/12 12:20:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2004/08/12 12:20:52 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2004/08/12 12:20:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2004/08/12 12:20:42 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2004/08/12 12:20:24 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL
[2004/08/12 12:20:06 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL
[2004/08/12 12:19:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL
[2004/08/12 12:19:54 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL
[2004/08/12 12:19:52 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL
[2004/08/12 12:19:48 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2004/08/12 12:19:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2004/08/10 17:29:02 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2004/08/10 17:27:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\SGREP32.DLL
[2004/07/08 09:19:56 | 000,001,187 | ---- | C] () -- C:\WINDOWS\Sageintl.ini
[2002/11/15 14:11:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2002/10/06 20:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/05 01:04:26 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/05 01:04:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\VORBIS.DLL
[2002/10/05 01:04:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\OGG.DLL
[2002/04/16 12:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[2001/12/26 17:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/10/25 11:53:58 | 000,000,492 | ---- | C] () -- C:\WINDOWS\Sage.ini
[1998/03/26 02:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/10 17:54:56 | 000,097,792 | ---- | M] () -- C:\Balance Sheet.xlt
[2010/06/11 16:03:51 | 000,000,194 | ---- | M] () -- C:\Boot.bak
[2010/07/28 18:22:50 | 000,000,264 | RHS- | M] () -- C:\BOOT.INI
[2004/09/14 13:46:06 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/23 20:24:59 | 000,024,737 | ---- | M] () -- C:\ComboFix.txt
[2010/08/23 20:18:05 | 1600,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2008/01/18 18:45:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/08/12 19:05:22 | 000,111,616 | ---- | M] () -- C:\KPIs.xlt
[2008/01/18 18:45:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/06 11:56:14 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/23 20:18:04 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2005/08/13 14:07:44 | 000,001,202 | -HS- | M] () -- C:\PATCH.REV
[2005/06/20 03:52:18 | 000,000,066 | RHS- | M] () -- C:\PRELOAD.AAA
[2005/06/20 03:52:18 | 000,000,066 | RHS- | M] () -- C:\PRELOAD.REV
[2004/08/11 12:11:06 | 000,076,288 | ---- | M] () -- C:\Profit and Loss.xlt
[2004/08/10 17:55:02 | 000,318,464 | ---- | M] () -- C:\Sales Analysis.xlt
[2006/08/10 15:50:50 | 000,000,479 | ---- | M] () -- C:\sghmmail.ECF
[2010/07/28 17:42:13 | 000,003,078 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_28.07.2010_17.41.44_log.txt
[2004/08/10 17:55:02 | 000,685,056 | ---- | M] () -- C:\Trial Balance.xlt
[2005/06/20 02:40:04 | 000,000,004 | ---- | M] () -- C:\wps.dat

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/07/01 21:35:12 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\klogon.dll
[2008/04/14 01:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/09/14 13:55:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/09/14 13:55:48 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/09/14 13:55:48 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/07/29 19:26:56 | 000,016,968 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\system32\drivers\kl1.sys
[2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\system32\drivers\kl2.sys
[2010/06/22 19:24:00 | 000,482,392 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys
[2010/06/21 16:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C97C8631
< End of report >


and extras log is here:

OTL Extras logfile created on: 23/08/2010 20:27:04 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.62 Gb Total Space | 4.96 Gb Free Space | 13.93% Space Free | Partition Type: NTFS
Drive D: | 36.00 Gb Total Space | 9.18 Gb Free Space | 25.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 2.93 Gb Total Space | 0.77 Gb Free Space | 26.18% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-684C9A655D
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePowerManagement
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D95AD35-368F-47D5-B63A-A082DDF00119}" = Microsoft Digital Image 2006 Suite Edition Editor
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{65C39C99-F2C0-4286-A37A-23182E9A5E8E}" = NTI CD & DVD-Maker
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{691F4068-81BF-49E3-B32E-FE3E16400119}" = Microsoft Digital Image 2006 Suite Edition Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F66DDC0-5674-4286-A6A8-2AD67E6CF081}" = Diskeeper Home Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4F367E-94AD-40A4-8060-460CE4A98C45}" = SageAcc
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BEA18030-8B42-1286-EF64-CDA6BD083888}" = BBC iPlayer Desktop
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.0.8.8
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D9CDB463-BB48-4B80-B1B6-5B940A4621E0}" = AutoStreamer
"{E6B1F8A7-2EF2-47DC-B7D4-BA7E0C885D56}" = CuteFTP 6 Home
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED79C7E1-386E-4C12-81C7-8FEFB6D396B5}" = NTI Backup NOW! 4
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F8BB72FB-615E-4CF6-963D-B37550D4639E}" = TMPGEnc DVD Author 2.0
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AMUST Disk Cleaner_is1" = AMUST Disk Cleaner 1.0
"AMUST Registry Cleaner_is1" = AMUST Registry Cleaner
"Applian FLV Player2.0.24" = Applian FLV Player
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"Audacity_is1" = Audacity 1.2.6
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025" = SoftV90 Data Fax Modem with SmartCP
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.0" = Freecorder 4.0 Application
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{65C39C99-F2C0-4286-A37A-23182E9A5E8E}" = NTI CD & DVD-Maker Gold
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"InstallShield_{9B4F367E-94AD-40A4-8060-460CE4A98C45}" = Sage Accounts V11.00
"InstallShield_{E6B1F8A7-2EF2-47DC-B7D4-BA7E0C885D56}" = CuteFTP 6 Home
"InstallShield_{ED79C7E1-386E-4C12-81C7-8FEFB6D396B5}" = NTI Backup NOW! 4
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Jali Designer_is1" = Jali Designer v1.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media eLinker" = Media eLinker
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItSuite_v11" = Microsoft Digital Image Suite 2006
"QuicktimeAlt_is1" = QuickTime Alternative 1.70
"Rapport_msi" = Rapport
"Sage MIS 3.01" = Sage MIS 3.01
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Theorica Divx ;-) Codecs" = Theorica Divx ;-) Codecs (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/07/2010 11:59:54 | Computer Name = ACER-684C9A655D | Source = OviSuite | ID = 1
Description =

Error - 12/07/2010 14:04:05 | Computer Name = ACER-684C9A655D | Source = OviSuite | ID = 1
Description =

Error - 12/07/2010 14:04:05 | Computer Name = ACER-684C9A655D | Source = OviSuite | ID = 1
Description =

Error - 22/07/2010 05:19:09 | Computer Name = ACER-684C9A655D | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 22/07/2010 05:19:09 | Computer Name = ACER-684C9A655D | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 28/07/2010 06:11:27 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 28/07/2010 06:11:39 | Computer Name = ACER-684C9A655D | Source = Application Error | ID = 1001
Description = Fault bucket 1228256266.

Error - 29/07/2010 14:25:32 | Computer Name = ACER-684C9A655D | Source = PerfDisk | ID = 2001
Description = Unable to read the disk performance information from the system. Disk
performance counters must be enabled for at least one physical disk or logical volume
in order for these counters to appear. Disk performance counters can be enabled
by using the Hardware Device Manager property pages. Status code returned is data
DWORD 0.

Error - 01/08/2010 08:30:28 | Computer Name = ACER-684C9A655D | Source = PerfDisk | ID = 2001
Description = Unable to read the disk performance information from the system. Disk
performance counters must be enabled for at least one physical disk or logical volume
in order for these counters to appear. Disk performance counters can be enabled
by using the Hardware Device Manager property pages. Status code returned is data
DWORD 0.

Error - 01/08/2010 08:33:26 | Computer Name = ACER-684C9A655D | Source = PerfDisk | ID = 2001
Description = Unable to read the disk performance information from the system. Disk
performance counters must be enabled for at least one physical disk or logical volume
in order for these counters to appear. Disk performance counters can be enabled
by using the Hardware Device Manager property pages. Status code returned is data
DWORD 0.

[ System Events ]
Error - 17/08/2010 14:31:12 | Computer Name = ACER-684C9A655D | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 0014A45D5347 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 18/08/2010 07:01:22 | Computer Name = ACER-684C9A655D | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.4 for the Network Card with network
address 000AE4EDC8E6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 18/08/2010 07:01:29 | Computer Name = ACER-684C9A655D | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.5 for the Network Card with network
address 0014A45D5347 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 19/08/2010 04:10:12 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Kaspersky Anti-Virus
Service service to connect.

Error - 19/08/2010 04:10:12 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7000
Description = The Kaspersky Anti-Virus Service service failed to start due to the
following error: %%1053

Error - 22/08/2010 03:38:20 | Computer Name = ACER-684C9A655D | Source = System Error | ID = 1003
Description = Error code 00000077, parameter1 c000009c, parameter2 c000009c, parameter3
00000000, parameter4 00431000.

Error - 22/08/2010 03:40:31 | Computer Name = ACER-684C9A655D | Source = System Error | ID = 1003
Description = Error code c000021a, parameter1 e383e4b8, parameter2 c000001d, parameter3
010d2164, parameter4 0054e060.

Error - 23/08/2010 03:45:09 | Computer Name = ACER-684C9A655D | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 23/08/2010 03:47:09 | Computer Name = ACER-684C9A655D | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 23/08/2010 03:47:09 | Computer Name = ACER-684C9A655D | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.


< End of report >


Hope all this helps wacko.gif

Mike

#11 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:05:32 AM

Posted 23 August 2010 - 03:56 PM

Hi!

Few questions:
Do you recognize the following IP addresses, originating from Russia?
213.109.64.149
213.109.74.115
Are you using a router?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#12 Mike JT

Mike JT
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 24 August 2010 - 02:34 AM

I don't recognise the IP addresses - or access any sites in Russia (that I'm aware of anyway!).

I access the internet through a Netgear DG834G ADSL router.

Mike

#13 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:05:32 AM

Posted 24 August 2010 - 12:00 PM

Hello, Mike JT.
Let me know if you still get redirected after this fix smile.gif

We need to run a custom OTL fix
  1. Please run OTL on your desktop.
  2. Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not copy the word "code".
    CODE
    :OTL
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.149 213.109.74.115
  3. Click the Run Fix button
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click OK
  6. A report will open. Copy and Paste that report in your next reply.

NEXT:

Click Start > Run and type the following in and then press enter:
ipconfig /flushdns

In your next reply, please include the following:
  • OTL Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#14 Mike JT

Mike JT
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 24 August 2010 - 12:53 PM

Hi Aommaster.

I've done as you advised but still have the redirect problem lmfao.gif

OTL log is here:

========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!

OTL by OldTimer - Version 3.2.10.0 log created on 08242010_184235


Persistent little beggar isn't it!

Mike

#15 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:05:32 AM

Posted 24 August 2010 - 12:56 PM

Hi!

Indeed it is tongue.gif
  1. Please read this: Malware Silently Alters Wireless Router Settings
  2. Consult this link to find out what is the default username and password of your router and note down them: Route Passwords
  3. Then reset your router to it's factory default settings:
    QUOTE
    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"
  4. This is the difficult part.
    First get to the routers server. To do that open Internet Explorer and type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

NEXT:
We need to reset your DNS servers
  1. Click Start -> Control Panel -> Double click on Network Connections.
  2. Right click on Local Area Connection or Dial-up Connection if you are using Dial-up, and select Properties.
  3. Select the General tab.
  4. Double click on Internet Protocol (TCP/IP) under General tab:
  5. Check Obtain an IP address automatically and Obtain DNS server address automatically.
  6. Click OK twice to save the settings.
  7. Reboot.

NEXT:
We need to flush your DNS Resolver Cache
  1. Click Start > Run
  2. Type cmd and press enter
  3. At the command prompt, type ipconfig /flushdns and press enter

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users