Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I hope I got it all out all the malware


  • This topic is locked This topic is locked
21 replies to this topic

#1 csspcrepair

csspcrepair

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 04 January 2011 - 08:23 PM

I am running Vista Home Premium SP2 32bit and I have been running several programs to try and remove some virus, malware, and trojan infections.

I have run a scan on the hard drive with Kaspersky Internet Security 2011 as a slave, found and deleted "virus HEUR:Exploit.Script.Generic".
Running on the PC; Spybot S&D found 9 problems, Ad-Aware found 24 cookies, Malwarebytes found 1 trojan, and I already removed 1 entry in Hijack This that had (no name) (no file).
There was one user at first but I was unable to run a update on McAfee and Hijack This wouldn't run properly and so I created a new user which I am using now.

When I run scans at this point I only find some cookies (which I don't expect to never have come back) but I am not convinced that all the bad stuff is actually gone so that is why I made this post.

I think I followed the directions for posting as far as scanning and log posting but if I missed something please let me know.


Thanks for the help!

Edit: I forgot to add a HijackThis save file.

Attached Files


Edited by csspcrepair, 04 January 2011 - 08:34 PM.


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:09 PM

Posted 09 January 2011 - 10:11 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL Report

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


We also need a log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:


Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.

Best Regards,
oneof4.


#3 csspcrepair

csspcrepair
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 14 January 2011 - 05:11 PM

Thanks for your help. All three reports are pasted below.

OTL logfile created on: 1/14/2011 4:20:55 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Bill\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.14 Gb Total Space | 138.26 Gb Free Space | 63.38% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 9.37 Gb Free Space | 63.95% Space Free | Partition Type: NTFS

Computer Name: BILL-PC | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/14 16:18:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
PRC - [2010/12/03 14:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/05 20:26:46 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
PRC - [2010/03/16 15:28:50 | 000,689,392 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2010/03/16 15:28:46 | 000,468,208 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2010/03/16 15:28:44 | 004,281,584 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2010/02/10 18:11:00 | 000,020,480 | ---- | M] () -- C:\Program Files\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe
PRC - [2010/02/10 18:10:50 | 000,233,472 | ---- | M] () -- C:\Program Files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe
PRC - [2010/02/10 15:20:56 | 000,028,672 | ---- | M] (DigiData Corp.) -- C:\Program Files\Verizon\Online Backup & Sharing\vewatch.exe
PRC - [2010/02/02 19:02:52 | 000,024,576 | ---- | M] (DigiData Corp.) -- C:\Program Files\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/04 17:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/08/19 01:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/07/20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/01/19 18:13:32 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe


========== Modules (SafeList) ==========

MOD - [2011/01/14 16:18:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/16 15:28:50 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/02/10 18:11:00 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe -- (OnlineBackupSchedulerService)
SRV - [2010/02/02 19:02:52 | 000,024,576 | ---- | M] (DigiData Corp.) [Auto | Running] -- C:\Program Files\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe -- (FilesystemWatcher)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/04 17:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/08/19 01:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/07/20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/01/10 05:35:15 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/04/22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008/10/28 15:15:54 | 000,020,736 | ---- | M] (ZDC., Inc. (ZDC)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\ZDCndis5.sys -- (ZDCNDIS5)
DRV - [2008/10/28 03:19:24 | 000,873,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WlanGZG.sys -- (XG762_VS)
DRV - [2008/08/26 12:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/26 12:54:40 | 002,469,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/08/19 03:41:04 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/08/19 02:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/08/19 02:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/08/19 01:59:30 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/08/19 01:19:42 | 002,161,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074



IE - HKU\S-1-5-21-2791717126-84914060-3054792316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-21-2791717126-84914060-3054792316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0MSN&bm=ms_home
IE - HKU\S-1-5-21-2791717126-84914060-3054792316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2791717126-84914060-3054792316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2791717126-84914060-3054792316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0MSN&bm=ms_home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8074
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/10 05:20:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/03 14:47:34 | 000,000,000 | ---D | M]

[2011/01/03 14:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill\AppData\Roaming\Mozilla\Extensions
[2011/01/14 16:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\uj9g1d5q.default\extensions
[2011/01/03 14:51:04 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\uj9g1d5q.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2011/01/03 14:51:04 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\uj9g1d5q.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/01/03 14:51:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\uj9g1d5q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/03 14:51:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\uj9g1d5q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/01/10 05:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/10 05:38:48 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011/01/10 05:38:47 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: ([2011/01/10 01:27:29 | 000,428,538 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14757 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2791717126-84914060-3054792316-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Online Backup Auto Update] C:\Program Files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe ()
O4 - HKLM..\Run: [Vault Explorer Cache Watcher] C:\Program Files\Verizon\Online Backup & Sharing\vewatch.exe (DigiData Corp.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2791717126-84914060-3054792316-1000..\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Bill\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bill\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{40fba27b-10d0-11de-b0fc-00219b29dcf3}\Shell - "" = AutoRun
O33 - MountPoints2\{40fba27b-10d0-11de-b0fc-00219b29dcf3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/14 16:18:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
[2011/01/11 22:36:25 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/01/11 22:36:23 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/01/10 05:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/01/10 05:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/01/10 05:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/01/10 05:35:15 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/01/10 05:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/01/09 22:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
[2011/01/09 22:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services
[2011/01/03 14:47:41 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Roaming\Mozilla
[2011/01/03 14:47:41 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Local\Mozilla
[2011/01/03 14:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/01/03 14:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/03 11:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/03 11:02:46 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/01/03 01:34:59 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Roaming\Malwarebytes
[2011/01/03 01:34:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/03 01:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/03 01:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/03 01:34:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/03 01:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/02 06:59:53 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/01/02 06:58:52 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Local\Sunbelt Software
[2011/01/02 06:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/01/02 06:54:48 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bill\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/02 06:54:31 | 115,652,856 | ---- | C] (Kaspersky Lab) -- C:\Users\Bill\Desktop\kis2011_11.0.2.556-1781EN-US.exe
[2011/01/02 06:53:52 | 130,359,064 | ---- | C] (Lavasoft ) -- C:\Users\Bill\Desktop\Ad-Aware90Install.exe
[2011/01/02 06:53:35 | 008,582,536 | ---- | C] (Mozilla) -- C:\Users\Bill\Desktop\Firefox Setup 3.6.13.exe
[2011/01/02 06:49:42 | 000,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Users\Bill\Desktop\cwshredder.exe
[2011/01/02 02:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/02 02:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/01/02 02:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/30 10:14:16 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Bill\Desktop\spybotsd162.exe
[2010/12/27 16:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2010/12/27 16:46:41 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/12/27 16:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/27 16:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/27 16:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/27 16:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/12/27 16:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2010/12/27 16:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/12/17 10:31:10 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/17 10:31:06 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/17 10:31:06 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/17 10:31:06 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/17 10:31:05 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/17 10:31:03 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/17 10:31:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/17 10:31:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/17 10:30:57 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/17 10:30:56 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/17 10:30:56 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/17 10:30:56 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/17 10:30:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/17 10:30:55 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/17 10:30:55 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/17 10:30:54 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/17 10:30:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/17 10:30:54 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/17 10:30:54 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/17 10:30:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/17 10:30:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/17 10:30:54 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/17 10:30:54 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/17 10:30:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/17 10:30:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/17 10:30:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[1 C:\Users\Bill\Documents\*.tmp files -> C:\Users\Bill\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/14 16:18:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
[2011/01/14 16:09:05 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4838B9C0-283D-4971-BEC5-E3FF0F7D42FC}.job
[2011/01/14 15:55:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/14 15:55:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 06:03:12 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/10 06:03:12 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/10 05:55:57 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2011/01/10 05:55:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/10 05:55:43 | 3184,513,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/10 05:48:21 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011/01/10 05:48:21 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011/01/10 05:35:15 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/01/10 01:27:29 | 000,428,538 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/03 19:45:02 | 000,428,400 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110110-012729.backup
[2011/01/03 15:39:20 | 000,002,521 | ---- | M] () -- C:\Users\Bill\Desktop\HiJackThis.lnk
[2011/01/03 14:56:58 | 000,428,400 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110103-194502.backup
[2011/01/03 14:47:35 | 000,001,750 | ---- | M] () -- C:\Users\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/03 14:47:35 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/03 01:34:55 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 06:59:53 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/01/02 02:08:25 | 000,428,400 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110103-145658.backup
[2011/01/02 02:05:17 | 000,001,081 | ---- | M] () -- C:\Users\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/02 02:05:17 | 000,001,057 | ---- | M] () -- C:\Users\Bill\Desktop\Spybot - Search & Destroy.lnk
[2010/12/30 23:37:30 | 115,652,856 | ---- | M] (Kaspersky Lab) -- C:\Users\Bill\Desktop\kis2011_11.0.2.556-1781EN-US.exe
[2010/12/30 16:32:44 | 008,582,536 | ---- | M] (Mozilla) -- C:\Users\Bill\Desktop\Firefox Setup 3.6.13.exe
[2010/12/30 16:28:36 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bill\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/30 16:28:30 | 130,359,064 | ---- | M] (Lavasoft ) -- C:\Users\Bill\Desktop\Ad-Aware90Install.exe
[2010/12/28 10:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010/12/27 16:46:45 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/27 16:40:55 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/19 18:25:49 | 000,015,449 | ---- | M] () -- C:\Users\Bill\Documents\Christmas Card Address Labels 2009.docx
[2010/12/18 15:24:00 | 000,374,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/17 11:19:24 | 001,402,880 | ---- | M] () -- C:\Users\Bill\Desktop\HiJackThis204.msi
[1 C:\Users\Bill\Documents\*.tmp files -> C:\Users\Bill\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/10 05:38:37 | 000,114,243 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/01/10 05:38:37 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/01/03 14:47:35 | 000,001,750 | ---- | C] () -- C:\Users\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/03 14:47:35 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/03 11:02:46 | 000,002,521 | ---- | C] () -- C:\Users\Bill\Desktop\HiJackThis.lnk
[2011/01/03 01:34:55 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 06:49:38 | 001,402,880 | ---- | C] () -- C:\Users\Bill\Desktop\HiJackThis204.msi
[2011/01/02 02:05:17 | 000,001,081 | ---- | C] () -- C:\Users\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/02 02:05:17 | 000,001,057 | ---- | C] () -- C:\Users\Bill\Desktop\Spybot - Search & Destroy.lnk
[2010/12/27 16:46:45 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/27 16:40:55 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/01 10:39:48 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2009/09/20 10:40:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/15 08:24:20 | 000,006,080 | ---- | C] () -- C:\Users\Bill\AppData\Local\d3d9caps.dat
[2009/03/14 18:11:34 | 000,023,040 | ---- | C] () -- C:\Users\Bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/14 16:33:08 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/03/14 16:31:39 | 000,000,084 | ---- | C] () -- C:\Windows\EPSPRX595.ini
[2009/03/07 04:18:50 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/03/07 04:18:49 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1545.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

< End of report >

OTL Extras logfile created on: 1/14/2011 4:20:55 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Bill\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.14 Gb Total Space | 138.26 Gb Free Space | 63.38% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 9.37 Gb Free Space | 63.95% Space Free | Partition Type: NTFS

Computer Name: BILL-PC | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2791717126-84914060-3054792316-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2791717126-84914060-3054792316-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{57FEBA8C-3A1D-4FBB-A743-F9A15350C547}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6B335DD5-2AFE-4D23-AFBD-63308B272E1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{74A73696-F928-40AA-AA19-C726D76C48AD}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17C7B206-2206-49D0-90A6-BF973D238161}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{18CC08F7-8480-41DF-9B2B-45C36C67FFF9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{206203B2-BDAB-4802-B178-CCC190B81D4B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{377AC126-E717-409A-BF17-CF30F7ED06C8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4004F1CB-A2D4-4893-A77F-4D078E7DCCF7}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{4D238906-9FDF-4D1F-9F72-72E3743CE301}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5CBD0E60-0D69-4602-9084-02DB7EC73500}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6CA98377-D758-4D0B-A294-C1B5E12A33EA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6FA23BC8-1019-4E61-AACE-84BDFD28A355}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7281A4B0-F50A-4EAB-8B57-D66D7193DFE6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{946BB31B-3495-4BA7-9875-163A9C107612}" = protocol=17 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{B2F371FC-147B-4682-888B-766252ADD16D}" = protocol=6 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{CB203337-0842-4258-AD4E-D6DDD6E100D5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D822659B-9478-4A5A-A680-A32B99F2C111}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{DEC4B533-E028-408F-A3F0-92AF10A2A26A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EC8D2B43-0A02-4804-A35A-15B8DBAB4F81}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FA8E21F9-2EA5-413E-A67A-85C0D4A0E4B0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{011A2240-08DF-45BB-AA4E-1A78637CCF80}" = RPS CRT
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX595 Series Scanner Driver Update
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{29DFAB41-7D73-4E92-9329-FB1ECBD2EF83}" = ZyXEL G-220v3 Wireless USB Adapter Utility
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5F89E4AF-07EF-48C7-9F3D-46E96E338D1D}" = Verizon Online Backup and Sharing
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour Print Services
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3D4F451-5F04-4082-BE21-1C0C1ADF5014}" = Vz In Home Agent
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSNINST" = MSN
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.18
"Silent Package Run-Time Sample" = EPSON RX595 User's Guide
"Verizon Online DSL_is1" = Verizon Online DSL
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2791717126-84914060-3054792316-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.2.4.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/2/2011 3:40:15 AM | Computer Name = Bill-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3089

Error - 1/2/2011 3:40:16 AM | Computer Name = Bill-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/2/2011 3:40:16 AM | Computer Name = Bill-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4088

Error - 1/2/2011 3:40:16 AM | Computer Name = Bill-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4088

Error - 1/2/2011 3:40:17 AM | Computer Name = Bill-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/2/2011 3:40:17 AM | Computer Name = Bill-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5086

Error - 1/2/2011 3:40:17 AM | Computer Name = Bill-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5086

Error - 1/2/2011 3:40:18 AM | Computer Name = Bill-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/2/2011 3:40:18 AM | Computer Name = Bill-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6084

Error - 1/2/2011 3:40:18 AM | Computer Name = Bill-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6084

[ OSession Events ]
Error - 6/12/2009 6:26:10 PM | Computer Name = Bill-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 259
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/27/2010 5:42:39 PM | Computer Name = Bill-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12/27/2010 5:44:03 PM | Computer Name = Bill-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12/27/2010 8:00:26 PM | Computer Name = Bill-PC | Source = DCOM | ID = 10010
Description =

Error - 12/30/2010 11:12:56 AM | Computer Name = Bill-PC | Source = PlugPlayManager | ID = 10
Description = Error writing to server side install pipe

Error - 1/2/2011 7:58:47 AM | Computer Name = Bill-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/2/2011 6:01:44 PM | Computer Name = Bill-PC | Source = bowser | ID = 8003
Description =

Error - 1/10/2011 3:03:51 AM | Computer Name = Bill-PC | Source = DCOM | ID = 10010
Description =

Error - 1/10/2011 3:03:51 AM | Computer Name = Bill-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/11/2011 3:51:39 AM | Computer Name = Bill-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 1/11/2011 9:53:44 PM | Computer Name = Bill-PC | Source = bowser | ID = 8003
Description =


< End of report >

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-14 17:01:21
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST325031 rev.4.AD
Running: 2kjtgn9z.exe; Driver: C:\Users\Bill\AppData\Local\Temp\pxldqpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x904F8DAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x904FAFE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x904FB262]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x904FB4D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x904F96BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x904FA4F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x904FAA3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x904F999A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x904FA922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x904F8998]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x904FA7F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x904F8B40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x904FAB5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x904F9344]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x904FA88C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x904FC24A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x904F9E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x904FD458]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x904F9C2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x904FC33C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x904FCAA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x904FAAD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x904F9740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x904FA9B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x904F8FE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x904FC83E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x904FABF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x904F8ED8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x904FB7DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x904FCDDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x904FC6D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x904F7652]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x904FAF56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x904FAE1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x904FBFE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x904F79CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x904FD2FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x904F75EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x904FA238]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x904F9560]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x904FB87E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x904FC4DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x904FCF2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x904FD020]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x904FD15A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x904FC16E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x904F918E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x904F90E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x904FCC82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x904F927A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x904F9442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x904FB722]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 119 824C087C 4 Bytes [AA, 8D, 4F, 90] {STOSB ; LEA ECX, [EDI-0x70]}
.text ntkrnlpa.exe!KeSetEvent + 13D 824C08A0 8 Bytes CALL E4DC5854
.text ntkrnlpa.exe!KeSetEvent + 181 824C08E4 4 Bytes [D8, B4, 4F, 90]
.text ntkrnlpa.exe!KeSetEvent + 1A9 824C090C 4 Bytes [BE, 96, 4F, 90]
.text ntkrnlpa.exe!KeSetEvent + 1C1 824C0924 4 Bytes [F2, A4, 4F, 90] {REPNZ MOVSB ; DEC EDI; NOP }
.text ...

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] C:\Windows\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] USER32.dll!SetScrollInfo + 7A8 77F07980 4 Bytes [E0, 13, 48, 6C] {LOOPNZ 0x15; DEC EAX; INSB }
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] C:\Windows\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] USER32.dll!SetScrollInfo + 7A8 77F07980 4 Bytes [E0, 13, 48, 6C] {LOOPNZ 0x15; DEC EAX; INSB }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00370240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 003702B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00370320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00370390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 00AE04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleW] 00AE0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00AE05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00AE0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 00370860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 003708D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 00370940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapFree] 003709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 00370A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AE06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00AE0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00370B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AE0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 00AE09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 00370DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 00AE0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 00AE0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 00370E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 00AE0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 00370E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 00370EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00370F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 77FE0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00AE0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77FE04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 00AE0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00AE0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00AE0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77FE0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 77FE0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 00AE0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AE0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 77FE0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 77FE07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AE0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00AE0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00AE0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 77FE08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 77FE0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!HeapFree] 77FE0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 77FE0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 00AE0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 77FE0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 77FE0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 77FE0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 77FE0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 77FE0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 775E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 775E0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 775E0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 775E0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 775E0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 77FE0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 77FE0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 775E04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 775E0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 775E05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USERENV.dll [ntdll.dll!RtlFreeHeap] 77FE0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!HeapFree] 77FE0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateThread] 77FE0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetErrorMode] 775E06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 775E0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] 775E0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 775E07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 00390010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 00390080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 775E0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 775E08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 775E0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 775E09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AF02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleHandleA] 00AF08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AF0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 00AF09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 003A0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 00AF0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 003A02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 003A0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapFree] 003A0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SAMLIB.dll [ntdll.dll!RtlFreeHeap] 003A0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!FreeLibrary] 00AF0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] 00AF0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AF0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapFree] 003A0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 003A0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapDestroy] 003A07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapCreate] 003A0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 003A08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00AF0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 00AF0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00AF0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00AF0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 003A0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 003A09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 003A0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 003A0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 003A0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 00B00240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B002B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 00B00320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00B00390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00B00400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00B00470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 003B0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 003B02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B006A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 003B0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 003B0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00B00710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 00B00780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00B007F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00B00860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 003B0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapFree] 003B0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003B05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 003B0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 003B06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 00B008D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 00B00940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B009B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!HeapFree] 003B0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 003B07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 77FE0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 77FE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!HeapFree] 77FE0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 775E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 775E0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 775E0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetModuleHandleW] 775E00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] 77FE01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 775E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA] 775E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW] 775E00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 77FE0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 775E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 775E0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2064] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 775E0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001E0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001E0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 015604E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleW] 01560550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 015605C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 01560630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 001E0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 001E08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 001E0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapFree] 001E09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 001E0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 015606A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 01560710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 001E0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01560940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 015609B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 001E0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 01560A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 01560A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 001E0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 01560B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 001E0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 001E0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 001E0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 77FE0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 01560B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77FE04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 01560BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 01560C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 01560CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77FE0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 77FE0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 01560D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01560DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 77FE0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 77FE07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01560E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 01560E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 01560EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 77FE08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 77FE0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!HeapFree] 77FE0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 77FE0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 01560F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 77FE0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 77FE0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 77FE0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 77FE0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 77FE0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 775E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 775E0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 775E0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 775E0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 775E0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 77FE0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 77FE0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 775E04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 775E0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 775E05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USERENV.dll [ntdll.dll!RtlFreeHeap] 77FE0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!HeapFree] 77FE0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateThread] 77FE0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetErrorMode] 775E06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 775E0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] 775E0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 775E07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 00200010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 00200080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 775E0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 775E08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 775E0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 775E09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 015702B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleHandleA] 015708D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01570940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 015709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 003E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 01570A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 003E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 003E0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapFree] 003E0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SAMLIB.dll [ntdll.dll!RtlFreeHeap] 003E0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!FreeLibrary] 01570A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] 01570B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01570B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapFree] 003E0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 003E0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapDestroy] 003E07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapCreate] 003E0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 003E08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01570BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 01570C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 01570CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01570D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 003E0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 003E09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 003E0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 003E0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 003E0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 01580240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 015802B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 01580320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 01580390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 01580400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 01580470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 003F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 003F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 015806A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 003F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 003F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 01580710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 01580780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 015807F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 01580860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 003F0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapFree] 003F0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 003F0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 003F06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 015808D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 01580940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 015809B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!HeapFree] 003F0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 003F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 77FE01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 775E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 775E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 775E00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 77FE0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 775E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 775E0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[2644] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 775E0010

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Again, thanks for your help.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:09 PM

Posted 15 January 2011 - 06:07 PM

Hello

My name is gringo and I will be Helping you from this point forward

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes unless I tell you so.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

If you have not done so please Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Here is the first thing I would like you to do.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 csspcrepair

csspcrepair
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 16 January 2011 - 04:35 PM

Hello Gringo

I forgot to disable Windows Defender but that apparently hasn't caused any problems.

ComboFix 11-01-15.01 - Bill 01/16/2011 16:11:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3036.1227 [GMT -5:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Bill\GoToAssistDownloadHelper.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-16 to 2011-01-16 )))))))))))))))))))))))))))))))
.

2011-01-16 21:15 . 2011-01-16 21:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-14 06:05 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F1A9770-A1B1-4233-B8DF-B5007FD18A10}\mpengine.dll
2011-01-12 03:36 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 03:36 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 03:36 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 03:36 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 03:36 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 03:36 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 03:36 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-10 10:38 . 2011-01-10 10:48 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-01-10 10:38 . 2011-01-10 10:48 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-01-10 10:36 . 2011-01-10 10:36 -------- d-----w- c:\program files\Kaspersky Lab
2011-01-10 10:35 . 2011-01-16 20:31 -------- d-----w- c:\programdata\Kaspersky Lab
2011-01-10 10:26 . 2011-01-10 10:26 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-01-10 03:09 . 2011-01-10 03:09 -------- d-----w- c:\program files\Bonjour Print Services
2011-01-03 21:02 . 2011-01-03 21:02 -------- d-----w- c:\users\CSS
2011-01-03 19:47 . 2011-01-03 19:47 -------- d-----w- c:\users\Bill\AppData\Local\Mozilla
2011-01-03 16:02 . 2011-01-03 16:02 388096 ----a-r- c:\users\Bill\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-03 16:02 . 2011-01-03 16:02 -------- d-----w- c:\program files\Trend Micro
2011-01-03 06:34 . 2011-01-03 06:34 -------- d-----w- c:\users\Bill\AppData\Roaming\Malwarebytes
2011-01-03 06:34 . 2011-01-03 06:34 -------- d-----w- c:\programdata\Malwarebytes
2011-01-03 06:34 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-03 06:34 . 2011-01-03 06:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-03 06:34 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-02 11:59 . 2011-01-02 11:59 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-02 11:58 . 2011-01-02 11:58 -------- d-----w- c:\users\Bill\AppData\Local\Sunbelt Software
2011-01-02 11:58 . 2011-01-10 10:29 -------- d-----w- c:\programdata\Lavasoft
2011-01-02 07:05 . 2011-01-02 09:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-01-02 07:05 . 2011-01-02 07:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-27 21:46 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-27 21:46 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-27 21:45 . 2010-12-27 21:45 -------- d-----w- c:\program files\iPod
2010-12-27 21:45 . 2010-12-27 21:46 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-27 21:45 . 2010-12-27 21:46 -------- d-----w- c:\program files\iTunes
2010-12-27 21:42 . 2010-12-27 21:42 -------- d-----w- c:\program files\Bonjour
2010-12-27 21:41 . 2010-12-27 21:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-27 21:41 . 2010-12-27 21:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-27 21:41 . 2010-12-27 21:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-27 21:41 . 2010-12-27 21:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-27 21:41 . 2010-12-27 21:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-27 21:41 . 2010-12-27 21:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-27 21:41 . 2010-12-27 21:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-27 21:40 . 2010-12-27 21:41 -------- d-----w- c:\program files\QuickTime
2010-12-26 20:56 . 2010-12-26 20:56 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-04 18:56 . 2010-12-17 15:31 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-17 15:31 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-17 15:31 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-17 15:31 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-17 15:31 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-17 15:30 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-17 15:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-17 15:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-17 15:30 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57 . 2010-12-17 15:30 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01 . 2010-12-17 15:30 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-17 15:30 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-17 15:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44 . 2010-12-17 15:31 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27 . 2010-12-17 15:31 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20 . 2010-12-17 15:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-19 15:41 . 2009-10-04 13:41 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Online Backup Auto Update"="c:\program files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe" [2010-02-10 233472]
"Vault Explorer Cache Watcher"="c:\program files\Verizon\Online Backup & Sharing\vewatch.exe" [2010-02-10 28672]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]

c:\users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2010-8-1 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 18:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX595 Series]
2007-03-30 10:00 182272 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICLA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 04:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-26 17:54 178712 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-07-20 23:45 182808 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-08-26 17:54 150040 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 04:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 20:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-08-26 17:54 154136 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-08-19 06:19 6265376 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2791717126-84914060-3054792316-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XG762_VS;ZyXEL 802.11g XG762 1211 Vista Driver;c:\windows\system32\DRIVERS\WlanGZG.sys [2008-10-28 873472]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-08-19 81920]
S2 FilesystemWatcher;Filesystem Watcher;c:\program files\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [2010-02-03 24576]
S2 OnlineBackupSchedulerService;Online Backup Scheduler;c:\program files\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe [2010-02-10 20480]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-08-19 27648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2010-03-16 689392]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-08-26 112128]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]


--- Other Services/Drivers In Memory ---

*Deregistered* - pxldqpod

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-01-10 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-03-07 07:02]

2011-01-16 c:\windows\Tasks\User_Feed_Synchronization-{4838B9C0-283D-4971-BEC5-E3FF0F7D42FC}.job
- c:\windows\system32\msfeedssync.exe [2010-12-17 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0MSN&bm=ms_home
uInternet Settings,ProxyServer = http=127.0.0.1:8074
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {0A8C11D6-555F-4A68-9425-B7FF481D111B} = 192.168.1.1
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\uj9g1d5q.default\
FF - prefs.js: browser.startup.homepage - hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0MSN&bm=ms_home
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8074
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-16 16:15
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-01-16 16:17:06
ComboFix-quarantined-files.txt 2011-01-16 21:16

Pre-Run: 149,896,630,272 bytes free
Post-Run: 150,056,710,144 bytes free

- - End Of File - - 91DF0E2A4EAF4E3196D9B2AB6FECFF38

I haven't noticed any unusual behavior since running scans with Kaspersky and the other programs I have just installed, but then again I haven't been using this computer aside from trying to resolve it's infections so I may have missed it if it is still acting up somewhere.

Thanks for your help

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:09 PM

Posted 16 January 2011 - 05:46 PM

I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:8074

FireFox::
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\uj9g1d5q.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8074


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 csspcrepair

csspcrepair
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 16 January 2011 - 08:14 PM

I followed your instructions and ran ComboFix with the text file and now I cant run Firefox or Internet Explorer.

The first time I ran ComboFix I noticed that the default web browser was no longer Firefox which I assumed was normal but now when I try links for either web browser I get a message that has the path of the .exe I'm trying to run then it says, "Illegal operation attempted on a registry key that has been marked for deletion."

Now I am using another PC to post this reply and a thumb drive to send the log.

Please explain what has happened and how to undo / fix it.

ComboFix 11-01-15.01 - Bill 01/16/2011 19:52:36.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3036.1277 [GMT -5:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
Command switches used :: c:\users\Bill\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-17 to 2011-01-17 )))))))))))))))))))))))))))))))
.

2011-01-17 00:56 . 2011-01-17 00:56 -------- d-----w- c:\users\Bill\AppData\Local\temp
2011-01-17 00:56 . 2011-01-17 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-14 06:05 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F1A9770-A1B1-4233-B8DF-B5007FD18A10}\mpengine.dll
2011-01-12 03:36 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 03:36 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 03:36 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 03:36 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 03:36 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 03:36 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 03:36 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-10 10:38 . 2011-01-10 10:48 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-01-10 10:38 . 2011-01-10 10:48 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-01-10 10:36 . 2011-01-10 10:36 -------- d-----w- c:\program files\Kaspersky Lab
2011-01-10 10:35 . 2011-01-16 22:51 -------- d-----w- c:\programdata\Kaspersky Lab
2011-01-10 10:26 . 2011-01-10 10:26 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-01-10 03:09 . 2011-01-10 03:09 -------- d-----w- c:\program files\Bonjour Print Services
2011-01-03 21:02 . 2011-01-03 21:02 -------- d-----w- c:\users\CSS
2011-01-03 19:47 . 2011-01-03 19:47 -------- d-----w- c:\users\Bill\AppData\Local\Mozilla
2011-01-03 16:02 . 2011-01-03 16:02 388096 ----a-r- c:\users\Bill\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-03 16:02 . 2011-01-03 16:02 -------- d-----w- c:\program files\Trend Micro
2011-01-03 06:34 . 2011-01-03 06:34 -------- d-----w- c:\users\Bill\AppData\Roaming\Malwarebytes
2011-01-03 06:34 . 2011-01-03 06:34 -------- d-----w- c:\programdata\Malwarebytes
2011-01-03 06:34 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-03 06:34 . 2011-01-03 06:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-03 06:34 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-02 11:59 . 2011-01-02 11:59 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-02 11:58 . 2011-01-02 11:58 -------- d-----w- c:\users\Bill\AppData\Local\Sunbelt Software
2011-01-02 11:58 . 2011-01-10 10:29 -------- d-----w- c:\programdata\Lavasoft
2011-01-02 07:05 . 2011-01-02 09:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-01-02 07:05 . 2011-01-02 07:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-27 21:46 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-27 21:46 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-27 21:45 . 2010-12-27 21:45 -------- d-----w- c:\program files\iPod
2010-12-27 21:45 . 2010-12-27 21:46 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-27 21:45 . 2010-12-27 21:46 -------- d-----w- c:\program files\iTunes
2010-12-27 21:42 . 2010-12-27 21:42 -------- d-----w- c:\program files\Bonjour
2010-12-27 21:41 . 2010-12-27 21:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-27 21:41 . 2010-12-27 21:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-27 21:41 . 2010-12-27 21:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-27 21:41 . 2010-12-27 21:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-27 21:41 . 2010-12-27 21:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-27 21:41 . 2010-12-27 21:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-27 21:41 . 2010-12-27 21:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-27 21:40 . 2010-12-27 21:41 -------- d-----w- c:\program files\QuickTime
2010-12-26 20:56 . 2010-12-26 20:56 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-04 18:56 . 2010-12-17 15:31 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-17 15:31 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-17 15:31 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-17 15:31 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-17 15:31 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-17 15:30 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-17 15:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-17 15:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-17 15:30 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57 . 2010-12-17 15:30 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01 . 2010-12-17 15:30 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-17 15:30 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-17 15:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44 . 2010-12-17 15:31 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27 . 2010-12-17 15:31 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20 . 2010-12-17 15:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-19 15:41 . 2009-10-04 13:41 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Online Backup Auto Update"="c:\program files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe" [2010-02-10 233472]
"Vault Explorer Cache Watcher"="c:\program files\Verizon\Online Backup & Sharing\vewatch.exe" [2010-02-10 28672]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]

c:\users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2010-8-1 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 18:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX595 Series]
2007-03-30 10:00 182272 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICLA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 04:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-26 17:54 178712 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-07-20 23:45 182808 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-08-26 17:54 150040 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 04:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 20:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-08-26 17:54 154136 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-08-19 06:19 6265376 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2791717126-84914060-3054792316-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XG762_VS;ZyXEL 802.11g XG762 1211 Vista Driver;c:\windows\system32\DRIVERS\WlanGZG.sys [2008-10-28 873472]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-08-19 81920]
S2 FilesystemWatcher;Filesystem Watcher;c:\program files\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [2010-02-03 24576]
S2 OnlineBackupSchedulerService;Online Backup Scheduler;c:\program files\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe [2010-02-10 20480]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-08-19 27648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2010-03-16 689392]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-08-26 112128]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]


--- Other Services/Drivers In Memory ---

*Deregistered* - pxldqpod

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-01-10 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-03-07 07:02]

2011-01-16 c:\windows\Tasks\User_Feed_Synchronization-{4838B9C0-283D-4971-BEC5-E3FF0F7D42FC}.job
- c:\windows\system32\msfeedssync.exe [2010-12-17 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0MSN&bm=ms_home
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {0A8C11D6-555F-4A68-9425-B7FF481D111B} = 192.168.1.1
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\uj9g1d5q.default\
FF - prefs.js: browser.startup.homepage - hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0MSN&bm=ms_home
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-16 19:56
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5396)
c:\program files\Verizon\Online Backup & Sharing\LogicNP.EZNamespaceExtensions.dll
c:\windows\System32\SyncCenter.dll
.
Completion time: 2011-01-16 19:57:53
ComboFix-quarantined-files.txt 2011-01-17 00:57
ComboFix2.txt 2011-01-16 21:17

Pre-Run: 150,087,376,896 bytes free
Post-Run: 150,042,902,528 bytes free

- - End Of File - - C8D2BF43D1132BAFF30473AFA737A04A

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:09 PM

Posted 16 January 2011 - 08:19 PM

Check - Reset Proxy settings

Internet Explorer Proxy settings:

  • Open Internet Explorer > click Tools > Internet Options > Connections tab.
  • Click the LAN Settings... button and uncheck "Use a proxy server for your LAN"
    or change the settings to the proxy you normally use if you previously reconfigured it.
  • Remove any unknown addresses from the Address box. 80 is the default Port so it does not have to be changed.
  • Click OK... then click OK again.
  • Close Internet Explorer and -restart- the computer.
  • An example of how to do this with screenshots can be found >here<

Firefox Proxy settings:

  • Open Firefox, click Tools > Options > Advanced and click the Network Tab.
  • Under the Connection section click on the Settings... button.
  • Under Configure Proxies to Access the Internet, check No proxy. This is the default option if you don't use a proxy.
  • Click OK... then click OK again.
  • Close Firefox and -restart- the computer.
  • An example of how to do this with screenshots can be found >here<

For other browsers, please refer to How to configure browser proxy settings.

flush the DNS:

Can you please flush the DNS:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 csspcrepair

csspcrepair
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 17 January 2011 - 02:03 PM

But like I said I cant even open Firefox or Internet Explorer so how am I supposed to check the proxy settings?

I tried to flush the DNS and the exact same thing happened as when I try to run Firefox or Internet Explorer which I detailed in my previous post.

I managed to get Firefox open thanks to a link in a pop-up from Kaspersky telling me I was running a trial and recommending I buy a license. Firefox again asked if I wanted to set it as my default web browser (which I did again) and was already set to no proxy. I got Internet Explorer to run and it was already set to no proxy.

When I click on links to applications, text files, media files, and the application (.exe) files themselves I get the message saying "Illegal operation attempted on a registry key that has been marked for deletion.". I can get a program to open if I am clicking on something in the Windows Sidebar, Taskbar, through a link in a program, or using run in Task Manager.

So I can still run programs through run in Task Manager but not through the Start Menu, Desktop, or Explorer.

I did not run the command to flush the DNS because that is clearly not related to the very immediate problem with the registry and I don't want to do anything that does not address the current registry problem without a clear explanation as to why because I fear doing something else may cause more damage.

I have not rebooted the computer at all since I started this thread (since I was not told to do so) and with these current registry problems (caused by running ComboFix with that script you gave me) I don't want to reboot until the registry is working properly.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:09 PM

Posted 17 January 2011 - 02:35 PM

Please read post 4 and restart the computer


Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer


after you restart the computer please let me know how things are running and if you can connect to the internet


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 csspcrepair

csspcrepair
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 17 January 2011 - 05:00 PM

okay im sorry i missed that part

i rebooted and programs are now opening like normal and i ran the command you wanted then rebooted again

Microsoft Windows [Version 6.0.6002]
Copyright © 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Windows\system32>

sorry again

Edited by csspcrepair, 17 January 2011 - 05:03 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:09 PM

Posted 17 January 2011 - 05:08 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 csspcrepair

csspcrepair
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 17 January 2011 - 08:19 PM

I hope this is what you wanted to see.

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Bonjour
Bonjour Print Services
Business Tools Launcher
Choice Guard
Coupon Printer for Windows
Dell Getting Started Guide
Dell Support Center
EDocs
EPSON Print CD
EPSON Printer Software
EPSON RX595 User's Guide
EPSON Scan
EPSON Stylus Photo RX595 Series Scanner Driver Update
FileZilla Client 3.2.4.1
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
iTunes
Java™ 6 Update 11
Junk Mail filter update
Kaspersky Internet Security 2011
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.13)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Personal Entertainment Launcher
Picture Package Music Transfer
PowerDVD
Product Support Launcher
QuickTime
Realtek Ethernet Network Card Diagnostic tool for Windows Vista
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
RPS CRT
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Sonic CinePlayer Decoder Pack
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Verizon Online Backup and Sharing
Verizon Online DSL
Verizon Servicepoint 3.5.18
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vz In Home Agent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
ZyXEL G-220v3 Wireless USB Adapter Utility

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:09 PM

Posted 17 January 2011 - 10:29 PM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.3.1


and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 csspcrepair

csspcrepair
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 18 January 2011 - 04:03 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5549

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/18/2011 2:59:55 PM
mbam-log-2011-01-18 (14-59-55).txt

Scan type: Quick scan
Objects scanned: 153906
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:59:55 PM, on 1/18/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe
C:\Program Files\Verizon\Online Backup & Sharing\vewatch.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0MSN&bm=ms_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Online Backup Auto Update] "C:\Program Files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe"
O4 - HKLM\..\Run: [Vault Explorer Cache Watcher] C:\Program Files\Verizon\Online Backup & Sharing\vewatch.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A8C11D6-555F-4A68-9425-B7FF481D111B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A8C11D6-555F-4A68-9425-B7FF481D111B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A8C11D6-555F-4A68-9425-B7FF481D111B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0A8C11D6-555F-4A68-9425-B7FF481D111B}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Filesystem Watcher (FilesystemWatcher) - DigiData Corp. - C:\Program Files\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Online Backup Scheduler (OnlineBackupSchedulerService) - Unknown owner - C:\Program Files\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8602 bytes

I havent noticed any remaining problems but as far as Malwarebytes goes I greatly prefer to do full scans and remove everything so I wonder why you had me do a quick scan.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users