Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

having issues using and installing program


  • This topic is locked This topic is locked
46 replies to this topic

#1 Roberto04

Roberto04

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 25 June 2011 - 07:34 PM

Im having problems installing and using programs like AIM and norton 360

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Anubis at 13:51:38 on 2011-06-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.671 [GMT -4:00]
.
AV: Kaspersky PURE *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky pure\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [Acme.PCHButton] c:\progra~1\helpan~1\hpq\xpxwwpp5\plugin\bin\PCHButton.exe
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Home Theater SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe"
mRun: [WINREMOTE] "c:\program files\intervideo\common\bin\WinRemote.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [LWBKEYBOARD] c:\program files\omni\omni keyboard driver\5.0\KbdAp32A.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [MaBtSh] c:\program files\mobile action\bluetooth manager\MaBtSh.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky pure\ie_banner_deny.htm
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 167.206.254.2 167.206.254.1
TCP: Interfaces\{8702E124-7748-434B-83AD-ACE68741B455} : DhcpNameServer = 192.168.1.1 167.206.254.2 167.206.254.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\anubis\application data\mozilla\firefox\profiles\k33kcsh3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\anubis\application data\mozilla\firefox\profiles\k33kcsh3.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\anubis\application data\mozilla\firefox\profiles\k33kcsh3.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2011-6-18 88632]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2007-11-27 24971]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2011-6-18 39352]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-6-18 315408]
R2 AVP;Kaspersky PURE;c:\program files\kaspersky lab\kaspersky pure\avp.exe [2010-10-1 348760]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\common files\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-13 24652]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\drivers\ma730pt.sys [2008-4-18 102976]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\drivers\Ma730Vad.sys [2008-4-18 23376]
S3 cpqdiag;Compaq Diagnostics;c:\windows\system32\drivers\cpqdiag.sys --> c:\windows\system32\drivers\cpqdiag.sys [?]
S3 Ma730c;MA730 Bluetooth Core Driver;c:\windows\system32\drivers\ma730c.sys [2008-4-18 154944]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-18 39984]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2007-6-12 508416]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2010-10-17 8960]
.
=============== Created Last 30 ================
.
2011-06-25 08:00:45 -------- d-----w- c:\program files\AIM
2011-06-25 08:00:44 -------- d-----w- c:\program files\common files\Software Update Utility
2011-06-24 03:41:51 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-24 03:41:51 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-21 04:36:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-21 04:36:03 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-06-21 04:36:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-20 03:26:40 -------- d-----w- c:\program files\NortonInstaller
2011-06-20 01:51:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-19 00:17:02 162392 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-06-19 00:16:52 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-06-19 00:16:52 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-06-19 00:16:19 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-06-19 00:16:17 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-06-19 00:15:11 -------- d-----w- c:\program files\common files\InfoWatch
2011-06-19 00:15:08 -------- d-----w- c:\program files\Kaspersky Lab
2011-06-19 00:05:50 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files
2011-06-18 21:46:59 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-18 21:46:53 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-18 19:36:24 -------- d-sh--w- c:\documents and settings\anubis\IETldCache
2011-06-18 19:33:04 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-06-18 19:32:49 -------- d-----w- c:\windows\ie8updates
2011-06-18 19:31:03 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-18 19:31:03 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-18 19:31:03 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-18 19:28:58 -------- dc-h--w- c:\windows\ie8
2011-06-18 19:05:57 -------- d-----w- c:\documents and settings\anubis\local settings\application data\NPE
2011-06-16 07:03:34 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-16 02:13:18 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-14 04:15:27 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
2011-06-14 03:54:11 -------- d-----w- c:\windows\system32\drivers\N360
2011-06-14 03:54:07 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-06-14 03:53:55 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2011-06-10 17:16:44 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-08 20:43:27 8892928 ----a-w- c:\documents and settings\all users\application data\atscie.msi
2011-06-07 16:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-07 16:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-05-10 12:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 13:52:54.70 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 07 July 2011 - 06:04 PM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Roberto04

Roberto04
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 08 July 2011 - 04:08 AM

thanks for the help :)

OTL log:

OTL logfile created on: 7/7/2011 11:43:45 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Anubis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 34.81% Memory free
3.34 Gb Paging File | 2.55 Gb Available in Paging File | 76.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.77 Gb Total Space | 6.32 Gb Free Space | 4.40% Space Free | Partition Type: NTFS
Drive D: | 5.26 Gb Total Space | 0.68 Gb Free Space | 13.01% Space Free | Partition Type: FAT32
Drive L: | 232.88 Gb Total Space | 0.69 Gb Free Space | 0.30% Space Free | Partition Type: NTFS

Computer Name: ANUBISZRO | User Name: Anubis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/07 23:29:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anubis\Desktop\OTL.exe
PRC - [2011/06/23 23:41:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/20 14:48:04 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe
PRC - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009/09/28 22:16:16 | 009,347,072 | ---- | M] () -- C:\Program Files\MySpace\IM\MySpaceIM.exe
PRC - [2008/12/12 13:41:18 | 005,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe
PRC - [2008/12/12 13:41:06 | 000,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2008/12/12 13:41:02 | 000,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/07/21 17:16:06 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/13 17:04:02 | 000,707,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2006/10/13 17:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2006/03/23 01:13:46 | 001,591,808 | ---- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2006/02/08 05:29:34 | 000,024,576 | R--- | M] (Mobile Action Technology Inc.) -- C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
PRC - [2004/10/01 03:18:26 | 000,192,512 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
PRC - [2004/09/23 13:22:16 | 000,106,496 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
PRC - [2004/07/29 04:34:22 | 002,551,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/07/29 03:40:18 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/05/26 22:37:27 | 000,392,704 | ---- | M] () -- C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
PRC - [2003/09/12 23:13:20 | 000,098,304 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/07 23:29:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anubis\Desktop\OTL.exe
MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2011/05/14 01:12:34 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
MOD - [2011/03/04 02:37:06 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vbscript.dll
MOD - [2010/10/01 22:06:06 | 000,039,000 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\pxstub.ppl
MOD - [2010/10/01 22:06:04 | 000,907,864 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\params.ppl
MOD - [2010/10/01 22:05:42 | 000,154,200 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\scrchpg.dll
MOD - [2010/10/01 22:05:40 | 000,170,584 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\prloader.dll
MOD - [2010/10/01 22:05:40 | 000,096,856 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\prremote.dll
MOD - [2010/10/01 22:05:34 | 000,034,392 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\klscav.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\fastprox.dll
MOD - [2008/04/13 20:12:09 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiutils.dll
MOD - [2008/04/13 20:12:08 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcomn.dll
MOD - [2008/04/13 20:12:08 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemdisp.dll
MOD - [2008/04/13 20:12:08 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemsvc.dll
MOD - [2008/04/13 20:12:08 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemprox.dll
MOD - [2008/04/13 20:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sxs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2008/12/12 13:41:18 | 005,117,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/12/12 13:41:08 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/12/12 13:41:02 | 000,060,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/02/01 18:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/13 17:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/06/18 20:14:45 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\CSCrySec.sys -- (CSCrySec)
DRV - [2009/12/14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\klbg.sys -- (KLBG)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2007/06/12 12:39:38 | 000,508,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/11 16:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/11 16:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 16:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/10/13 17:04:28 | 001,966,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2006/06/13 03:02:10 | 000,154,944 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma730c.sys -- (Ma730c)
DRV - [2006/04/13 03:42:18 | 000,102,976 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ma730pt.sys -- (Ma730Pt)
DRV - [2005/11/22 02:32:14 | 000,023,376 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ma730Vad.sys -- (Ma730Vad)
DRV - [2004/09/30 01:55:50 | 000,229,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 13:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/07/29 23:04:26 | 002,216,128 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/10 20:42:38 | 000,015,429 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sacm2A.sys -- (USBCM)
DRV - [2003/07/18 19:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/05/07 15:54:38 | 000,008,960 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc2.sys -- (PLUsbbc2)
DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 01:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?.home=ytff"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1879: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1939: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.872: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 23:41:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 14:06:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011/06/18 20:15:46 | 000,000,000 | ---D | M]

[2008/06/17 23:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Extensions
[2010/10/11 12:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\extensions
[2008/02/04 02:06:41 | 000,000,000 | ---D | M] (Firefox Companion for eBay) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2008/02/22 10:59:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/02/13 02:51:03 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/10/11 12:08:23 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/06/25 03:19:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\k33kcsh3.default\extensions
[2010/09/30 16:18:18 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\k33kcsh3.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/27 10:54:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\k33kcsh3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/23 00:26:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\k33kcsh3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/25 03:19:17 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\k33kcsh3.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/05/05 10:21:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\k33kcsh3.default\extensions\engine@conduit.com
[2008/02/13 02:51:54 | 000,000,998 | ---- | M] () -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\searchplugins\aolsearch.gif
[2008/02/13 02:51:53 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\searchplugins\aolsearch.src
[2008/02/13 02:51:49 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\searchplugins\aolsearch.xml
[2009/09/28 21:46:40 | 000,002,160 | ---- | M] () -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\searchplugins\MySpace.xml
[2011/06/21 00:36:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/15 11:23:09 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/06/21 00:36:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/18 20:17:02 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2011/06/23 23:41:50 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2011/06/21 00:35:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/11/26 22:51:04 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/05/06 19:34:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2008/03/12 23:14:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Home Theater SchSvr] C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe ()
O4 - HKLM..\Run: [MaBtSh] C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe (Mobile Action Technology Inc.)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WINREMOTE] C:\Program Files\InterVideo\Common\Bin\WinRemote.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010..\Run: [Acme.PCHButton] C:\Program Files\Help and Support Additions\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
O4 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Anubis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Anubis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/22 00:07:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/05/10 09:48:26 | 000,000,032 | ---- | M] () - L:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{117bbef8-d9ad-11dd-b257-0011d825a186}\Shell - "" = AutoRun
O33 - MountPoints2\{117bbef8-d9ad-11dd-b257-0011d825a186}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{117bbef8-d9ad-11dd-b257-0011d825a186}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{117bbefa-d9ad-11dd-b257-0011d825a186}\Shell - "" = AutoRun
O33 - MountPoints2\{117bbefa-d9ad-11dd-b257-0011d825a186}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{117bbefa-d9ad-11dd-b257-0011d825a186}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{33861dd1-35be-11dd-b0b2-0011d825a186}\Shell - "" = AutoRun
O33 - MountPoints2\{33861dd1-35be-11dd-b0b2-0011d825a186}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33861dd1-35be-11dd-b0b2-0011d825a186}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{355d89b9-6fb4-11de-b3c5-0011d825a186}\Shell\AutoRun\command - "" = M:\Launch.exe
O33 - MountPoints2\{c1bcc9a4-a4dd-11dc-aeec-0011d825a186}\Shell - "" = AutoRun
O33 - MountPoints2\{c1bcc9a4-a4dd-11dc-aeec-0011d825a186}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c1bcc9a4-a4dd-11dc-aeec-0011d825a186}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/07 23:29:03 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anubis\Desktop\OTL.exe
[2011/07/01 01:32:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Anubis\PrivacIE
[2011/06/25 13:48:10 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Anubis\Desktop\dds.scr
[2011/06/25 04:00:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2011/06/25 04:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2011/06/25 04:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/06/21 00:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/06/18 20:16:19 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2011/06/18 20:16:17 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2011/06/18 20:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch
[2011/06/18 20:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky PURE
[2011/06/18 20:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/06/18 20:14:45 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/06/18 20:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/06/18 19:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/06/18 17:46:59 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/18 17:46:53 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/18 15:36:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Anubis\IETldCache
[2011/06/18 15:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/18 15:28:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/18 15:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anubis\Local Settings\Application Data\NPE
[2011/06/16 03:03:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/15 12:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/14 00:15:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D
[2011/06/13 23:54:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/06/13 23:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/06/13 23:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2007/12/16 02:13:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Anubis\Application Data\pcouffin.sys
[2004/06/10 20:42:38 | 000,015,429 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/07 23:29:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anubis\Desktop\OTL.exe
[2011/07/07 22:18:38 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/07/07 22:17:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/07 22:17:10 | 1601,556,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/06 11:31:03 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/04 17:16:08 | 000,149,504 | ---- | M] () -- C:\Documents and Settings\Anubis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/03 01:39:08 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Anubis\Application Data\vso_ts_preview.xml
[2011/07/01 01:34:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/25 13:54:04 | 000,293,977 | ---- | M] () -- C:\Documents and Settings\Anubis\Desktop\gmer.zip
[2011/06/25 13:48:10 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Anubis\Desktop\dds.scr
[2011/06/25 13:39:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Anubis\defogger_reenable
[2011/06/25 04:00:55 | 000,001,101 | -H-- | M] () -- C:\IPH.PH
[2011/06/25 04:00:51 | 000,001,600 | ---- | M] () -- C:\Documents and Settings\Anubis\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/25 04:00:50 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/06/19 21:54:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/19 21:42:53 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/18 20:33:20 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/06/18 20:33:20 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/06/18 20:14:45 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/06/18 17:47:00 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/18 17:33:31 | 000,443,218 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/18 17:33:31 | 000,072,358 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/18 17:09:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2011/06/18 15:36:30 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Anubis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/18 15:33:38 | 000,738,462 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/06/18 15:17:44 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2011/06/10 22:18:43 | 000,162,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/08 16:43:30 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/25 13:56:38 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Anubis\Desktop\gmer.exe
[2011/06/25 13:54:03 | 000,293,977 | ---- | C] () -- C:\Documents and Settings\Anubis\Desktop\gmer.zip
[2011/06/25 13:39:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Anubis\defogger_reenable
[2011/06/25 04:00:50 | 000,001,600 | ---- | C] () -- C:\Documents and Settings\Anubis\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/25 04:00:50 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/06/19 21:41:33 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/19 21:41:33 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/18 20:16:52 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/06/18 20:16:52 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/06/18 17:09:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2011/06/18 16:51:31 | 1601,556,480 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/14 03:08:40 | 000,738,462 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/06/08 16:43:27 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2011/02/11 10:25:32 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/15 11:24:30 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/08/04 20:26:18 | 000,678,896 | ---- | C] () -- C:\Documents and Settings\Anubis\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2
[2009/04/18 16:40:08 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2008/10/10 16:50:52 | 000,030,852 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/04/22 23:22:59 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Anubis\Application Data\vso_ts_preview.xml
[2008/04/11 14:15:39 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2008/02/27 23:49:14 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2008/02/12 01:35:25 | 000,000,510 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/10 22:03:31 | 000,000,834 | -HS- | C] () -- C:\WINDOWS\System32\syibltvi.ini
[2008/02/09 22:09:19 | 000,000,654 | -HS- | C] () -- C:\WINDOWS\System32\ufppiytj.ini
[2008/02/08 21:59:01 | 000,000,414 | -HS- | C] () -- C:\WINDOWS\System32\qsycjxba.ini
[2008/02/07 18:03:30 | 000,000,654 | -HS- | C] () -- C:\WINDOWS\System32\mqaqputt.ini
[2008/02/05 23:14:22 | 000,000,594 | -HS- | C] () -- C:\WINDOWS\System32\cmfysiqk.ini
[2008/02/04 23:15:18 | 003,023,724 | -HS- | C] () -- C:\WINDOWS\System32\ugvqmwcm.ini
[2008/02/03 23:14:25 | 003,008,368 | -HS- | C] () -- C:\WINDOWS\System32\cjwjjoky.ini
[2008/02/01 21:30:45 | 003,009,264 | -HS- | C] () -- C:\WINDOWS\System32\qryorysl.ini
[2008/01/31 17:30:42 | 002,110,948 | -HS- | C] () -- C:\WINDOWS\System32\nkawlcbv.ini
[2008/01/30 22:40:32 | 002,111,532 | -HS- | C] () -- C:\WINDOWS\System32\gyatetmg.ini
[2008/01/03 22:12:44 | 001,038,424 | -HS- | C] () -- C:\WINDOWS\System32\ercxwsdl.ini
[2007/12/28 17:40:35 | 001,031,319 | -HS- | C] () -- C:\WINDOWS\System32\nbguiqpr.ini
[2007/12/27 10:51:27 | 001,031,259 | -HS- | C] () -- C:\WINDOWS\System32\sskdwgxk.ini
[2007/12/25 12:09:15 | 001,018,002 | -HS- | C] () -- C:\WINDOWS\System32\oxxflime.ini
[2007/12/23 10:28:04 | 001,018,071 | -HS- | C] () -- C:\WINDOWS\System32\tnsbwcod.ini
[2007/12/16 02:13:29 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Anubis\Application Data\pcouffin.cat
[2007/12/16 02:13:29 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Anubis\Application Data\pcouffin.inf
[2007/12/11 22:57:54 | 003,164,637 | -HS- | C] () -- C:\WINDOWS\System32\jipvmjgv.ini
[2007/12/09 16:08:12 | 000,991,384 | -HS- | C] () -- C:\WINDOWS\System32\omdposyb.ini
[2007/11/30 17:56:38 | 000,149,504 | ---- | C] () -- C:\Documents and Settings\Anubis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/27 19:50:19 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Anubis\Local Settings\Application Data\fusioncache.dat
[2007/06/12 12:08:10 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2007/03/29 10:28:05 | 000,001,364 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/01 22:35:45 | 000,004,783 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/05/31 21:44:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/05/16 19:35:56 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/05 23:39:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/01/05 23:28:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/01/03 23:02:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mdi.INI
[2006/01/03 22:59:54 | 000,000,062 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2005/12/30 00:24:52 | 000,000,761 | ---- | C] () -- C:\WINDOWS\m3jp2k.ini
[2005/12/30 00:24:52 | 000,000,702 | ---- | C] () -- C:\WINDOWS\mmtvmj.ini
[2005/12/30 00:24:51 | 000,000,714 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini
[2005/12/29 23:13:48 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/12/21 20:00:17 | 000,000,080 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2005/12/21 18:51:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/21 18:49:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/09/15 13:03:25 | 000,001,818 | ---- | C] () -- C:\WINDOWS\ACT_CFG.INI
[2005/09/15 13:03:16 | 000,001,299 | ---- | C] () -- C:\WINDOWS\Cpqdiag.ini
[2004/10/28 22:22:23 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/10/28 22:22:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/10/28 22:22:20 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/10/28 22:22:15 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/10/28 22:22:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/10/28 22:21:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/10/28 22:21:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/10/28 22:21:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/10/28 22:20:50 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/10/22 06:16:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/22 02:11:25 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/10/22 02:09:10 | 000,013,948 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/22 02:08:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/22 01:57:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/22 01:38:10 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/10/22 01:38:10 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/10/22 01:38:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/10/22 01:38:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/10/22 01:38:10 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/10/22 01:38:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/10/22 01:18:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/22 01:05:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2004/10/22 01:05:35 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/10/22 01:00:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/10/22 01:00:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/10/22 01:00:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/10/22 00:28:28 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/22 00:28:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/22 00:27:01 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/22 00:13:11 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/22 00:10:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/22 00:04:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/21 23:48:55 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/21 23:47:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/21 23:47:36 | 000,443,218 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/21 23:47:36 | 000,072,358 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/21 16:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/21 16:56:41 | 000,162,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/14 02:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/06/11 11:34:28 | 000,053,693 | ---- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2004/06/11 11:31:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\UNDPX2A.exe
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/04/25 14:58:08 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wrkgadm.exe

========== LOP Check ==========

[2004/10/22 01:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Intervideo
[2004/10/22 02:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2008/11/13 00:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2007/11/29 23:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/12/28 19:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2008/09/03 11:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2009/07/03 01:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2008/11/13 00:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/11 11:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 19:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/08 22:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/05/30 08:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/12/21 21:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\.bittorrent
[2008/06/27 10:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Any Video Converter
[2011/07/07 23:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Azureus
[2007/09/08 12:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Bioshock
[2010/10/11 12:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Dropbox
[2011/06/17 05:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\FrostWire
[2008/03/09 02:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Intervideo
[2006/01/06 13:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Leadertech
[2009/01/15 20:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\LimeWire
[2011/04/04 13:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Red Kawa
[2004/10/22 02:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\SampleView
[2010/09/11 20:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Tific
[2009/01/16 12:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Viewpoint
[2011/07/03 01:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Vso
[2008/03/12 19:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\WeatherBug
[2006/01/07 13:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\X10 Commander
[2006/02/22 01:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\XnView
[2008/03/10 01:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Azureus
[2004/10/22 01:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Intervideo
[2004/10/22 02:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2004/10/22 01:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Intervideo
[2004/10/22 02:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SampleView
[2007/11/19 17:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\WeatherBug
[2004/10/22 01:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.ANUBISZRO\Application Data\Intervideo
[2004/10/22 02:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.ANUBISZRO\Application Data\SampleView
[2008/01/26 15:04:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[15 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[15 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/10/21 16:55:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/10/21 16:55:57 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/10/21 16:55:57 | 000,864,256 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2004/10/22 02:31:31 | 000,000,104 | ---- | M] () -- C:\.lnk
[2004/10/22 00:07:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/11/27 17:24:32 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2011/06/18 15:17:44 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2004/08/03 17:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\CF29081.exe
[2004/08/03 17:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2008/03/14 10:37:13 | 000,018,046 | ---- | M] () -- C:\ComboFix.txt
[2004/10/22 00:07:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/04/18 12:52:28 | 000,002,927 | ---- | M] () -- C:\DrvInst (1).log
[2008/04/18 12:52:19 | 000,000,232 | ---- | M] () -- C:\DrvInst (2).log
[2008/04/18 13:10:56 | 001,802,216 | ---- | M] () -- C:\DrvInst.log
[2010/05/22 02:15:13 | 000,000,000 | ---- | M] () -- C:\DTSHDSpOut.txt
[2006/05/16 19:24:05 | 000,000,080 | ---- | M] () -- C:\FilterLog.log
[2011/07/07 22:17:10 | 1601,556,480 | -HS- | M] () -- C:\hiberfil.sys
[2004/10/22 00:27:01 | 000,000,002 | -H-- | M] () -- C:\hpbi.log
[2006/10/20 12:18:49 | 017,533,000 | ---- | M] (Microsoft Corporation) -- C:\ie7setup_mail.exe
[2008/06/08 21:06:02 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2008/04/18 13:11:00 | 000,003,080 | ---- | M] () -- C:\Install.log
[2004/10/22 00:07:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/25 04:00:55 | 000,001,101 | -H-- | M] () -- C:\IPH.PH
[2010/10/12 23:36:59 | 000,000,767 | ---- | M] () -- C:\mmcInst.log
[2004/10/22 00:07:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 17:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/01 20:51:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/07 22:17:03 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2002/09/19 12:41:54 | 000,000,121 | ---- | M] () -- C:\QC.TXT
[2009/08/09 09:43:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/08/11 11:09:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/08/31 02:07:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/09/01 01:43:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/09/05 02:23:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/09/06 11:41:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/09/11 11:49:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/09/12 00:59:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/09/22 02:52:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/09/24 01:08:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/09/30 01:24:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/10/01 02:02:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/10/02 02:11:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/10/03 02:32:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/10/15 01:50:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/11/10 03:17:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/07/31 02:21:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/09/29 02:25:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/08/03 13:01:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/08/06 09:25:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/08/06 09:25:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/08/09 09:43:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/08/11 11:09:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/08/31 02:07:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/09/01 01:43:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/09/05 02:23:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/09/06 11:41:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/09/11 11:49:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/09/12 00:59:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/09/22 02:52:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/09/29 02:25:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/09/30 01:24:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/10/01 02:02:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/10/02 02:11:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/10/03 02:32:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/10/15 01:50:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/11/10 03:17:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/09/24 01:08:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/07/31 02:21:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/08/03 13:01:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2007/02/03 13:49:57 | 000,060,647 | -HS- | M] () -- C:\vm404.log
[2007/11/30 00:40:26 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >

OTL Extras log:


OTL logfile created on: 7/7/2011 11:43:45 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Anubis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 34.81% Memory free
3.34 Gb Paging File | 2.55 Gb Available in Paging File | 76.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.77 Gb Total Space | 6.32 Gb Free Space | 4.40% Space Free | Partition Type: NTFS
Drive D: | 5.26 Gb Total Space | 0.68 Gb Free Space | 13.01% Space Free | Partition Type: FAT32
Drive L: | 232.88 Gb Total Space | 0.69 Gb Free Space | 0.30% Space Free | Partition Type: NTFS

Computer Name: ANUBISZRO | User Name: Anubis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/07 23:29:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anubis\Desktop\OTL.exe
PRC - [2011/06/23 23:41:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/20 14:48:04 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe
PRC - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009/09/28 22:16:16 | 009,347,072 | ---- | M] () -- C:\Program Files\MySpace\IM\MySpaceIM.exe
PRC - [2008/12/12 13:41:18 | 005,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe
PRC - [2008/12/12 13:41:06 | 000,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2008/12/12 13:41:02 | 000,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/07/21 17:16:06 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/13 17:04:02 | 000,707,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2006/10/13 17:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2006/03/23 01:13:46 | 001,591,808 | ---- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2006/02/08 05:29:34 | 000,024,576 | R--- | M] (Mobile Action Technology Inc.) -- C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
PRC - [2004/10/01 03:18:26 | 000,192,512 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
PRC - [2004/09/23 13:22:16 | 000,106,496 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
PRC - [2004/07/29 04:34:22 | 002,551,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/07/29 03:40:18 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/05/26 22:37:27 | 000,392,704 | ---- | M] () -- C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
PRC - [2003/09/12 23:13:20 | 000,098,304 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/07 23:29:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anubis\Desktop\OTL.exe
MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2011/05/14 01:12:34 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
MOD - [2011/03/04 02:37:06 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vbscript.dll
MOD - [2010/10/01 22:06:06 | 000,039,000 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\pxstub.ppl
MOD - [2010/10/01 22:06:04 | 000,907,864 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\params.ppl
MOD - [2010/10/01 22:05:42 | 000,154,200 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\scrchpg.dll
MOD - [2010/10/01 22:05:40 | 000,170,584 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\prloader.dll
MOD - [2010/10/01 22:05:40 | 000,096,856 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\prremote.dll
MOD - [2010/10/01 22:05:34 | 000,034,392 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\klscav.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\fastprox.dll
MOD - [2008/04/13 20:12:09 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiutils.dll
MOD - [2008/04/13 20:12:08 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcomn.dll
MOD - [2008/04/13 20:12:08 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemdisp.dll
MOD - [2008/04/13 20:12:08 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemsvc.dll
MOD - [2008/04/13 20:12:08 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemprox.dll
MOD - [2008/04/13 20:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sxs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2008/12/12 13:41:18 | 005,117,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/12/12 13:41:08 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/12/12 13:41:02 | 000,060,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/02/01 18:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/13 17:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/06/18 20:14:45 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\CSCrySec.sys -- (CSCrySec)
DRV - [2009/12/14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\klbg.sys -- (KLBG)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2007/06/12 12:39:38 | 000,508,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/11 16:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/11 16:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 16:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/10/13 17:04:28 | 001,966,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2006/06/13 03:02:10 | 000,154,944 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma730c.sys -- (Ma730c)
DRV - [2006/04/13 03:42:18 | 000,102,976 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ma730pt.sys -- (Ma730Pt)
DRV - [2005/11/22 02:32:14 | 000,023,376 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ma730Vad.sys -- (Ma730Vad)
DRV - [2004/09/30 01:55:50 | 000,229,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 13:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/07/29 23:04:26 | 002,216,128 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/10 20:42:38 | 000,015,429 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sacm2A.sys -- (USBCM)
DRV - [2003/07/18 19:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/05/07 15:54:38 | 000,008,960 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc2.sys -- (PLUsbbc2)
DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 01:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?.home=ytff"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1879: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1939: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.872: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 23:41:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 14:06:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011/06/18 20:15:46 | 000,000,000 | ---D | M]

[2008/06/17 23:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Extensions
[2010/10/11 12:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\extensions
[2008/02/04 02:06:41 | 000,000,000 | ---D | M] (Firefox Companion for eBay) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2008/02/22 10:59:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/02/13 02:51:03 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/10/11 12:08:23 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/06/25 03:19:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\k33kcsh3.default\extensions
[2010/09/30 16:18:18 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\k33kcsh3.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/27 10:54:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\k33kcsh3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/23 00:26:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\k33kcsh3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/25 03:19:17 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\k33kcsh3.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/05/05 10:21:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\k33kcsh3.default\extensions\engine@conduit.com
[2008/02/13 02:51:54 | 000,000,998 | ---- | M] () -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\searchplugins\aolsearch.gif
[2008/02/13 02:51:53 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\searchplugins\aolsearch.src
[2008/02/13 02:51:49 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\searchplugins\aolsearch.xml
[2009/09/28 21:46:40 | 000,002,160 | ---- | M] () -- C:\Documents and Settings\Anubis\Application Data\Mozilla\Firefox\Profiles\jbhq6swm.default\searchplugins\MySpace.xml
[2011/06/21 00:36:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/15 11:23:09 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/06/21 00:36:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/18 20:17:02 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2011/06/23 23:41:50 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2011/06/21 00:35:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/11/26 22:51:04 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/05/06 19:34:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2008/03/12 23:14:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Home Theater SchSvr] C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe ()
O4 - HKLM..\Run: [MaBtSh] C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe (Mobile Action Technology Inc.)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WINREMOTE] C:\Program Files\InterVideo\Common\Bin\WinRemote.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010..\Run: [Acme.PCHButton] C:\Program Files\Help and Support Additions\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
O4 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2393683522-3772331330-343694863-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Anubis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Anubis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/22 00:07:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/05/10 09:48:26 | 000,000,032 | ---- | M] () - L:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{117bbef8-d9ad-11dd-b257-0011d825a186}\Shell - "" = AutoRun
O33 - MountPoints2\{117bbef8-d9ad-11dd-b257-0011d825a186}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{117bbef8-d9ad-11dd-b257-0011d825a186}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{117bbefa-d9ad-11dd-b257-0011d825a186}\Shell - "" = AutoRun
O33 - MountPoints2\{117bbefa-d9ad-11dd-b257-0011d825a186}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{117bbefa-d9ad-11dd-b257-0011d825a186}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{33861dd1-35be-11dd-b0b2-0011d825a186}\Shell - "" = AutoRun
O33 - MountPoints2\{33861dd1-35be-11dd-b0b2-0011d825a186}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33861dd1-35be-11dd-b0b2-0011d825a186}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{355d89b9-6fb4-11de-b3c5-0011d825a186}\Shell\AutoRun\command - "" = M:\Launch.exe
O33 - MountPoints2\{c1bcc9a4-a4dd-11dc-aeec-0011d825a186}\Shell - "" = AutoRun
O33 - MountPoints2\{c1bcc9a4-a4dd-11dc-aeec-0011d825a186}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c1bcc9a4-a4dd-11dc-aeec-0011d825a186}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/07 23:29:03 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anubis\Desktop\OTL.exe
[2011/07/01 01:32:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Anubis\PrivacIE
[2011/06/25 13:48:10 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Anubis\Desktop\dds.scr
[2011/06/25 04:00:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2011/06/25 04:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2011/06/25 04:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/06/21 00:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/06/18 20:16:19 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2011/06/18 20:16:17 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2011/06/18 20:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch
[2011/06/18 20:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky PURE
[2011/06/18 20:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/06/18 20:14:45 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/06/18 20:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/06/18 19:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/06/18 17:46:59 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/18 17:46:53 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/18 15:36:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Anubis\IETldCache
[2011/06/18 15:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/18 15:28:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/18 15:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anubis\Local Settings\Application Data\NPE
[2011/06/16 03:03:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/15 12:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/14 00:15:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D
[2011/06/13 23:54:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/06/13 23:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/06/13 23:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2007/12/16 02:13:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Anubis\Application Data\pcouffin.sys
[2004/06/10 20:42:38 | 000,015,429 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/07 23:29:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anubis\Desktop\OTL.exe
[2011/07/07 22:18:38 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/07/07 22:17:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/07 22:17:10 | 1601,556,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/06 11:31:03 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/04 17:16:08 | 000,149,504 | ---- | M] () -- C:\Documents and Settings\Anubis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/03 01:39:08 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Anubis\Application Data\vso_ts_preview.xml
[2011/07/01 01:34:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/25 13:54:04 | 000,293,977 | ---- | M] () -- C:\Documents and Settings\Anubis\Desktop\gmer.zip
[2011/06/25 13:48:10 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Anubis\Desktop\dds.scr
[2011/06/25 13:39:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Anubis\defogger_reenable
[2011/06/25 04:00:55 | 000,001,101 | -H-- | M] () -- C:\IPH.PH
[2011/06/25 04:00:51 | 000,001,600 | ---- | M] () -- C:\Documents and Settings\Anubis\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/25 04:00:50 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/06/19 21:54:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/19 21:42:53 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/18 20:33:20 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/06/18 20:33:20 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/06/18 20:14:45 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/06/18 17:47:00 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/18 17:33:31 | 000,443,218 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/18 17:33:31 | 000,072,358 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/18 17:09:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2011/06/18 15:36:30 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Anubis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/18 15:33:38 | 000,738,462 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/06/18 15:17:44 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2011/06/10 22:18:43 | 000,162,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/08 16:43:30 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/25 13:56:38 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Anubis\Desktop\gmer.exe
[2011/06/25 13:54:03 | 000,293,977 | ---- | C] () -- C:\Documents and Settings\Anubis\Desktop\gmer.zip
[2011/06/25 13:39:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Anubis\defogger_reenable
[2011/06/25 04:00:50 | 000,001,600 | ---- | C] () -- C:\Documents and Settings\Anubis\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/25 04:00:50 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/06/19 21:41:33 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/19 21:41:33 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/18 20:16:52 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/06/18 20:16:52 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/06/18 17:09:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2011/06/18 16:51:31 | 1601,556,480 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/14 03:08:40 | 000,738,462 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/06/08 16:43:27 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2011/02/11 10:25:32 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/15 11:24:30 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/08/04 20:26:18 | 000,678,896 | ---- | C] () -- C:\Documents and Settings\Anubis\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2
[2009/04/18 16:40:08 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2008/10/10 16:50:52 | 000,030,852 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/04/22 23:22:59 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Anubis\Application Data\vso_ts_preview.xml
[2008/04/11 14:15:39 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2008/02/27 23:49:14 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2008/02/12 01:35:25 | 000,000,510 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/10 22:03:31 | 000,000,834 | -HS- | C] () -- C:\WINDOWS\System32\syibltvi.ini
[2008/02/09 22:09:19 | 000,000,654 | -HS- | C] () -- C:\WINDOWS\System32\ufppiytj.ini
[2008/02/08 21:59:01 | 000,000,414 | -HS- | C] () -- C:\WINDOWS\System32\qsycjxba.ini
[2008/02/07 18:03:30 | 000,000,654 | -HS- | C] () -- C:\WINDOWS\System32\mqaqputt.ini
[2008/02/05 23:14:22 | 000,000,594 | -HS- | C] () -- C:\WINDOWS\System32\cmfysiqk.ini
[2008/02/04 23:15:18 | 003,023,724 | -HS- | C] () -- C:\WINDOWS\System32\ugvqmwcm.ini
[2008/02/03 23:14:25 | 003,008,368 | -HS- | C] () -- C:\WINDOWS\System32\cjwjjoky.ini
[2008/02/01 21:30:45 | 003,009,264 | -HS- | C] () -- C:\WINDOWS\System32\qryorysl.ini
[2008/01/31 17:30:42 | 002,110,948 | -HS- | C] () -- C:\WINDOWS\System32\nkawlcbv.ini
[2008/01/30 22:40:32 | 002,111,532 | -HS- | C] () -- C:\WINDOWS\System32\gyatetmg.ini
[2008/01/03 22:12:44 | 001,038,424 | -HS- | C] () -- C:\WINDOWS\System32\ercxwsdl.ini
[2007/12/28 17:40:35 | 001,031,319 | -HS- | C] () -- C:\WINDOWS\System32\nbguiqpr.ini
[2007/12/27 10:51:27 | 001,031,259 | -HS- | C] () -- C:\WINDOWS\System32\sskdwgxk.ini
[2007/12/25 12:09:15 | 001,018,002 | -HS- | C] () -- C:\WINDOWS\System32\oxxflime.ini
[2007/12/23 10:28:04 | 001,018,071 | -HS- | C] () -- C:\WINDOWS\System32\tnsbwcod.ini
[2007/12/16 02:13:29 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Anubis\Application Data\pcouffin.cat
[2007/12/16 02:13:29 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Anubis\Application Data\pcouffin.inf
[2007/12/11 22:57:54 | 003,164,637 | -HS- | C] () -- C:\WINDOWS\System32\jipvmjgv.ini
[2007/12/09 16:08:12 | 000,991,384 | -HS- | C] () -- C:\WINDOWS\System32\omdposyb.ini
[2007/11/30 17:56:38 | 000,149,504 | ---- | C] () -- C:\Documents and Settings\Anubis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/27 19:50:19 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Anubis\Local Settings\Application Data\fusioncache.dat
[2007/06/12 12:08:10 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2007/03/29 10:28:05 | 000,001,364 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/01 22:35:45 | 000,004,783 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/05/31 21:44:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/05/16 19:35:56 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/05 23:39:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/01/05 23:28:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/01/03 23:02:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mdi.INI
[2006/01/03 22:59:54 | 000,000,062 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2005/12/30 00:24:52 | 000,000,761 | ---- | C] () -- C:\WINDOWS\m3jp2k.ini
[2005/12/30 00:24:52 | 000,000,702 | ---- | C] () -- C:\WINDOWS\mmtvmj.ini
[2005/12/30 00:24:51 | 000,000,714 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini
[2005/12/29 23:13:48 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/12/21 20:00:17 | 000,000,080 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2005/12/21 18:51:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/21 18:49:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/09/15 13:03:25 | 000,001,818 | ---- | C] () -- C:\WINDOWS\ACT_CFG.INI
[2005/09/15 13:03:16 | 000,001,299 | ---- | C] () -- C:\WINDOWS\Cpqdiag.ini
[2004/10/28 22:22:23 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/10/28 22:22:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/10/28 22:22:20 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/10/28 22:22:15 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/10/28 22:22:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/10/28 22:21:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/10/28 22:21:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/10/28 22:21:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/10/28 22:20:50 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/10/22 06:16:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/22 02:11:25 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/10/22 02:09:10 | 000,013,948 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/22 02:08:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/22 01:57:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/22 01:38:10 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/10/22 01:38:10 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/10/22 01:38:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/10/22 01:38:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/10/22 01:38:10 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/10/22 01:38:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/10/22 01:18:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/22 01:05:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2004/10/22 01:05:35 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/10/22 01:00:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/10/22 01:00:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/10/22 01:00:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/10/22 00:28:28 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/22 00:28:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/22 00:27:01 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/22 00:13:11 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/22 00:10:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/22 00:04:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/21 23:48:55 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/21 23:47:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/21 23:47:36 | 000,443,218 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/21 23:47:36 | 000,072,358 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/21 16:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/21 16:56:41 | 000,162,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/14 02:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/06/11 11:34:28 | 000,053,693 | ---- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2004/06/11 11:31:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\UNDPX2A.exe
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/04/25 14:58:08 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wrkgadm.exe

========== LOP Check ==========

[2004/10/22 01:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Intervideo
[2004/10/22 02:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2008/11/13 00:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2007/11/29 23:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/12/28 19:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2008/09/03 11:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2009/07/03 01:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2008/11/13 00:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/11 11:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 19:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/08 22:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/05/30 08:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/12/21 21:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\.bittorrent
[2008/06/27 10:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Any Video Converter
[2011/07/07 23:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Azureus
[2007/09/08 12:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Bioshock
[2010/10/11 12:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Dropbox
[2011/06/17 05:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\FrostWire
[2008/03/09 02:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Intervideo
[2006/01/06 13:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Leadertech
[2009/01/15 20:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\LimeWire
[2011/04/04 13:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Red Kawa
[2004/10/22 02:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\SampleView
[2010/09/11 20:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Tific
[2009/01/16 12:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Viewpoint
[2011/07/03 01:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\Vso
[2008/03/12 19:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\WeatherBug
[2006/01/07 13:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\X10 Commander
[2006/02/22 01:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anubis\Application Data\XnView
[2008/03/10 01:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Azureus
[2004/10/22 01:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Intervideo
[2004/10/22 02:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2004/10/22 01:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Intervideo
[2004/10/22 02:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SampleView
[2007/11/19 17:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\WeatherBug
[2004/10/22 01:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.ANUBISZRO\Application Data\Intervideo
[2004/10/22 02:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.ANUBISZRO\Application Data\SampleView
[2008/01/26 15:04:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[15 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[15 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/10/21 16:55:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/10/21 16:55:57 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/10/21 16:55:57 | 000,864,256 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2004/10/22 02:31:31 | 000,000,104 | ---- | M] () -- C:\.lnk
[2004/10/22 00:07:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/11/27 17:24:32 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2011/06/18 15:17:44 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2004/08/03 17:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\CF29081.exe
[2004/08/03 17:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2008/03/14 10:37:13 | 000,018,046 | ---- | M] () -- C:\ComboFix.txt
[2004/10/22 00:07:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/04/18 12:52:28 | 000,002,927 | ---- | M] () -- C:\DrvInst (1).log
[2008/04/18 12:52:19 | 000,000,232 | ---- | M] () -- C:\DrvInst (2).log
[2008/04/18 13:10:56 | 001,802,216 | ---- | M] () -- C:\DrvInst.log
[2010/05/22 02:15:13 | 000,000,000 | ---- | M] () -- C:\DTSHDSpOut.txt
[2006/05/16 19:24:05 | 000,000,080 | ---- | M] () -- C:\FilterLog.log
[2011/07/07 22:17:10 | 1601,556,480 | -HS- | M] () -- C:\hiberfil.sys
[2004/10/22 00:27:01 | 000,000,002 | -H-- | M] () -- C:\hpbi.log
[2006/10/20 12:18:49 | 017,533,000 | ---- | M] (Microsoft Corporation) -- C:\ie7setup_mail.exe
[2008/06/08 21:06:02 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2008/04/18 13:11:00 | 000,003,080 | ---- | M] () -- C:\Install.log
[2004/10/22 00:07:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/25 04:00:55 | 000,001,101 | -H-- | M] () -- C:\IPH.PH
[2010/10/12 23:36:59 | 000,000,767 | ---- | M] () -- C:\mmcInst.log
[2004/10/22 00:07:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 17:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/01 20:51:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/07 22:17:03 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2002/09/19 12:41:54 | 000,000,121 | ---- | M] () -- C:\QC.TXT
[2009/08/09 09:43:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/08/11 11:09:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/08/31 02:07:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/09/01 01:43:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/09/05 02:23:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/09/06 11:41:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/09/11 11:49:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/09/12 00:59:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/09/22 02:52:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/09/24 01:08:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/09/30 01:24:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/10/01 02:02:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/10/02 02:11:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/10/03 02:32:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/10/15 01:50:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/11/10 03:17:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/07/31 02:21:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/09/29 02:25:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/08/03 13:01:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/08/06 09:25:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/08/06 09:25:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/08/09 09:43:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/08/11 11:09:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/08/31 02:07:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/09/01 01:43:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/09/05 02:23:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/09/06 11:41:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/09/11 11:49:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/09/12 00:59:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/09/22 02:52:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/09/29 02:25:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/09/30 01:24:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/10/01 02:02:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/10/02 02:11:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/10/03 02:32:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/10/15 01:50:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/11/10 03:17:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/09/24 01:08:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/07/31 02:21:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/08/03 13:01:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2007/02/03 13:49:57 | 000,060,647 | -HS- | M] () -- C:\vm404.log
[2007/11/30 00:40:26 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >


GMER Log:


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-08 05:01:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 SAMSUNG_SP1614C rev.SW100-30
Running: gmer.exe; Driver: C:\DOCUME~1\Anubis\LOCALS~1\Temp\axriypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA8A81598]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xA8A81E18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xA8A8292E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xA8A82EA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xA8A820FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xA8A80442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xA8A82D78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xA8A8119E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xA8A82C34]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xA8A8135A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xA8A82FD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA8A84C14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xA8A81AB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xA8A82CD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xA8A84606]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xA8A80A06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xA8A80D94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xA8A82582]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xA8A855D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xA8A80ED6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA8A80F80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xA8A8238E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xA8A84698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xA8A8041E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xA8A80430]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xA8A84CC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xA8A810CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xA8A82F42]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xA8A81E9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xA8A805E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xA8A82E10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xA8A8179E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xA8A84C3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xA8A83074]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xA8A816C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xA8A8102A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xA8A80C52]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xA8A84FE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xA8A808A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xA8A8492E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xA8A80B1A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xA8A802BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xA8A833FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xA8A832C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xA8A843A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xA8A87E38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xA8A854B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xA8A80254]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xA8A82668]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xA8A81CD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xA8A83C56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xA8A84792]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xA8A85120]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xA8A8072A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xA8A85204]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xA8A8532C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xA8A84532]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xA8A81916]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xA8A8186C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xA8A84E96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xA8A819F6]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP A8A764DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP A8A768B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 16 Bytes [5A, 13, A8, A8, D2, 2F, A8, ...] {POP EDX; ADC EBP, [EAX-0x57d02d58]; TEST AL, 0x14; DEC ESP; TEST AL, 0xa8; MOV DH, 0x1a; TEST AL, 0xa8}
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [98, 46, A8, A8, 1E, 04, A8, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DC0 8050465C 8 Bytes CALL 90F8EE66
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 16 Bytes [1A, 0B, A8, A8, BC, 02, A8, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [04, 52, A8, A8, 2C, 53, A8, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
? C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[2012] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[2012] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[2012] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 38, 6D]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2888] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104A5451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2888] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104A5A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
? C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3064] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3064] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[3064] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 38, 6D]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy@imagepath \systemroot\system32\drivers\kbiwkmuhyyvvam.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy\main@aid 10002
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy\main@sid 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmuhyyvvam.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmkvkqlawo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmowkallrt.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmlqoxihqq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmktiqqujy\modules@kbiwkm.dat \systemroot\system32\kbiwkmmxewyvcn.dat

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 312560643
Disk \Device\Harddisk0\DR0 PE file @ sector 312560665

---- EOF - GMER 1.0.15 ----

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 08 July 2011 - 06:30 AM

Hello, Roberto04.

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case LimeWire, FrostWire, Vuze). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.



Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578


Viewpoint (foistware) Warning"

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.
Ask Toolbar Warning"

I see you have the Ask.Com toolbar installed. This often comes bundled with spyware and is recommended you remove.

Please see here for more information:
http://www.bleepingcomputer.com/uninstall/94/Ask-Toolbar.html

If you would like to remove it, please go to add/Remove Programs and uninstall it.
Conduit Toolbar Warning"

I see you have the a Conduit toolbar installed. This often is recognized as trackware and I recommend you remove it.

If you would like to remove it, please go to add/Remove Programs and uninstall Vuze Remote Toolbar.






Step 1


You said in your first post that you were having issues installing applications. Exactly what happened?



Step 2

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Roberto04

Roberto04
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 08 July 2011 - 10:09 PM

a week before my first post i noticed my programs like norton 360 and aim weren't opening. when i went to open them i got an error message saying "this application has failed to start because the application configuration is incorrect. reinstalling the application may fix the problem." i went ahead and tried to reinstall norton 360 and the installation program would flash twice then not open at all. then i reinstalled aim and when it finished installing i got the same error message as before.

aswMBR log:

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-08 18:24:44
-----------------------------
18:24:44.128 OS Version: Windows 5.1.2600 Service Pack 3
18:24:44.128 Number of processors: 1 586 0x401
18:24:44.128 ComputerName: ANUBISZRO UserName: Anubis
18:24:45.643 Initialize success
18:26:35.222 AVAST engine defs: 11070801
18:30:00.018 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
18:30:00.018 Disk 0 Vendor: SAMSUNG_SP1614C SW100-30 Size: 152627MB BusType: 3
18:30:02.034 Disk 0 MBR read successfully
18:30:02.034 Disk 0 MBR scan
18:30:02.034 Disk 0 unknown MBR code
18:30:04.034 Disk 0 scanning sectors +312560640
18:30:04.065 Disk 0 malicious Win32:MBRoot code @ sector 312560643 !
18:30:04.065 Disk 0 PE file @ sector 312560665 !
18:30:04.065 Disk 0 scanning C:\WINDOWS\system32\drivers
18:30:20.018 Service scanning
18:30:21.159 Disk 0 trace - called modules:
18:30:21.175 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
18:30:21.175 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5bfab8]
18:30:21.518 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a5c0d98]
18:30:24.034 AVAST engine scan C:\WINDOWS
19:25:14.643 AVAST engine scan C:\Documents and Settings\Anubis
21:23:30.143 AVAST engine scan C:\Documents and Settings\All Users
21:49:55.503 Scan finished successfully
22:47:54.190 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Anubis\Desktop\MBR.dat"
22:47:54.222 The log file has been saved successfully to "C:\Documents and Settings\Anubis\Desktop\aswMBR.txt"


aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-08 18:24:44
-----------------------------
18:24:44.128 OS Version: Windows 5.1.2600 Service Pack 3
18:24:44.128 Number of processors: 1 586 0x401
18:24:44.128 ComputerName: ANUBISZRO UserName: Anubis
18:24:45.643 Initialize success
18:26:35.222 AVAST engine defs: 11070801
18:30:00.018 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
18:30:00.018 Disk 0 Vendor: SAMSUNG_SP1614C SW100-30 Size: 152627MB BusType: 3
18:30:02.034 Disk 0 MBR read successfully
18:30:02.034 Disk 0 MBR scan
18:30:02.034 Disk 0 unknown MBR code
18:30:04.034 Disk 0 scanning sectors +312560640
18:30:04.065 Disk 0 malicious Win32:MBRoot code @ sector 312560643 !
18:30:04.065 Disk 0 PE file @ sector 312560665 !
18:30:04.065 Disk 0 scanning C:\WINDOWS\system32\drivers
18:30:20.018 Service scanning
18:30:21.159 Disk 0 trace - called modules:
18:30:21.175 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
18:30:21.175 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5bfab8]
18:30:21.518 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a5c0d98]
18:30:24.034 AVAST engine scan C:\WINDOWS
19:25:14.643 AVAST engine scan C:\Documents and Settings\Anubis
21:23:30.143 AVAST engine scan C:\Documents and Settings\All Users
21:49:55.503 Scan finished successfully
22:47:54.190 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Anubis\Desktop\MBR.dat"
22:47:54.222 The log file has been saved successfully to "C:\Documents and Settings\Anubis\Desktop\aswMBR.txt"
22:48:01.065 Disk 0 MBR read successfully
22:48:03.237 Disk 0 scanning sectors +312560640
22:48:03.331 Disk 0 malicious Win32:MBRoot code @ sector 312560643 !
22:48:03.378 Disk 0 PE file @ sector 312560665 !
22:48:03.393 Disk 0 sector 312560643 cleaned
22:48:03.393 Disk 0 sector 312560665 cleaned
22:48:03.393 Verifying disinfection
22:48:17.878 Infection fixed successfully - please reboot ASAP
22:48:27.065 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Anubis\Desktop\MBR.dat"
22:48:27.065 The log file has been saved successfully to "C:\Documents and Settings\Anubis\Desktop\aswMBR.txt"

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 09 July 2011 - 06:09 AM

Hello, Roberto04.


Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 Roberto04

Roberto04
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 09 July 2011 - 10:51 AM

the original symptoms are still present... :(

ComboFix log:

ComboFix 11-07-08.03 - Anubis 07/09/2011 11:02:07.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.804 [GMT -4:00]
Running from: c:\documents and settings\Anubis\Desktop\etavaresCF.exe
AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Anubis\Recent\If This Is The Next Mortal Kombat, Sign Us Up [Update].URL
c:\documents and settings\Anubis\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest.ANUBISZRO\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\program files\AskSearch\bin\DeFAultsearch.dll
c:\windows\system32\cjwjjoky.ini
c:\windows\system32\cmfysiqk.ini
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ercxwsdl.ini
c:\windows\system32\gyatetmg.ini
c:\windows\system32\jipvmjgv.ini
c:\windows\system32\mqaqputt.ini
c:\windows\system32\nbguiqpr.ini
c:\windows\system32\nkawlcbv.ini
c:\windows\system32\omdposyb.ini
c:\windows\system32\oxxflime.ini
c:\windows\system32\ps2.bat
c:\windows\system32\qryorysl.ini
c:\windows\system32\qsycjxba.ini
c:\windows\system32\sskdwgxk.ini
c:\windows\system32\syibltvi.ini
c:\windows\system32\tnsbwcod.ini
c:\windows\system32\ufppiytj.ini
c:\windows\system32\ugvqmwcm.ini
c:\windows\vb.ini
L:\autorun.inf
L:\install.exe
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-09 to 2011-07-09 )))))))))))))))))))))))))))))))
.
.
2011-07-09 15:12 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2011-07-09 15:12 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-07-01 05:32 . 2011-07-01 05:32 -------- d-sh--w- c:\documents and settings\Anubis\PrivacIE
2011-06-25 08:00 . 2011-06-25 08:00 -------- d-----w- c:\program files\AIM
2011-06-25 08:00 . 2011-06-25 08:00 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-06-24 03:41 . 2011-06-24 03:41 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 03:41 . 2011-06-24 03:41 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-21 04:36 . 2011-06-21 04:35 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-21 04:36 . 2011-06-21 04:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-21 04:36 . 2011-06-21 04:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-20 01:51 . 2011-06-20 01:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-19 00:17 . 2010-10-02 02:05 162392 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-06-19 00:16 . 2011-06-19 00:33 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-06-19 00:16 . 2011-06-19 00:33 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-06-19 00:16 . 2009-12-14 16:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-06-19 00:16 . 2009-12-14 16:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-06-19 00:15 . 2011-06-19 00:15 -------- d-----w- c:\program files\Common Files\InfoWatch
2011-06-19 00:15 . 2011-06-19 00:15 -------- d-----w- c:\program files\Kaspersky Lab
2011-06-19 00:05 . 2011-06-19 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2011-06-18 23:20 . 2011-06-18 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-06-18 21:46 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-18 21:46 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-18 19:36 . 2011-06-18 19:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-06-18 19:36 . 2011-06-18 19:36 -------- d-sh--w- c:\documents and settings\Anubis\IETldCache
2011-06-18 19:33 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-06-18 19:31 . 2011-04-25 16:11 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-18 19:31 . 2011-04-25 16:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-18 19:31 . 2011-04-25 16:11 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-18 19:28 . 2011-06-18 19:30 -------- dc-h--w- c:\windows\ie8
2011-06-18 19:05 . 2011-06-18 19:17 -------- d-----w- c:\documents and settings\Anubis\Local Settings\Application Data\NPE
2011-06-16 07:03 . 2011-06-16 07:23 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-16 02:13 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-14 03:54 . 2011-06-14 07:13 -------- d-----w- c:\windows\system32\drivers\N360
2011-06-14 03:54 . 2011-06-18 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-06-10 17:16 . 2011-06-10 17:16 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-08 20:43 . 2011-06-08 20:43 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2011-05-10 12:06 . 2009-05-30 12:53 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06 . 2009-05-30 12:53 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-02 15:31 . 2004-10-29 02:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-10-29 02:22 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-10-29 02:21 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-10-29 02:23 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-10-29 02:21 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-10-29 02:21 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-10-29 02:21 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-10-29 02:22 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-24 03:41 . 2011-05-06 23:34 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 02:47 . 2008-04-21 06:19 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
.
c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-02 02:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
"Acme.PCHButton"="c:\progra~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe" [2004-10-22 159744]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"Aim"="c:\program files\AIM\aim.exe" [2011-05-03 4321112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-10-22 180269]
"Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-09-23 106496]
"WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2004-10-01 192512]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"SoundMan"="SOUNDMAN.EXE" [2004-07-29 77824]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-29 2551808]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"LWBKEYBOARD"="c:\program files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe" [2004-05-27 392704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"MaBtSh"="c:\program files\Mobile Action\Bluetooth Manager\MaBtSh.exe" [2006-02-08 24576]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-02 348760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [6/18/2011 8:16 PM 88632]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [11/27/2007 6:26 PM 24971]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [6/18/2011 8:16 PM 39352]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [12/21/2009 5:34 PM 743992]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\drivers\ma730pt.sys [4/18/2008 12:52 PM 102976]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\drivers\Ma730Vad.sys [4/18/2008 12:52 PM 23376]
S3 cpqdiag;Compaq Diagnostics;c:\windows\system32\drivers\cpqdiag.sys --> c:\windows\system32\drivers\cpqdiag.sys [?]
S3 Ma730c;MA730 Bluetooth Core Driver;c:\windows\system32\drivers\ma730c.sys [4/18/2008 12:52 PM 154944]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/18/2011 5:46 PM 39984]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [6/12/2007 12:39 PM 508416]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [10/17/2010 8:34 PM 8960]
.
Contents of the 'Scheduled Tasks' folder
.
2009-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2008-01-26 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2004-08-13 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 167.206.254.2 167.206.254.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\Anubis\Application Data\Mozilla\Firefox\Profiles\k33kcsh3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Notify-AtiExtEvent - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-09 11:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4080)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-07-09 11:29:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-09 15:28
ComboFix2.txt 2008-03-14 14:37
.
Pre-Run: 6,561,808,384 bytes free
Post-Run: 12,157,509,632 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 12802BBA7E0F8A46BADC933D16C402E5

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 09 July 2011 - 04:16 PM

Hello, Roberto04.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

file::
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
c:\windows\system32\ConduitEngine.tmp
c:\documents and settings\All Users\Application Data\atscie.msi
FCopy::
c:\windows\system32\dllcache\beep.sys | c:\windows\System32\drivers\beep.sys
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=-
DDS::
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 Roberto04

Roberto04
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 10 July 2011 - 12:05 AM

ComboFix 11-07-09.03 - Anubis 07/10/2011 0:44.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.1050 [GMT -4:00]
Running from: c:\documents and settings\Anubis\Desktop\etavaresCF.exe
Command switches used :: c:\documents and settings\Anubis\Desktop\CFScript.txt
AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
FILE ::
"c:\documents and settings\All Users\Application Data\atscie.msi"
"C:\sqmdata00.sqm"
"C:\sqmdata01.sqm"
"C:\sqmdata02.sqm"
"C:\sqmdata03.sqm"
"C:\sqmdata04.sqm"
"C:\sqmdata05.sqm"
"C:\sqmdata06.sqm"
"C:\sqmdata07.sqm"
"C:\sqmdata08.sqm"
"C:\sqmdata09.sqm"
"C:\sqmdata10.sqm"
"C:\sqmdata11.sqm"
"C:\sqmdata12.sqm"
"C:\sqmdata13.sqm"
"C:\sqmdata14.sqm"
"C:\sqmdata15.sqm"
"C:\sqmdata16.sqm"
"C:\sqmdata17.sqm"
"C:\sqmdata18.sqm"
"C:\sqmdata19.sqm"
"C:\sqmnoopt00.sqm"
"C:\sqmnoopt01.sqm"
"C:\sqmnoopt02.sqm"
"C:\sqmnoopt03.sqm"
"C:\sqmnoopt04.sqm"
"C:\sqmnoopt05.sqm"
"C:\sqmnoopt06.sqm"
"C:\sqmnoopt07.sqm"
"C:\sqmnoopt08.sqm"
"C:\sqmnoopt09.sqm"
"C:\sqmnoopt10.sqm"
"C:\sqmnoopt11.sqm"
"C:\sqmnoopt12.sqm"
"C:\sqmnoopt13.sqm"
"C:\sqmnoopt14.sqm"
"C:\sqmnoopt15.sqm"
"C:\sqmnoopt16.sqm"
"C:\sqmnoopt17.sqm"
"C:\sqmnoopt18.sqm"
"C:\sqmnoopt19.sqm"
"c:\windows\system32\ConduitEngine.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\atscie.msi
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
c:\windows\system32\$winnt$.inf
c:\windows\system32\ConduitEngine.tmp
L:\Autorun.inf
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\beep.sys --> c:\windows\System32\drivers\beep.sys
.
((((((((((((((((((((((((( Files Created from 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))))
.
.
2011-07-10 04:44 . 2004-08-03 21:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2011-07-10 04:44 . 2004-08-03 21:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2011-07-10 04:42 . 2011-07-10 04:42 -------- d-----w- C:\etavaresCF
2011-07-09 15:48 . 2011-07-09 15:48 -------- d-----w- c:\program files\NortonInstaller
2011-07-09 15:43 . 2011-07-09 15:43 -------- d-----w- c:\program files\AIM
2011-07-09 15:43 . 2011-07-09 15:43 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-07-09 15:12 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2011-07-09 15:12 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-07-01 05:32 . 2011-07-01 05:32 -------- d-sh--w- c:\documents and settings\Anubis\PrivacIE
2011-06-24 03:41 . 2011-06-24 03:41 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 03:41 . 2011-06-24 03:41 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-21 04:36 . 2011-06-21 04:35 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-21 04:36 . 2011-06-21 04:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-21 04:36 . 2011-06-21 04:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-20 01:51 . 2011-06-20 01:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-19 00:17 . 2010-10-02 02:05 162392 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-06-19 00:16 . 2011-06-19 00:33 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-06-19 00:16 . 2011-06-19 00:33 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-06-19 00:16 . 2009-12-14 16:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-06-19 00:16 . 2009-12-14 16:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-06-19 00:15 . 2011-06-19 00:15 -------- d-----w- c:\program files\Common Files\InfoWatch
2011-06-19 00:15 . 2011-06-19 00:15 -------- d-----w- c:\program files\Kaspersky Lab
2011-06-19 00:05 . 2011-06-19 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2011-06-18 23:20 . 2011-06-18 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-06-18 21:46 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-18 21:46 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-18 19:36 . 2011-06-18 19:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-06-18 19:36 . 2011-06-18 19:36 -------- d-sh--w- c:\documents and settings\Anubis\IETldCache
2011-06-18 19:33 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-06-18 19:31 . 2011-04-25 16:11 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-18 19:31 . 2011-04-25 16:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-18 19:31 . 2011-04-25 16:11 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-18 19:28 . 2011-06-18 19:30 -------- dc-h--w- c:\windows\ie8
2011-06-18 19:05 . 2011-06-18 19:17 -------- d-----w- c:\documents and settings\Anubis\Local Settings\Application Data\NPE
2011-06-16 07:03 . 2011-06-16 07:23 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-16 02:13 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-14 03:54 . 2011-06-14 07:13 -------- d-----w- c:\windows\system32\drivers\N360
2011-06-14 03:54 . 2011-06-18 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:06 . 2009-05-30 12:53 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06 . 2009-05-30 12:53 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-02 15:31 . 2004-10-29 02:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-10-29 02:22 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-10-29 02:21 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-10-29 02:23 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-10-29 02:21 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-10-29 02:21 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-10-29 02:21 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-10-29 02:22 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-24 03:41 . 2011-05-06 23:34 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 02:47 . 2008-04-21 06:19 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-09_15.17.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-10 04:09 . 2011-07-10 04:09 16384 c:\windows\TEMP\Perflib_Perfdata_14c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-02 02:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
"Acme.PCHButton"="c:\progra~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe" [2004-10-22 159744]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"Aim"="c:\program files\AIM\aim.exe" [2011-05-03 4321112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-10-22 180269]
"Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-09-23 106496]
"WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2004-10-01 192512]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"SoundMan"="SOUNDMAN.EXE" [2004-07-29 77824]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-29 2551808]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"LWBKEYBOARD"="c:\program files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe" [2004-05-27 392704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"MaBtSh"="c:\program files\Mobile Action\Bluetooth Manager\MaBtSh.exe" [2006-02-08 24576]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-02 348760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [6/18/2011 8:16 PM 88632]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [11/27/2007 6:26 PM 24971]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [6/18/2011 8:16 PM 39352]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [12/21/2009 5:34 PM 743992]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\drivers\ma730pt.sys [4/18/2008 12:52 PM 102976]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\drivers\Ma730Vad.sys [4/18/2008 12:52 PM 23376]
S3 cpqdiag;Compaq Diagnostics;c:\windows\system32\drivers\cpqdiag.sys --> c:\windows\system32\drivers\cpqdiag.sys [?]
S3 Ma730c;MA730 Bluetooth Core Driver;c:\windows\system32\drivers\ma730c.sys [4/18/2008 12:52 PM 154944]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/18/2011 5:46 PM 39984]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [6/12/2007 12:39 PM 508416]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [10/17/2010 8:34 PM 8960]
.
Contents of the 'Scheduled Tasks' folder
.
2009-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2008-01-26 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2004-08-13 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 167.206.254.2 167.206.254.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\Anubis\Application Data\Mozilla\Firefox\Profiles\k33kcsh3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-10 00:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-07-10 00:58:15
ComboFix-quarantined-files.txt 2011-07-10 04:58
ComboFix2.txt 2011-07-09 15:29
ComboFix3.txt 2008-03-14 14:37
.
Pre-Run: 12,066,549,760 bytes free
Post-Run: 12,051,070,976 bytes free
.
- - End Of File - - BF7B7B03BCD20F8DBBACD342FF96492B

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 10 July 2011 - 06:33 AM

Hello, Roberto04.

The logs look a bit better. How is it running now?

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 Roberto04

Roberto04
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 13 July 2011 - 12:15 AM

the computer is running the same with the same symptoms...i think i might break my computer soon with a sledgehammer -_-

Log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7071

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/13/2011 12:33:48 AM
mbam-log-2011-07-13 (00-33-48).txt

Scan type: Quick scan
Objects scanned: 213020
Time elapsed: 10 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 13 July 2011 - 05:36 PM

Hello, Roberto04.

I should also warn you that aswMBR removed a backdoor rookit infection earlier.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.




Step 1

Download and run HAMeb_check.exe
Post the contents of the resulting log.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 Roberto04

Roberto04
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 13 July 2011 - 09:51 PM

i havent done any financial transactions since i noticed the infection so everything is ok on that and ive monitored everything so i havent had no compromises with that. but yes i want to continue to try to clean out my computer with out having to reinstall the OS because i have too many things to have backed up on this computer.

Log:

C:\Documents and Settings\Anubis\My Documents\Downloads\HAMeb_check.exe
Wed 07/13/2011 at 22:43:00.20

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A14C00

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 14 July 2011 - 05:55 PM

OK, next up, please try running the attached registry fix. Please download it and save it to your desktop. Double-click to run it. It will ask you if it is OK to merge with the registry, let it do so. It should only take a second, then tell you it was successfully merged. Then, reboot and try to uninstall/reinstall one of those applications and let me know if they work now, or if you get the same error. There are a few potential causes of the error.

EDIT: of course I forgot the attachment. :)

Attached Files


Edited by etavares, 14 July 2011 - 05:56 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 Roberto04

Roberto04
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 15 July 2011 - 02:42 AM

tried it and im still getting the same errors -_-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users