Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can't update antivirus or virus removal/detection programs

Started by drmandich , Sep 09 2011 07:57 AM

This topic is locked

#1
drmandich

Posted 09 September 2011 - 07:57 AM

Member

Member
16 posts

Hello,

I have Kaspersky Antivirus on my work computer and have been unable to update it. I've tried running Spybot S&D and Malwarebytes. They are able to run, but I am not able to update them, either. I removed what those programs suggested I remove, but am still unable to update. I ran HijackThis, but I don't have the knowledge to interpret the log, so I just saved the file and can provide that if requested. I downloaded and ran OTL and am including that log, as suggested on this site. I am hoping someone can help me fix this problem.

Also, occasionally when I try to open Internet Explorer (version 8, I believe) it doesn't connect right away. It WILL connect after I run the diagnostic that pops up. I get an error message telling me to check the firewall settings for the HTTP port (80), HTTPS port (443) and FTP port ( 21). I'm not sure if this issue has anything to do with the other one, but figured I should mention it.

Thanks so much for any help you can provide,
Teresa

System:
Microsoft Windows XP
Professional
Version 2002
Service Pack 3

Computer:
AMD Sempron Processor
3000+
1.61 GHz, 960 MB of RAM

Antivirus:
Kaspersky Internet Security 11.0.2.556

OTL Log:
OTL logfile created on: 10/9/2011 9:55:57 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Internet PC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.48 Mb Total Physical Memory | 326.62 Mb Available Physical Memory | 34.04% Memory free
2.26 Gb Paging File | 1.58 Gb Available in Paging File | 70.19% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 61.02 Gb Free Space | 81.88% Space Free | Partition Type: NTFS
Drive D: | 585.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REGISTER-F115W6 | User Name: Internet PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/09 09:53:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Internet PC\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/10/05 20:26:46 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2010/10/05 20:26:52 | 002,111,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avzkrnl.dll
MOD - [2006/10/31 01:35:00 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2008/04/07 18:15:13 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/07/06 15:48:24 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/12/30 11:59:18 | 006,290,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2006/08/14 14:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/11 08:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 08:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/04 16:20:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 90 A5 47 D0 14 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/07/06 16:08:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/07/06 16:08:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/07/06 16:08:30 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe (Safer-Networking Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1184779823453 (WUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D996C8DC-DE76-4D64-8CDD-9AF9D0870ABC}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS
O24 - Desktop BackupWallPaper: C:\WINDOWS
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/18 23:32:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/04/19 11:53:26 | 000,077,824 | R--- | M] (Hewlett Packard) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/06/23 13:13:31 | 000,326,911 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/09 09:53:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Internet PC\Desktop\OTL.exe
[2011/10/09 09:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet PC\Local Settings\Application Data\PackageAware
[2011/10/09 09:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/09 09:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet PC\Start Menu\Programs\HiJackThis
[2011/09/19 15:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/19 15:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy2
[2011/09/19 14:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet PC\Desktop\clutter
[2011/09/17 15:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2011/09/17 15:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2011/09/17 15:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2011/09/17 15:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet PC\Application Data\Malwarebytes
[2011/09/17 15:32:19 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/17 15:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/17 15:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/17 15:32:12 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/17 15:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/09 10:03:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A18DA3C4-7EAB-49D8-9A5C-7E3F6182AFDE}.job
[2011/10/09 09:53:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Internet PC\Desktop\OTL.exe
[2011/10/09 09:22:15 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\HiJackThis.lnk
[2011/10/09 08:16:08 | 000,227,894 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\error.bmp
[2011/10/09 07:53:53 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2AD4D6C2-DBB4-4E8F-91C3-5707B6ACF349}.job
[2011/10/09 03:17:32 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/09 03:17:05 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/09 03:16:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/08 10:30:15 | 000,000,031 | ---- | M] () -- C:\WINDOWS\bluevoda.ini
[2011/09/24 03:00:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/19 15:56:29 | 000,018,885 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\general_pain_sore_back-300x300.jpg
[2011/09/19 15:13:48 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Internet PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/19 15:13:48 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\Spybot - Search & Destroy.lnk
[2011/09/19 15:10:32 | 000,001,065 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\Install Spybot - Search & Destroy.lnk
[2011/09/17 15:32:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/09 09:18:32 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\HiJackThis.lnk
[2011/10/09 08:16:07 | 000,227,894 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\error.bmp
[2011/09/19 15:56:41 | 000,018,885 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\general_pain_sore_back-300x300.jpg
[2011/09/19 15:13:48 | 000,000,958 | ---- | C] () -- C:\Documents and Settings\Internet PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/19 15:10:32 | 000,001,065 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\Install Spybot - Search & Destroy.lnk
[2011/09/19 14:50:58 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\Spybot - Search & Destroy.lnk
[2011/09/17 15:32:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/06 15:50:33 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/07/06 15:50:33 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/06/24 09:24:04 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2011/06/10 14:21:03 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Internet PC\Local Settings\Application Data\fusioncache.dat
[2011/06/07 10:25:29 | 000,000,466 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2011/06/07 10:20:52 | 000,109,908 | ---- | C] () -- C:\WINDOWS\hppins06.dat
[2011/06/07 10:20:52 | 000,001,320 | ---- | C] () -- C:\WINDOWS\hppmdl06.dat
[2011/06/06 10:01:38 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2011/06/01 15:23:00 | 000,000,456 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/06/01 15:20:35 | 000,000,313 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2011/06/01 15:20:35 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2011/06/01 15:20:35 | 000,000,052 | ---- | C] () -- C:\WINDOWS\brpp2ka.ini
[2011/06/01 15:20:35 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011/06/01 15:20:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bw5140.ini
[2011/06/01 15:20:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/06/01 15:20:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2011/06/01 15:20:30 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2011/06/01 15:20:30 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2011/06/01 15:20:28 | 000,015,108 | ---- | C] () -- C:\WINDOWS\HL-5140.INI
[2011/06/01 15:20:04 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\BRSS01A.ini
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2008/03/26 09:02:59 | 000,000,064 | ---- | C] () -- C:\WINDOWS\REPAIR.INI
[2008/03/26 09:00:31 | 000,001,092 | ---- | C] () -- C:\WINDOWS\EMI2.INI
[2007/08/22 14:15:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/08/20 16:30:34 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/08/20 15:48:28 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/08/20 15:38:24 | 000,117,092 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/07/18 23:53:34 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/07/18 23:33:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/18 23:29:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/07/18 18:16:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/18 18:15:37 | 000,314,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/18 18:08:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/18 16:23:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/18 13:05:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/18 12:33:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/10/31 01:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 01:35:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/31 01:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 01:35:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/31 01:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 01:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 01:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 01:35:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/31 01:35:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/31 01:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 01:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/05 16:18:56 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/04/03 19:22:17 | 000,000,668 | ---- | C] () -- C:\WINDOWS\System32\hppapr05.dat
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,444,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,072,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/05/17 11:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/04/07 18:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2011/05/17 11:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/06/06 09:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/06/10 14:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2011/08/12 14:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet PC\Application Data\gtk-2.0
[2011/08/10 09:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet PC\Application Data\Softland
[2011/06/10 14:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet PC\Application Data\TweakNow PowerPack 2011
[2011/10/09 07:53:53 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2AD4D6C2-DBB4-4E8F-91C3-5707B6ACF349}.job
[2011/10/09 10:03:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A18DA3C4-7EAB-49D8-9A5C-7E3F6182AFDE}.job

========== Purity Check ==========

< End of report >

#2
Nedklaw

Posted 10 September 2011 - 10:44 AM

Trusted Helper

Malware Removal
1,652 posts

Hello, drmandich! :unsure:

I'm Nedklaw and I'll be glad to help you with your malware issues. :yes:

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for drmandich only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:

Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
Be patient with me, logs can take some time to research and my life can mean that I'm busy.
Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
Refrain from running any other tools apart from the ones I tell you to.

Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.

I am currently reviewing your log.

Step 1

Could you also post Extras.txt which should be in the same location as OTL.txt.

Step 2

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image

On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image

Things I want to see in your next reply

Extras.txt
aswMBR.txt

#3
drmandich

Posted 12 September 2011 - 08:20 AM

Member

Topic Starter
Member
16 posts

Thanks so much for helping. Here is the additional info you requested:

Here is the Extras.txt:

OTL Extras logfile created on: 10/9/2011 9:55:57 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Internet PC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.48 Mb Total Physical Memory | 326.62 Mb Available Physical Memory | 34.04% Memory free
2.26 Gb Paging File | 1.58 Gb Available in Paging File | 70.19% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 61.02 Gb Free Space | 81.88% Space Free | Partition Type: NTFS
Drive D: | 585.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REGISTER-F115W6 | User Name: Internet PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\BlueVoda Website Builder\BlueVoda.exe" = C:\Program Files\BlueVoda Website Builder\BlueVoda.exe:*:Enabled:BlueVoda Website Builder -- (VodaHost LLC)
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal -- (Lavasoft Sweden)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1C220811-048F-4D60-B42E-B86027C57372}" = LightScribe 1.4.119.1
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33EFDAD7-1686-465A-AE0A-26F22E380315}" = Product_Min_QFolder
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{39B975A6-93A3-4C71-9EAD-7BE9F9DF3D22}" = Product_Full_QFolder
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{52A73602-D30A-4CAF-A997-D7171C59637F}" = hppCLJCM1017
"{5396E5FA-91D2-46F0-A95B-D055D8077DD8}" = hppTLBXFXCM1017
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66BDF565-6A07-4407-B9D3-229D41A24B0E}" = hppscanCM1017
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6A5925BF-AC13-4A9E-A3E7-D2A6F7FBFFD2}" = hppFonts
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8C82E5F6-2C76-44CF-A23E-1356A022442E}" = hppIOFiles
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93C069D4-2F86-4570-A6DF-BFABBA1E4AFD}" = hpzTLBXFX
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6AB9F06-41A7-471A-9C4F-FC95F1129E98}" = hppManualsCM1017
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AE751709-EA28-4148-96D5-A524BBB08F05}" = hppusgCM1017
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B3B4CD34-6C20-4b28-A231-FEC55B42C579}" = c6100_Help
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8574AE5-370F-4246-A301-B85A2CC89A5E}" = C6100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EEE0E494-7023-45A5-ADA6-CE3144E703BF}" = hppScanTo
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BlueVoda_Website_Builder_1.0" = BlueVoda Website Builder SV2G
"Brother HL-5140" = Brother HL-5140
"DMX5_is1" = DriverMax 5
"HP Color LaserJet CM1015_CM1017" = HP Color LaserJet CM1015/CM1017 MFP 1.0
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"TweakNow PowerPack 2011 SP1c_is1" = TweakNow PowerPack 2011 SP1c
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Search Defender" = Yahoo! Search Protection

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/14/2008 12:10:48 PM | Computer Name = REGISTER-F115W6 | Source = Application Hang | ID = 1002
Description = Hanging application msiutil2.exe, version 2.0.6811.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2008 12:10:49 PM | Computer Name = REGISTER-F115W6 | Source = Application Hang | ID = 1002
Description = Hanging application msiutil2.exe, version 2.0.6811.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2008 12:10:58 PM | Computer Name = REGISTER-F115W6 | Source = Application Hang | ID = 1001
Description = Fault bucket 135848214.

Error - 5/14/2008 12:11:01 PM | Computer Name = REGISTER-F115W6 | Source = Application Hang | ID = 1001
Description = Fault bucket 135848214.

Error - 5/14/2008 12:11:02 PM | Computer Name = REGISTER-F115W6 | Source = Application Hang | ID = 1001
Description = Fault bucket 135848214.

Error - 5/17/2011 4:35:20 PM | Computer Name = REGISTER-F115W6 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8107.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 5/22/2011 3:27:45 AM | Computer Name = REGISTER-F115W6 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8107.0, P4
0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 6/9/2011 9:08:08 AM | Computer Name = REGISTER-F115W6 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/10/2011 3:07:38 PM | Computer Name = REGISTER-F115W6 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/10/2011 3:07:38 PM | Computer Name = REGISTER-F115W6 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/1/2011 10:29:47 AM | Computer Name = REGISTER-F115W6 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/7/2011 11:18:32 AM | Computer Name = REGISTER-F115W6 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/7/2011 11:18:32 AM | Computer Name = REGISTER-F115W6 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/7/2011 11:18:48 AM | Computer Name = REGISTER-F115W6 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/7/2011 11:18:48 AM | Computer Name = REGISTER-F115W6 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/9/2011 4:17:27 AM | Computer Name = REGISTER-F115W6 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/9/2011 4:17:27 AM | Computer Name = REGISTER-F115W6 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/9/2011 4:17:43 AM | Computer Name = REGISTER-F115W6 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/9/2011 4:17:43 AM | Computer Name = REGISTER-F115W6 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/9/2011 9:10:54 AM | Computer Name = REGISTER-F115W6 | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -2678428 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.1.100:123->65.55.10.64:123) is working
properly.

< End of report >

=============================================================================================

And here is the logfile from aswMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-13 09:07:18
-----------------------------
09:07:18.328 OS Version: Windows 5.1.2600 Service Pack 3
09:07:18.328 Number of processors: 1 586 0x4F02
09:07:18.343 ComputerName: REGISTER-F115W6 UserName: Internet PC
09:07:39.687 Initialize success
09:07:55.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
09:07:55.843 Disk 0 Vendor: ST380815AS 3.AAC Size: 76318MB BusType: 3
09:07:57.859 Disk 0 MBR read successfully
09:07:57.859 Disk 0 MBR scan
09:07:57.859 Disk 0 Windows XP default MBR code
09:07:57.859 Disk 0 scanning sectors +156280320
09:07:57.937 Disk 0 scanning C:\WINDOWS\system32\drivers
09:08:05.015 Service scanning
09:08:05.546 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
09:08:05.546 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
09:08:05.546 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
09:08:05.562 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
09:08:06.250 Modules scanning
09:08:12.609 Disk 0 trace - called modules:
09:08:13.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
09:08:13.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86007ab8]
09:08:13.125 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000058[0x8602f900]
09:08:13.125 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\00000057[0x86007030]
09:08:13.125 Scan finished successfully
09:17:10.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Internet PC\Desktop\MBR.dat"
09:17:10.187 The log file has been saved successfully to "C:\Documents and Settings\Internet PC\Desktop\aswMBR.txt"

#4
Nedklaw

Posted 12 September 2011 - 03:31 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

Step 1

We need to disable Spybot S&D's "TeaTimer".

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can re-enable it when we're done if you like.

Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
If prompted with a legal dialog, accept the warning.
Click Mode and then on "Advanced Mode".
You may be presented with a warning dialog. If so, press Yes.
Click on
Click on
Uncheck these checkboxes:
Close/Exit Spybot Search and Destroy.

Step 2

Please uninstall the following programs via Control Panel > Add/Remove Programs (if present):

Microsoft Security Essentials

Step 3

Please could you run the following AV removal tools:

AVG Removal Tool

Download the AVG Removal Tool to your desktop.

Run the tool to remove AVG.

After this, please restart your computer.

Microsoft Security Essentials Removal Tool

Download the Microsoft Security Essentials Removal Tool and save it to your Desktop.
Start Windows in Safe Mode.
Open the uninstall utility.
Click Run, and then click Continue.
Read the licensing agreement. If you agree to it, click I accept the terms of the End User Licensing Agreement, and then click Continue.
Click Clean.
After the clean-up tool finishes, click Restart Now.

Step 4

Run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL 
SRV - [2008/04/07 18:15:13 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2008/03/26 09:02:59 | 000,000,064 | ---- | C] () -- C:\WINDOWS\REPAIR.INI
[2008/03/26 09:00:31 | 000,001,092 | ---- | C] () -- C:\WINDOWS\EMI2.INI
[2008/04/07 18:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=-

:Files
ipconfig /flushdns /c
C:\Program Files\Common Files\BOONTY Shared

:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH]
[CREATERESTOREPOINT] 
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post the log that appears upon reboot in your next reply.
Open OTL again and select the "Scan All Users" box.
Click the Quick Scan button. Post the log it produces in your next reply.

Step 5

Go to Control Panel and select Internet Options.
Select the Connections TAB.
Select LAN settings button.
Ensure there is no tick in the Proxy Server box.
Select OK and restart Internet Explorer.

Things I want to see in your next reply

OTL Fix Log
OTL.txt

#5
drmandich

Posted 13 September 2011 - 08:30 AM

Member

Topic Starter
Member
16 posts

I got as far as Step 4 with no problems.

I opened OTL and pasted the info in the box, as instructed, and clicked "Run Fix". A box popped up that said, "Cannot create file C:\WINDOWS\System32\drivers\etc\Hosts." The bottom of the OTL box said, "RESETTING HOSTS file. DO NOT INTERRUPT..."

I left it like that to see if anything would happen, but it never did. When I restarted, a notepad box popped up, but only said:

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

What do I do next?
Thanks,
Teresa

#6
Nedklaw

Posted 13 September 2011 - 01:56 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

Lets run a different fix.

Step 1

Run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL  
SRV - [2008/04/07 18:15:13 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games) 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4 - HKLM..\Run: [] File not found 
[2008/03/26 09:02:59 | 000,000,064 | ---- | C] () -- C:\WINDOWS\REPAIR.INI 
[2008/03/26 09:00:31 | 000,001,092 | ---- | C] () -- C:\WINDOWS\EMI2.INI 
[2008/04/07 18:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY 
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] 
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]  
 
:Reg 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] 
"DisableMonitoring"=- 
 
:Files 
ipconfig /flushdns /c 
C:\Program Files\Common Files\BOONTY Shared 
 
:Commands  
[purity]  
[emptytemp]  
[EMPTYFLASH] 
[CREATERESTOREPOINT]  
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post the log that appears upon reboot in your next reply.
Open OTL again and select the "Scan All Users" box.
Click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Proceed with Step 5 in my previous post.

Things I want to see in your next reply

OTL Fix Log
OTL.txt

#7
drmandich

Posted 14 September 2011 - 07:49 AM

Member

Topic Starter
Member
16 posts

Here are the two logs you requested:

All processes killed
========== OTL ==========
Error: No service named Boonty Games was found to stop!
Service\Driver key Boonty Games not found.
File C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File C:\WINDOWS\REPAIR.INI not found.
File C:\WINDOWS\EMI2.INI not found.
Folder C:\Documents and Settings\All Users\Application Data\BOONTY\ not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Internet PC\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Internet PC\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\Common Files\BOONTY Shared not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Internet PC
->Temp folder emptied: 4037240 bytes
->Temporary Internet Files folder emptied: 17805161 bytes
->Flash cache emptied: 470 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 391364 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 395531 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 117562588 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 116412 bytes
RecycleBin emptied: 746046 bytes

Total Files Cleaned = 135.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Internet PC
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.27.0 log created on 10152011_082452

Files\Folders moved on Reboot...
C:\Documents and Settings\Internet PC\Local Settings\Temporary Internet Files\Content.IE5\I5H03HE9\ads[1].htm

moved successfully.
C:\Documents and Settings\Internet PC\Local Settings\Temporary Internet Files\Content.IE5\FF7OKXL2\ads[1].htm

moved successfully.
C:\Documents and Settings\Internet PC\Local Settings\Temporary Internet Files\Content.IE5\FF7OKXL2\ads[2].htm

moved successfully.
C:\Documents and Settings\Internet PC\Local Settings\Temporary Internet Files\Content.IE5\7Y6WYWPS\ads[1].htm

moved successfully.
C:\Documents and Settings\Internet PC\Local Settings\Temporary Internet

Files\Content.IE5\2CB61J08\page__pid__2059193[1].htm moved successfully.
C:\Documents and Settings\Internet PC\Local Settings\Temporary Internet

Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Internet PC\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
C:\WINDOWS\temp\klsBAD2.tmp moved successfully.

Registry entries deleted on Reboot...

==================================================================================

OTL logfile created on: 10/15/2011 8:33:34 AM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Internet PC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.48 Mb Total Physical Memory | 465.49 Mb Available Physical Memory | 48.51% Memory free
2.26 Gb Paging File | 1.81 Gb Available in Paging File | 80.08% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 61.58 Gb Free Space | 82.64% Space Free | Partition Type: NTFS
Drive D: | 585.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REGISTER-F115W6 | User Name: Internet PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/09 09:53:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Internet PC\Desktop\OTL.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/10/05 20:26:46 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2010/10/05 20:26:52 | 002,111,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avzkrnl.dll
MOD - [2006/10/31 01:35:00 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/07/06 15:48:24 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/12/30 11:59:18 | 006,290,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2006/08/14 14:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/11 08:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 08:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/04 16:20:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-1482476501-823518204-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKU\S-1-5-21-1482476501-823518204-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-1482476501-823518204-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1482476501-823518204-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1482476501-823518204-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 90 A5 47 D0 14 CC 01 [binary data]
IE - HKU\S-1-5-21-1482476501-823518204-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\S-1-5-21-1482476501-823518204-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/07/06 16:08:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/07/06 16:08:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/07/06 16:08:30 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-823518204-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKU\S-1-5-21-1482476501-823518204-725345543-1006\..Trusted Domains: live.com ([login] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1184779823453 (WUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D996C8DC-DE76-4D64-8CDD-9AF9D0870ABC}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS
O24 - Desktop BackupWallPaper: C:\WINDOWS
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/18 23:32:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/04/19 11:53:26 | 000,077,824 | R--- | M] (Hewlett Packard) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/06/23 13:13:31 | 000,326,911 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/15 08:32:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/10/14 08:36:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/14 08:21:52 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2011/10/13 17:04:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/10/09 09:53:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Internet PC\Desktop\OTL.exe
[2011/10/09 09:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet PC\Local Settings\Application Data\PackageAware
[2011/10/09 09:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/09 09:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet PC\Start Menu\Programs\HiJackThis
[2011/09/19 15:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/19 15:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy2
[2011/09/19 14:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet PC\Desktop\clutter
[2011/09/17 15:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2011/09/17 15:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2011/09/17 15:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2011/09/17 15:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet PC\Application Data\Malwarebytes
[2011/09/17 15:32:19 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/17 15:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/17 15:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/17 15:32:12 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/17 15:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/10/15 08:38:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A18DA3C4-7EAB-49D8-9A5C-7E3F6182AFDE}.job
[2011/10/15 08:28:30 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/15 08:28:04 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/15 08:27:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/15 06:47:28 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2AD4D6C2-DBB4-4E8F-91C3-5707B6ACF349}.job
[2011/10/13 17:04:50 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/10/13 11:08:51 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/10/13 11:08:51 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/10/13 09:17:10 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\MBR.dat
[2011/10/09 09:53:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Internet PC\Desktop\OTL.exe
[2011/10/09 09:22:15 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\HiJackThis.lnk
[2011/10/09 08:16:08 | 000,227,894 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\error.bmp
[2011/10/08 10:30:15 | 000,000,031 | ---- | M] () -- C:\WINDOWS\bluevoda.ini
[2011/09/24 03:00:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/19 15:56:29 | 000,018,885 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\general_pain_sore_back-300x300.jpg
[2011/09/19 15:13:48 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Internet PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/19 15:13:48 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\Spybot - Search & Destroy.lnk
[2011/09/19 15:10:32 | 000,001,065 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\Install Spybot - Search & Destroy.lnk
[2011/09/17 15:32:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/10/13 09:17:10 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\MBR.dat
[2011/10/09 09:18:32 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\HiJackThis.lnk
[2011/10/09 08:16:07 | 000,227,894 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\error.bmp
[2011/09/19 15:56:41 | 000,018,885 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\general_pain_sore_back-300x300.jpg
[2011/09/19 15:13:48 | 000,000,958 | ---- | C] () -- C:\Documents and Settings\Internet PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/19 15:10:32 | 000,001,065 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\Install Spybot - Search & Destroy.lnk
[2011/09/19 14:50:58 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\Spybot - Search & Destroy.lnk
[2011/09/17 15:32:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/06 15:50:33 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/07/06 15:50:33 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/06/24 09:24:04 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2011/06/10 14:21:03 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Internet PC\Local Settings\Application Data\fusioncache.dat
[2011/06/07 10:25:29 | 000,000,466 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2011/06/07 10:20:52 | 000,109,908 | ---- | C] () -- C:\WINDOWS\hppins06.dat
[2011/06/07 10:20:52 | 000,001,320 | ---- | C] () -- C:\WINDOWS\hppmdl06.dat
[2011/06/06 10:01:38 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2011/06/01 15:23:00 | 000,000,456 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/06/01 15:20:35 | 000,000,313 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2011/06/01 15:20:35 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2011/06/01 15:20:35 | 000,000,052 | ---- | C] () -- C:\WINDOWS\brpp2ka.ini
[2011/06/01 15:20:35 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011/06/01 15:20:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bw5140.ini
[2011/06/01 15:20:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/06/01 15:20:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2011/06/01 15:20:30 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2011/06/01 15:20:30 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2011/06/01 15:20:28 | 000,015,108 | ---- | C] () -- C:\WINDOWS\HL-5140.INI
[2011/06/01 15:20:04 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\BRSS01A.ini
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2007/08/22 14:15:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/08/20 16:30:34 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/08/20 15:48:28 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/08/20 15:38:24 | 000,117,092 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/07/18 23:53:34 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/07/18 23:33:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/18 23:29:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/07/18 18:16:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/18 18:15:37 | 000,314,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/18 18:08:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/18 16:23:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/18 13:05:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/18 12:33:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/10/31 01:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 01:35:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/31 01:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 01:35:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/31 01:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 01:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 01:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 01:35:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/31 01:35:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/31 01:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 01:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/05 16:18:56 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/04/03 19:22:17 | 000,000,668 | ---- | C] () -- C:\WINDOWS\System32\hppapr05.dat
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,444,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,072,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/05/17 11:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2011/05/17 11:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/06/06 09:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/06/10 14:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2011/08/12 14:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet PC\Application Data\gtk-2.0
[2011/08/10 09:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet PC\Application Data\Softland
[2011/06/10 14:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet PC\Application Data\TweakNow PowerPack 2011
[2011/08/10 09:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2011/10/15 06:47:28 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2AD4D6C2-DBB4-4E8F-91C3-5707B6ACF349}.job
[2011/10/15 08:38:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A18DA3C4-7EAB-49D8-9A5C-7E3F6182AFDE}.job

========== Purity Check ==========

< End of report >

Awaiting my next orders

Thanks,
Teresa

#8
Nedklaw

Posted 15 September 2011 - 01:39 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

Run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
[2011/05/17 11:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2011/05/17 11:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft 

:Files
ipconfig /flushdns /c

:Commands 
[purity] 
[emptytemp] 
[EMPTYFLASH]
[CREATERESTOREPOINT] 
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post the log that appears upon reboot in your next reply.
Open OTL again and select the "Scan All Users" box.
Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

OTL Fix Log
OTL.txt

#9
drmandich

Posted 16 September 2011 - 08:19 AM

Member

Topic Starter
Member
16 posts

Okay... here are the two logs you requested:

All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
C:\Documents and Settings\All Users\Application Data\Avg7 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Internet PC\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Internet PC\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Internet PC
->Temp folder emptied: 1108512 bytes
->Temporary Internet Files folder emptied: 12064083 bytes
->Flash cache emptied: 470 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 192899 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Internet PC
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.27.0 log created on 10172011_074806

Files\Folders moved on Reboot...
C:\Documents and Settings\Internet PC\Local Settings\Temporary Internet Files\Content.IE5\Q78VK5HM\ads[2].htm moved successfully.
C:\Documents and Settings\Internet PC\Local Settings\Temporary Internet Files\Content.IE5\Q78VK5HM\ads[3].htm moved successfully.
C:\Documents and Settings\Internet PC\Local Settings\Temporary Internet Files\Content.IE5\JEE8HT9B\ads[1].htm moved successfully.
C:\Documents and Settings\Internet PC\Local Settings\Temporary Internet Files\Content.IE5\JEE8HT9B\page__pid__2059193[1].txt moved successfully.
C:\Documents and Settings\Internet PC\Local Settings\Temporary Internet Files\Content.IE5\DZI2S4G7\ads[1].htm moved successfully.
C:\Documents and Settings\Internet PC\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Internet PC\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File\Folder C:\WINDOWS\temp\klsCD65.tmp not found!

Registry entries deleted on Reboot...

========================================================================================

OTL logfile created on: 10/17/2011 9:06:07 AM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Internet PC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.48 Mb Total Physical Memory | 523.09 Mb Available Physical Memory | 54.52% Memory free
2.26 Gb Paging File | 1.88 Gb Available in Paging File | 83.34% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 61.51 Gb Free Space | 82.54% Space Free | Partition Type: NTFS
Drive D: | 585.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REGISTER-F115W6 | User Name: Internet PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/09 09:53:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Internet PC\Desktop\OTL.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/10/05 20:26:46 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2010/10/05 20:26:52 | 002,111,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avzkrnl.dll
MOD - [2006/10/31 01:35:00 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/07/06 15:48:24 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/12/30 11:59:18 | 006,290,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2006/08/14 14:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/11 08:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 08:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/04 16:20:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1482476501-823518204-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKU\S-1-5-21-1482476501-823518204-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-1482476501-823518204-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1482476501-823518204-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1482476501-823518204-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 90 A5 47 D0 14 CC 01 [binary data]
IE - HKU\S-1-5-21-1482476501-823518204-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\S-1-5-21-1482476501-823518204-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/07/06 16:08:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/07/06 16:08:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/07/06 16:08:30 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-823518204-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKU\S-1-5-21-1482476501-823518204-725345543-1006\..Trusted Domains: live.com ([login] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1184779823453 (WUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D996C8DC-DE76-4D64-8CDD-9AF9D0870ABC}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS
O24 - Desktop BackupWallPaper: C:\WINDOWS
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/18 23:32:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/04/19 11:53:26 | 000,077,824 | R--- | M] (Hewlett Packard) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/06/23 13:13:31 | 000,326,911 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/14 08:36:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/14 08:21:52 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2011/10/13 17:04:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/10/09 09:53:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Internet PC\Desktop\OTL.exe
[2011/10/09 09:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet PC\Local Settings\Application Data\PackageAware
[2011/10/09 09:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/09 09:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet PC\Start Menu\Programs\HiJackThis
[2011/09/19 15:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/19 15:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy2
[2011/09/19 14:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet PC\Desktop\clutter
[2011/09/17 15:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2011/09/17 15:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2011/09/17 15:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2011/09/17 15:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet PC\Application Data\Malwarebytes
[2011/09/17 15:32:19 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/17 15:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/17 15:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/17 15:32:12 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/17 15:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/10/17 09:08:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A18DA3C4-7EAB-49D8-9A5C-7E3F6182AFDE}.job
[2011/10/17 07:57:51 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/17 07:50:04 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/17 07:49:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/17 05:26:24 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2AD4D6C2-DBB4-4E8F-91C3-5707B6ACF349}.job
[2011/10/16 08:25:52 | 000,136,486 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\pain_scale.jpg
[2011/10/16 08:25:52 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Internet PC\.recently-used.xbel
[2011/10/16 03:00:53 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/15 17:49:12 | 001,776,694 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\pain scale.bmp
[2011/10/13 17:04:50 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/10/13 11:08:51 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/10/13 11:08:51 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/10/13 09:17:10 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\MBR.dat
[2011/10/09 09:53:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Internet PC\Desktop\OTL.exe
[2011/10/09 09:22:15 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\HiJackThis.lnk
[2011/10/09 08:16:08 | 000,227,894 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\error.bmp
[2011/10/08 10:30:15 | 000,000,031 | ---- | M] () -- C:\WINDOWS\bluevoda.ini
[2011/09/19 15:56:29 | 000,018,885 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\general_pain_sore_back-300x300.jpg
[2011/09/19 15:13:48 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Internet PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/19 15:13:48 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\Spybot - Search & Destroy.lnk
[2011/09/19 15:10:32 | 000,001,065 | ---- | M] () -- C:\Documents and Settings\Internet PC\Desktop\Install Spybot - Search & Destroy.lnk
[2011/09/17 15:32:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/10/16 08:25:52 | 000,136,486 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\pain_scale.jpg
[2011/10/16 08:25:52 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Internet PC\.recently-used.xbel
[2011/10/15 17:49:12 | 001,776,694 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\pain scale.bmp
[2011/10/13 09:17:10 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\MBR.dat
[2011/10/09 09:18:32 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\HiJackThis.lnk
[2011/10/09 08:16:07 | 000,227,894 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\error.bmp
[2011/09/19 15:56:41 | 000,018,885 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\general_pain_sore_back-300x300.jpg
[2011/09/19 15:13:48 | 000,000,958 | ---- | C] () -- C:\Documents and Settings\Internet PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/19 15:10:32 | 000,001,065 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\Install Spybot - Search & Destroy.lnk
[2011/09/19 14:50:58 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\Internet PC\Desktop\Spybot - Search & Destroy.lnk
[2011/09/17 15:32:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/06 15:50:33 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/07/06 15:50:33 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/06/24 09:24:04 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2011/06/10 14:21:03 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Internet PC\Local Settings\Application Data\fusioncache.dat
[2011/06/07 10:25:29 | 000,000,466 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2011/06/07 10:20:52 | 000,109,908 | ---- | C] () -- C:\WINDOWS\hppins06.dat
[2011/06/07 10:20:52 | 000,001,320 | ---- | C] () -- C:\WINDOWS\hppmdl06.dat
[2011/06/06 10:01:38 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2011/06/01 15:23:00 | 000,000,456 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/06/01 15:20:35 | 000,000,313 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2011/06/01 15:20:35 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2011/06/01 15:20:35 | 000,000,052 | ---- | C] () -- C:\WINDOWS\brpp2ka.ini
[2011/06/01 15:20:35 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011/06/01 15:20:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bw5140.ini
[2011/06/01 15:20:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/06/01 15:20:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2011/06/01 15:20:30 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2011/06/01 15:20:30 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2011/06/01 15:20:28 | 000,015,108 | ---- | C] () -- C:\WINDOWS\HL-5140.INI
[2011/06/01 15:20:04 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\BRSS01A.ini
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2007/08/22 14:15:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/08/20 16:30:34 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/08/20 15:48:28 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/08/20 15:38:24 | 000,117,092 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/07/18 23:53:34 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/07/18 23:33:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/18 23:29:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/07/18 18:16:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/18 18:15:37 | 000,314,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/18 18:08:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/18 16:23:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/18 13:05:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/18 12:33:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/10/31 01:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 01:35:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/31 01:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 01:35:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/31 01:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 01:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 01:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 01:35:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/31 01:35:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/31 01:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 01:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/05 16:18:56 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/04/03 19:22:17 | 000,000,668 | ---- | C] () -- C:\WINDOWS\System32\hppapr05.dat
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,444,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,072,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/06/06 09:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/06/10 14:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2011/10/16 08:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet PC\Application Data\gtk-2.0
[2011/08/10 09:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet PC\Application Data\Softland
[2011/06/10 14:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet PC\Application Data\TweakNow PowerPack 2011
[2011/08/10 09:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2011/10/17 05:26:24 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2AD4D6C2-DBB4-4E8F-91C3-5707B6ACF349}.job
[2011/10/17 09:08:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A18DA3C4-7EAB-49D8-9A5C-7E3F6182AFDE}.job

========== Purity Check ==========

< End of report >

Thanks again!
Teresa

#10
Nedklaw

Posted 16 September 2011 - 04:25 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

How is your system running? Are you experiencing any problems?
Can you update your anti-virus/anti-spyware applications?

Step 1

Posted Image

Run Malwarebytes' Anti-Malware.
Update Malwarebytes' Anti-Malware.
Once the program has updated, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start.
When asked, allow the ActiveX control to install.
Click Start.
Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
Click Scan. (This scan can take several hours, so please be patient).
Once the scan is completed, you may close the window.
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

Answers to my questions
MBAM Log
log.txt

#11
drmandich

Posted 19 September 2011 - 07:53 AM

Member

Topic Starter
Member
16 posts

Hello,

It seems like the computer is running better. I was able to update Malwarebytes, but still not able to update Kaspersky. I still have to run the diagnostic whenever I want to use the internet after restarting (but it does eventually connect, so this isn't a major issue). I'm mostly concerned about not being able to update Kaspersky.

I updated and ran Malwarebytes and it did not detect anything. I accepted the terms for the ESET Online Scanner and clicked "start". After a few minutes, it just opened up the same page where you have to tick the "accept" box, etc. I was not able to actually run the ESET scan.

Here is the log file from when I ran Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7748

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/20/2011 8:19:58 AM
mbam-log-2011-10-20 (08-19-58).txt

Scan type: Quick scan
Objects scanned: 163622
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks again for all your help.
Teresa

#12
Nedklaw

Posted 20 September 2011 - 12:46 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

Step 1

In Kaspersky check: Settings > Update Settings (Globe Icon) > Update Source > Proxy Server > Uncheck Proxy Server > OK > OK > Apply.

Step 2

In the right bottom corner of the screen right-click the product icon K and select Exit.
In the left bottom corner of the screen, click Start.
Select All Programs.
In the list of installed programs find Kaspersky Internet Security 2011.
In the menu select Repair or Remove.
In the window of Kaspersky Internet Security 2011, select Repair.
Click Next.
Once the repair process is completed follow the instructions of the Configuration Wizard.
After successful installation of Kaspersky Internet Security, you will be offered to restart your computer.
In the Kaspersky Internet Security Configuration Wizard window click Finish.

Tell me if you can now update Kaspersky.

Step 3

Download and run the Microsoft Fixit here and see if it solves your internet problem. If the fixit doesn't solve the problem in Normal Mode, run it in Agressive Mode.

Things I want to see in your next reply

Update on problems

#13
drmandich

Posted 21 September 2011 - 09:22 AM

Member

Topic Starter
Member
16 posts

Hi,

I tried to update Kaspersky, but no luck.

I ran the Microsoft Fixit. I didn't see where there was an option between normal and aggressive, but I ran it once where it reset Explorer, but didn't reset all of the settings. That didn't work so I ran it again and had it reset everything. That also didn't work.

What now?

Thanks again,
Teresa

#14
Nedklaw

Posted 21 September 2011 - 02:56 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

Step 1

Launch Kaspersky.
Click the Support link in the down left part of the window.
Click Support Tools in the down left part of the Support window.
Click the button Create system state report.
Wait until the report is formed.
Close all windows.

Once your system has been analysed, click on "View" in order to open the logfile location.
The logfile should be located in C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP11\AVZ folder and will be called sysinfo.zip. Please find this file, and attach it to your next post.

Step 2

Download and run the Microsoft Fixit here and run it. Tell me if this Fixit sorts out the internet problem.

Things I want to see in your next reply

sysinfo.zip
Update on internet problem

#15
drmandich

Posted 23 September 2011 - 09:46 AM

Member

Topic Starter
Member
16 posts

Hello,

I was able to run the Fixit this time, but it didn't correct the internet problem. I don't know if it's relevant, but this problem happens both with Internet Explorer and Chrome.

Here is the report that I got from Kaspersky:

<?xml version="1.0" encoding="windows-1251" ?>
- 
- <AVZ Version="4.34" LogDate="24.10.2011 10:11:03" WinDir="C:\WINDOWS\" OS_MjVer="5" OS_MiVer="1" OS_Build="2600" BootMode="0" OS_CSDV="Service Pack 3" ProfileDir="C:\Documents and Settings\LocalService" Session="" IsWow64="False" IsAdmin="True" IsSRDisabled="False" MainDBDate="12/30/1899" CompHash="0EB52BE5AA7C4CC04F6757D813C10C95">
<PROCESS />
<DLL />
- <KERNELOBJ>
<ITEM File="C:\WINDOWS\System32\Drivers\dump_nvata.sys" CheckResult="-1" Base="F20A3000" MemSize="01A000" Descr="" LegalCopyright="" />
<ITEM File="C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS" CheckResult="-1" Base="F7A17000" MemSize="002000" Descr="" LegalCopyright="" />
</KERNELOBJ>
<Service />
- <Drivers>
<ITEM File="Abiosdsk.sys" Name="Abiosdsk" CheckResult="-1" Type="1" State="1" />
<ITEM File="abp480n5.sys" Name="abp480n5" CheckResult="-1" Type="1" State="1" />
<ITEM File="adpu160m.sys" Name="adpu160m" CheckResult="-1" Type="1" State="1" />
<ITEM File="Aha154x.sys" Name="Aha154x" CheckResult="-1" Type="1" State="1" />
<ITEM File="aic78u2.sys" Name="aic78u2" CheckResult="-1" Type="1" State="1" />
<ITEM File="aic78xx.sys" Name="aic78xx" CheckResult="-1" Type="1" State="1" />
<ITEM File="AliIde.sys" Name="AliIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="amsint.sys" Name="amsint" CheckResult="-1" Type="1" State="1" />
<ITEM File="asc.sys" Name="asc" CheckResult="-1" Type="1" State="1" />
<ITEM File="asc3350p.sys" Name="asc3350p" CheckResult="-1" Type="1" State="1" />
<ITEM File="asc3550.sys" Name="asc3550" CheckResult="-1" Type="1" State="1" />
<ITEM File="Atdisk.sys" Name="Atdisk" CheckResult="-1" Type="1" State="1" />
<ITEM File="cd20xrnt.sys" Name="cd20xrnt" CheckResult="-1" Type="1" State="1" />
<ITEM File="Changer.sys" Name="Changer" CheckResult="-1" Type="1" State="1" />
<ITEM File="CmdIde.sys" Name="CmdIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="Cpqarray.sys" Name="Cpqarray" CheckResult="-1" Type="1" State="1" />
<ITEM File="dac960nt.sys" Name="dac960nt" CheckResult="-1" Type="1" State="1" />
<ITEM File="dpti2o.sys" Name="dpti2o" CheckResult="-1" Type="1" State="1" />
<ITEM File="hpn.sys" Name="hpn" CheckResult="-1" Type="1" State="1" />
<ITEM File="i2omgmt.sys" Name="i2omgmt" CheckResult="-1" Type="1" State="1" />
<ITEM File="i2omp.sys" Name="i2omp" CheckResult="-1" Type="1" State="1" />
<ITEM File="ini910u.sys" Name="ini910u" CheckResult="-1" Type="1" State="1" />
<ITEM File="IntelIde.sys" Name="IntelIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="lbrtfdc.sys" Name="lbrtfdc" CheckResult="-1" Type="1" State="1" />
<ITEM File="mraid35x.sys" Name="mraid35x" CheckResult="-1" Type="1" State="1" />
<ITEM File="PCIDump.sys" Name="PCIDump" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDCOMP.sys" Name="PDCOMP" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDFRAME.sys" Name="PDFRAME" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDRELI.sys" Name="PDRELI" CheckResult="-1" Type="1" State="1" />
<ITEM File="PDRFRAME.sys" Name="PDRFRAME" CheckResult="-1" Type="1" State="1" />
<ITEM File="perc2.sys" Name="perc2" CheckResult="-1" Type="1" State="1" />
<ITEM File="perc2hib.sys" Name="perc2hib" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql1080.sys" Name="ql1080" CheckResult="-1" Type="1" State="1" />
<ITEM File="Ql10wnt.sys" Name="Ql10wnt" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql12160.sys" Name="ql12160" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql1240.sys" Name="ql1240" CheckResult="-1" Type="1" State="1" />
<ITEM File="ql1280.sys" Name="ql1280" CheckResult="-1" Type="1" State="1" />
<ITEM File="Simbad.sys" Name="Simbad" CheckResult="-1" Type="1" State="1" />
<ITEM File="Sparrow.sys" Name="Sparrow" CheckResult="-1" Type="1" State="1" />
<ITEM File="sym_hi.sys" Name="sym_hi" CheckResult="-1" Type="1" State="1" />
<ITEM File="sym_u3.sys" Name="sym_u3" CheckResult="-1" Type="1" State="1" />
<ITEM File="symc810.sys" Name="symc810" CheckResult="-1" Type="1" State="1" />
<ITEM File="symc8xx.sys" Name="symc8xx" CheckResult="-1" Type="1" State="1" />
<ITEM File="TosIde.sys" Name="TosIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="ultra.sys" Name="ultra" CheckResult="-1" Type="1" State="1" />
<ITEM File="ViaIde.sys" Name="ViaIde" CheckResult="-1" Type="1" State="1" />
<ITEM File="WDICA.sys" Name="WDICA" CheckResult="-1" Type="1" State="1" />
</Drivers>
- <AUTORUN>
<ITEM File="C:\PROGRA~1\Grisoft\AVG7\avglog.dll" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVG7" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\Drivers\AliIde.sys" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\aliide" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\Drivers\CmdIde.sys" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\cmdide" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\Drivers\IntelIde.sys" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\intelide" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\Drivers\TosIde.sys" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\toside" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\Drivers\ViaIde.sys" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\viaide" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\Drivers\lbrtfdc.sys" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\lbrtfdc" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\PrintFilterPipelineSvc.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\PrintFilterPipelineSvc" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\igmpv2.dll" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\ipbootp.dll" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\iprip2.dll" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\ospf.dll" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\ospfmib.dll" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\polagent.dll" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\System32\tssdis.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\system32\KB905474\wgasetup.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\WgaSetup" X3="EventMessageFile" />
<ITEM File="C:\WINDOWS\system32\MsSip1.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1" X3="$DLL" />
<ITEM File="C:\WINDOWS\system32\MsSip2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2" X3="$DLL" />
<ITEM File="C:\WINDOWS\system32\MsSip3.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3" X3="$DLL" />
<ITEM File="C:\WINDOWS\system32\psxss.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X3="Posix" />
<ITEM File="C:\WINDOWS\system32\stisvc.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System" X3="EventMessageFile" />
<ITEM File="LCODCCMP.DLL" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Drivers32" X3="vidc.LEAD" />
<ITEM File="SDEvents.dll" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search & Destroy 2" X3="EventMessageFile" />
<ITEM File="kbd101.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\i8042prt\Parameters" X3="LayerDriver JPN" />
<ITEM File="kbd101a.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\i8042prt\Parameters" X3="LayerDriver KOR" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2=".DEFAULT\Control Panel\IOProcs" X3="MVB" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-19\Control Panel\IOProcs" X3="MVB" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-20\Control Panel\IOProcs" X3="MVB" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-18\Control Panel\IOProcs" X3="MVB" />
<ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-21-1482476501-823518204-725345543-1006\Control Panel\IOProcs" X3="MVB" />
<ITEM File="vgafix.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="fixedfon.fon" />
<ITEM File="vgaoem.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="oemfonts.fon" />
<ITEM File="vgasys.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="fonts.fon" />
</AUTORUN>
- <BHO>
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="5" RegKey="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars" CLSID="{32683183-48a0-441b-a342-7c2a440a9478}" Descr="" LegalCopyright="" />
</BHO>
- <ExplorerExt>
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Display Panning CPL Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{42071714-76d4-11d1-8b24-00a0c9068ff3}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Shell extensions for file compression" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{764BF0E1-F219-11ce-972D-00AA00A14F56}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Encryption Context Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="HyperTerminal Icon Ext" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{88895560-9AA2-1069-930E-00AA0030EBC8}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Taskbar and Start Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Media Band" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{32683183-48a0-441b-a342-7c2a440a9478}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="User Accounts" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="IE User Assist" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" Descr="" LegalCopyright="" />
</ExplorerExt>
<PrintEXT />
<TaskScheduler />
- <SPI>
<ITEM File="C:\WINDOWS\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="Tcpip" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="31.03.2003 07:00:00" ChageDate="20.06.2008 11:02:47" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\System32\winrnr.dll" CheckResult="-1" SPIType="1" SPINaim="NTDS" Descr="LDAP RnR Provider DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="16896" Attr="rsAh" CreateDate="31.03.2003 07:00:00" ChageDate="14.04.2008 05:42:10" MD5="D72B9EC3337B247A666F098F3D6B43DE" />
<ITEM File="C:\WINDOWS\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="Network Location Awareness (NLA) Namespace" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="31.03.2003 07:00:00" ChageDate="20.06.2008 11:02:47" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [TCP/IP]" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="31.03.2003 07:00:00" ChageDate="20.06.2008 11:02:47" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [UDP/IP]" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="31.03.2003 07:00:00" ChageDate="20.06.2008 11:02:47" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [RAW/IP]" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="31.03.2003 07:00:00" ChageDate="20.06.2008 11:02:47" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\rsvpsp.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP UDP Service Provider" Descr="Microsoft Windows Rsvp 1.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="92672" Attr="rsAh" CreateDate="31.03.2003 07:00:00" ChageDate="14.04.2008 05:42:06" MD5="72451FD61DDBB0A1FB071B7C3CDE5594" />
<ITEM File="C:\WINDOWS\system32\rsvpsp.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP TCP Service Provider" Descr="Microsoft Windows Rsvp 1.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="92672" Attr="rsAh" CreateDate="31.03.2003 07:00:00" ChageDate="14.04.2008 05:42:06" MD5="72451FD61DDBB0A1FB071B7C3CDE5594" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{D996C8DC-DE76-4D64-8CDD-9AF9D0870ABC}] SEQPACKET 0" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="31.03.2003 07:00:00" ChageDate="20.06.2008 11:02:47" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{D996C8DC-DE76-4D64-8CDD-9AF9D0870ABC}] DATAGRAM 0" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="31.03.2003 07:00:00" ChageDate="20.06.2008 11:02:47" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{B08C3F37-7997-455E-A65A-D6304CB0B644}] SEQPACKET 1" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="31.03.2003 07:00:00" ChageDate="20.06.2008 11:02:47" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{B08C3F37-7997-455E-A65A-D6304CB0B644}] DATAGRAM 1" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="31.03.2003 07:00:00" ChageDate="20.06.2008 11:02:47" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{E4A45D89-732D-432A-B5BB-8B5C9F7ADC0A}] SEQPACKET 2" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="31.03.2003 07:00:00" ChageDate="20.06.2008 11:02:47" MD5="943337D786A56729263071623BBB9DE5" />
<ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{E4A45D89-732D-432A-B5BB-8B5C9F7ADC0A}] DATAGRAM 2" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="245248" Attr="rsAh" CreateDate="31.03.2003 07:00:00" ChageDate="20.06.2008 11:02:47" MD5="943337D786A56729263071623BBB9DE5" />
</SPI>
- <DPF>
<ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="Microsoft XML Parser for Java" CodeBase="file://C:\WINDOWS\Java\classes\xmldso.cab" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" CodeBase="http://fpdownload.ma.../ultrashim.cab" Descr="" LegalCopyright="" />
</DPF>
<CPL />
<ActiveSetup />
- <HOSTS>
<ITEM Line="127.0.0.1 localhost" />
</HOSTS>
<ProtocolExt />
- <SuspFiles>
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" VirType="4" Descr="Kernel-mode hook" />
<ITEM File="\SystemRoot\system32\DRIVERS\klif.sys" VirType="4" Descr="Kernel-mode hook" />
</SuspFiles>
- <RK_KM>
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtAdjustPrivilegesToken" FIndx="11" HookPtr="F332F5FA" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtClose" FIndx="25" HookPtr="F332FEFE" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtConnectPort" FIndx="31" HookPtr="F3330D32" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtCreateEvent" FIndx="35" HookPtr="F333127C" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtCreateFile" FIndx="37" HookPtr="F33301DA" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtCreateKey" FIndx="41" HookPtr="F332E46A" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtCreateMutant" FIndx="43" HookPtr="F3331162" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtCreateNamedPipeFile" FIndx="44" HookPtr="F332F1E8" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtCreatePort" FIndx="46" HookPtr="F3331036" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtCreateSection" FIndx="50" HookPtr="F332F390" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtCreateSemaphore" FIndx="51" HookPtr="F333139C" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtCreateSymbolicLinkObject" FIndx="52" HookPtr="F33466C0" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtCreateThread" FIndx="53" HookPtr="F332FB86" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtCreateWaitablePort" FIndx="56" HookPtr="F33310CC" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtDebugActiveProcess" FIndx="57" HookPtr="F3332A84" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtDeleteKey" FIndx="63" HookPtr="F332EA74" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtDeleteValueKey" FIndx="65" HookPtr="F332EE28" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtDeviceIoControlFile" FIndx="66" HookPtr="F333065C" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtDuplicateObject" FIndx="68" HookPtr="F3333C90" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtEnumerateKey" FIndx="71" HookPtr="F332EF74" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtEnumerateValueKey" FIndx="73" HookPtr="F332F00C" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtFsControlFile" FIndx="84" HookPtr="F333046A" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtLoadDriver" FIndx="97" HookPtr="F3332B76" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtLoadKey" FIndx="98" HookPtr="F332E446" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtLoadKey2" FIndx="99" HookPtr="F332E458" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtMapViewOfSection" FIndx="108" HookPtr="F33332DE" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtNotifyChangeKey" FIndx="111" HookPtr="F332F138" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtOpenEvent" FIndx="114" HookPtr="F3331312" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtOpenFile" FIndx="116" HookPtr="F332FF80" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtOpenKey" FIndx="119" HookPtr="F332E62A" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtOpenMutant" FIndx="120" HookPtr="F33311F2" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtOpenProcess" FIndx="122" HookPtr="F332F836" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtOpenSection" FIndx="125" HookPtr="F3333078" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtOpenSemaphore" FIndx="126" HookPtr="F3331432" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtOpenThread" FIndx="128" HookPtr="F332F728" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtPlugPlayControl" FIndx="132" HookPtr="F33466D0" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtQueryKey" FIndx="160" HookPtr="F332F0A4" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtQueryMultipleValueKey" FIndx="161" HookPtr="F332ECDC" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtQuerySection" FIndx="167" HookPtr="F3333618" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtQueryValueKey" FIndx="177" HookPtr="F332E906" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtQueueApcThread" FIndx="180" HookPtr="F3332F0A" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtRenameKey" FIndx="192" HookPtr="F332EB96" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtReplaceKey" FIndx="193" HookPtr="F332DE80" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtReplyPort" FIndx="194" HookPtr="F3331796" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtReplyWaitReceivePort" FIndx="195" HookPtr="F333165C" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtRequestWaitReplyPort" FIndx="200" HookPtr="F333281E" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtRestoreKey" FIndx="204" HookPtr="F332E1F8" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtResumeThread" FIndx="206" HookPtr="F3333B32" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSaveKey" FIndx="207" HookPtr="F332DE18" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSecureConnectPort" FIndx="210" HookPtr="F3330A78" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSetContextThread" FIndx="213" HookPtr="F332FDA2" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSetInformationToken" FIndx="230" HookPtr="F33320BE" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSetSecurityObject" FIndx="237" HookPtr="F3332D14" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSetSystemInformation" FIndx="240" HookPtr="F3333768" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSetValueKey" FIndx="247" HookPtr="F332E780" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSuspendProcess" FIndx="253" HookPtr="F333385A" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSuspendThread" FIndx="254" HookPtr="F3333994" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtSystemDebugControl" FIndx="255" HookPtr="F33329A8" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtTerminateProcess" FIndx="257" HookPtr="F332F9D2" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtTerminateThread" FIndx="258" HookPtr="F332F932" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtUnmapViewOfSection" FIndx="267" HookPtr="F33334BC" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="C:\WINDOWS\system32\DRIVERS\klif.sys" FNaim="NtWriteVirtualMemory" FIndx="277" HookPtr="F332FABC" HookType="1" CheckResult="0" Size="475736" Attr="rsAh" CreateDate="06.07.2011 15:48:24" ChageDate="01.10.2010 10:37:50" MD5="44EC6B3DBE167C7FA818F9918D2CBF22" />
<ITEM File="\SystemRoot\system32\DRIVERS\klif.sys" FNaim="NtQueryPerformanceCounter" FIndx="165" HookPtr="805C18FA" HookType="3" />
<ITEM File="\SystemRoot\system32\DRIVERS\klif.sys" FNaim="" FIndx="387" HookPtr="805C18FA" HookType="3" />
</RK_KM>
- <WIZARD-TSW>
<ITEM ID="50" Level="2" Fixed="0" />
<ITEM ID="51" Level="2" Fixed="0" />
<ITEM ID="58" Level="3" Fixed="0" />
<ITEM ID="59" Level="3" Fixed="0" />
<ITEM ID="60" Level="1" Fixed="0" />
<ITEM ID="61" Level="2" Fixed="0" />
<ITEM ID="66" Level="1" Fixed="0" />
</WIZARD-TSW>
</AVZ>

Once again,
Thanks for your help.
Teresa