Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware.Trace and Kaspersky scan crashes computer then won't boot

Started by Stang5Liter , Sep 28 2011 01:14 PM

This topic is locked

#1
Stang5Liter

Posted 28 September 2011 - 01:14 PM

Member

Member
53 posts

Hello,

I am having issues with my computer where it will lock up and quit responding as well as crashes during a kaspersky scan at random times. I ran it several times and also in safe mode and it crashes there too. I disabled most devices in the start up section trying to make it somewhat stable but it is still messed up. I then ran MBAM and it found Malware.Trace but nothing else. My OTL log is attached. Thanks so much in advance!

OTL logfile created on: 9/28/2011 1:49:16 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\John\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.70% Memory free
4.17 Gb Paging File | 2.96 Gb Available in Paging File | 70.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 219.49 Gb Free Space | 73.63% Space Free | Partition Type: NTFS

Computer Name: SIMBA-SALES | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/28 13:47:53 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2011/09/27 11:00:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2009/08/26 18:25:56 | 000,198,008 | ---- | M] () -- C:\Windows\System32\U2VSvr.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/10 23:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/07/10 00:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\John\AppData\Roaming\Google\Google Talk\googletalk.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 11:04:04 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/27 11:00:03 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/02/16 11:34:26 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/08/26 18:25:56 | 000,198,008 | ---- | M] () [Auto | Running] -- C:\Windows\System32\U2VSvr.exe -- (U2VSvr)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/10 23:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 22:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/07/10 00:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe -- (QuickBooksDB19)
SRV - [2008/01/20 21:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/09/27 09:25:30 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/12/21 00:55:02 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/12/21 00:55:02 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/12/21 00:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/21 00:55:02 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/08/10 15:47:06 | 000,101,248 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\t1pusb.sys -- (t1pusb)
DRV - [2009/06/24 18:21:04 | 000,019,712 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\T1PMrGrp.sys -- (T1PMrGrp)
DRV - [2009/06/24 18:19:24 | 000,018,816 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\T1PExGrp.sys -- (T1PExGrp)
DRV - [2008/01/20 21:23:50 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008/01/20 21:23:46 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/03/22 20:47:00 | 007,467,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/08 15:54:02 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/11/08 15:52:58 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DPV)
DRV - [2006/11/02 02:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 91 B7 FD FD 79 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/07/27 14:16:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011/09/27 09:28:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011/09/27 09:28:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011/09/27 09:27:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/27 11:00:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/23 13:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 08:29:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/09/23 08:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2011/09/23 08:32:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\qbaye3th.default\extensions
[2011/09/23 09:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/23 09:55:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/09/27 11:00:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/23 09:55:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41F55261-0D7F-4399-BAA5-9C27139AD80A}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/28 13:47:50 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/09/27 12:48:43 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2011/09/27 12:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/27 12:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/27 12:48:31 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/27 12:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/27 09:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2011/09/27 09:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/09/27 09:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/09/27 09:25:30 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/09/26 13:44:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
[2011/09/26 13:44:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Google
[2011/09/23 13:44:10 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\TFC.exe
[2011/09/23 12:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/09/23 10:24:59 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\VSRevoGroup
[2011/09/23 09:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/23 09:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/09/23 09:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/09/23 09:38:29 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/09/23 09:18:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/09/23 09:18:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/09/23 09:18:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/09/23 09:04:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/09/23 08:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/09/23 08:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/09/23 08:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/09/23 08:34:11 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Thunderbird
[2011/09/23 08:34:11 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Thunderbird
[2011/09/23 08:29:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Mozilla
[2011/09/23 08:29:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Mozilla
[2011/09/22 18:08:40 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Adobe
[2011/09/22 18:08:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Adobe
[2011/09/22 18:08:26 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\My Google Gadgets
[2011/09/22 18:08:24 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\ControlCenter4
[2011/09/22 18:08:15 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Google
[2011/09/22 18:08:10 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/09/22 18:08:10 | 000,000,000 | R--D | C] -- C:\Users\John\Searches
[2011/09/22 18:08:10 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/09/22 18:08:02 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Identities
[2011/09/22 18:08:00 | 000,000,000 | R--D | C] -- C:\Users\John\Contacts
[2011/09/22 18:07:59 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\VirtualStore
[2011/09/22 18:07:54 | 000,000,000 | --SD | C] -- C:\Users\John\AppData\Roaming\Microsoft
[2011/09/22 18:07:54 | 000,000,000 | R--D | C] -- C:\Users\John\Videos
[2011/09/22 18:07:54 | 000,000,000 | R--D | C] -- C:\Users\John\Saved Games
[2011/09/22 18:07:54 | 000,000,000 | R--D | C] -- C:\Users\John\Pictures
[2011/09/22 18:07:54 | 000,000,000 | R--D | C] -- C:\Users\John\Music
[2011/09/22 18:07:54 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/09/22 18:07:54 | 000,000,000 | R--D | C] -- C:\Users\John\Links
[2011/09/22 18:07:54 | 000,000,000 | R--D | C] -- C:\Users\John\Favorites
[2011/09/22 18:07:54 | 000,000,000 | R--D | C] -- C:\Users\John\Downloads
[2011/09/22 18:07:54 | 000,000,000 | R--D | C] -- C:\Users\John\Documents
[2011/09/22 18:07:54 | 000,000,000 | R--D | C] -- C:\Users\John\Desktop
[2011/09/22 18:07:54 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/09/22 18:07:54 | 000,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\Temporary Internet Files
[2011/09/22 18:07:54 | 000,000,000 | -HSD | C] -- C:\Users\John\Templates
[2011/09/22 18:07:54 | 000,000,000 | -HSD | C] -- C:\Users\John\Start Menu
[2011/09/22 18:07:54 | 000,000,000 | -HSD | C] -- C:\Users\John\SendTo
[2011/09/22 18:07:54 | 000,000,000 | -HSD | C] -- C:\Users\John\Recent
[2011/09/22 18:07:54 | 000,000,000 | -HSD | C] -- C:\Users\John\PrintHood
[2011/09/22 18:07:54 | 000,000,000 | -HSD | C] -- C:\Users\John\NetHood
[2011/09/22 18:07:54 | 000,000,000 | -HSD | C] -- C:\Users\John\Documents\My Videos
[2011/09/22 18:07:54 | 000,000,000 | -HSD | C] -- C:\Users\John\Documents\My Pictures
[2011/09/22 18:07:54 | 000,000,000 | -HSD | C] -- C:\Users\John\Documents\My Music
[2011/09/22 18:07:54 | 000,000,000 | -HSD | C] -- C:\Users\John\My Documents
[2011/09/22 18:07:54 | 000,000,000 | -HSD | C] -- C:\Users\John\Local Settings
[2011/09/22 18:07:54 | 000,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\History
[2011/09/22 18:07:54 | 000,000,000 | -HSD | C] -- C:\Users\John\Cookies
[2011/09/22 18:07:54 | 000,000,000 | -HSD | C] -- C:\Users\John\Application Data
[2011/09/22 18:07:54 | 000,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\Application Data
[2011/09/22 18:07:54 | 000,000,000 | -H-D | C] -- C:\Users\John\AppData
[2011/09/22 18:07:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Temp
[2011/09/22 18:07:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft Help
[2011/09/22 18:07:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft
[2011/09/22 18:07:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Macromedia

========== Files - Modified Within 30 Days ==========

[2011/09/28 13:55:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9AAA8965-BFDA-45D0-AC40-4000B0060782}.job
[2011/09/28 13:47:53 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/09/28 13:22:11 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/28 13:22:11 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/28 13:17:42 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/28 13:17:42 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/28 13:17:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/28 13:17:31 | 2112,536,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/28 11:32:55 | 000,005,134 | ---- | M] () -- C:\Windows\System32\MTri1+.ini
[2011/09/27 12:48:37 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/27 11:35:00 | 000,002,585 | ---- | M] () -- C:\Users\John\Desktop\Microsoft Office Excel 2007.lnk
[2011/09/27 09:48:14 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011/09/27 09:48:14 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011/09/27 09:32:31 | 000,017,408 | ---- | M] () -- C:\Users\John\AppData\Local\WebpageIcons.db
[2011/09/27 09:25:30 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/09/27 09:20:47 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/09/26 12:26:35 | 000,011,265 | ---- | M] () -- C:\Users\John\Documents\MorrisonQuote.pdf
[2011/09/23 13:44:16 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\TFC.exe
[2011/09/23 12:48:37 | 000,000,943 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/23 12:44:30 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/09/23 12:44:29 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/09/23 12:44:17 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/09/23 12:27:27 | 000,389,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/23 12:24:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/09/23 12:23:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/09/23 11:44:38 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/23 09:57:04 | 000,000,870 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/23 09:57:04 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/23 09:38:29 | 000,001,057 | ---- | M] () -- C:\Users\John\Desktop\Revo Uninstaller.lnk
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/09/28 13:17:31 | 2112,536,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/27 12:48:37 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/27 09:32:30 | 000,017,408 | ---- | C] () -- C:\Users\John\AppData\Local\WebpageIcons.db
[2011/09/27 09:29:22 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/09/27 09:29:22 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/09/26 12:26:35 | 000,011,265 | ---- | C] () -- C:\Users\John\Documents\MorrisonQuote.pdf
[2011/09/23 17:26:32 | 000,002,585 | ---- | C] () -- C:\Users\John\Desktop\Microsoft Office Excel 2007.lnk
[2011/09/23 12:44:17 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/09/23 12:24:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/09/23 12:23:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/09/23 11:44:38 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/23 11:44:38 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/23 09:57:04 | 000,000,870 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/23 09:57:04 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/23 09:38:29 | 000,001,057 | ---- | C] () -- C:\Users\John\Desktop\Revo Uninstaller.lnk
[2011/09/23 09:34:54 | 000,000,943 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/23 08:56:21 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/09/23 08:32:45 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/22 18:08:11 | 000,000,949 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/09/22 18:08:10 | 000,000,944 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/09/22 18:08:00 | 000,000,915 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/09/22 18:07:54 | 000,000,258 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/09/22 18:07:54 | 000,000,240 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/07/14 18:11:20 | 000,000,246 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/07/14 18:11:20 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/07/14 18:08:21 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/07/14 18:08:21 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/07/14 18:08:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011/07/14 18:08:00 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011/07/14 18:07:58 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2010/07/27 13:28:14 | 000,188,626 | ---- | C] () -- C:\Windows\hpwins22.dat
[2010/07/27 13:18:39 | 000,188,647 | ---- | C] () -- C:\Windows\hpwins22.dat.temp
[2010/07/27 13:18:39 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2010/04/23 11:24:09 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/22 14:26:16 | 000,033,998 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/02/20 13:35:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/20 13:35:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/20 13:35:03 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/02/17 09:51:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/02/16 13:45:52 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/02/15 17:57:11 | 000,198,008 | ---- | C] () -- C:\Windows\System32\U2VSvr.exe
[2010/02/15 17:57:11 | 000,193,912 | ---- | C] () -- C:\Windows\System32\U2VDisp.exe
[2010/02/15 17:57:11 | 000,189,816 | ---- | C] () -- C:\Windows\System32\Util.exe
[2010/02/15 17:57:11 | 000,005,134 | ---- | C] () -- C:\Windows\System32\MTri1+.ini
[2010/02/15 17:57:10 | 000,430,080 | ---- | C] () -- C:\Windows\System32\UDLL.dll
[2010/02/15 17:57:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\t1psvr.dll
[2010/02/15 17:57:10 | 000,175,856 | ---- | C] () -- C:\Windows\System32\t1psvr.exe
[2010/02/15 17:57:10 | 000,175,856 | ---- | C] () -- C:\Windows\System32\T1PDisp.exe
[2010/02/15 17:57:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\mctudll.dll
[2010/02/15 17:57:10 | 000,044,784 | ---- | C] () -- C:\Windows\System32\T1PSvrUtil.exe
[2008/10/25 04:40:22 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2006/11/02 07:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:43 | 000,389,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/09/23 10:38:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ControlCenter4
[2011/09/23 08:34:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Thunderbird
[2011/09/23 10:24:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\VSRevoGroup
[2011/09/27 16:02:41 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/28 13:55:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9AAA8965-BFDA-45D0-AC40-4000B0060782}.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 9/28/2011 1:49:16 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\John\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.70% Memory free
4.17 Gb Paging File | 2.96 Gb Available in Paging File | 70.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 219.49 Gb Free Space | 73.63% Space Free | Partition Type: NTFS

Computer Name: SIMBA-SALES | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16C17DA6-62E0-4F1B-B0E1-D0612E3E608B}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{37F90EC8-0E98-45F9-88BE-64FA082282CB}" = lport=445 | protocol=6 | dir=in | app=system |
"{3D84E6C3-91E2-4AF3-AAD1-58879999106C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{462C1D4A-27EA-4538-A4A3-91B952C24AEB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F622DBA-7DFB-4B6E-AE0D-4B6118762DE4}" = rport=138 | protocol=17 | dir=out | app=system |
"{609329AB-1141-4475-87B5-64A708ECE910}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{68E92458-A60D-423B-9154-D9F27E8D0C16}" = lport=137 | protocol=17 | dir=in | app=system |
"{7094D803-1F73-4E48-9E8F-AC5FD5D4E4DC}" = rport=137 | protocol=17 | dir=out | app=system |
"{80411281-177E-4CB9-853A-14BC199AD7B2}" = lport=139 | protocol=6 | dir=in | app=system |
"{976E1461-B449-448A-98DD-076C585BFE92}" = rport=139 | protocol=6 | dir=out | app=system |
"{B5014B7B-D3E3-4684-A14C-BF503504F354}" = rport=445 | protocol=6 | dir=out | app=system |
"{B7CE7ACD-CD37-46C0-AE29-8FBB4EF2B899}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{E358FFFD-DA2C-44E7-A9AD-969EF46803E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EA874B30-F7D0-4318-9D7E-0A4B276C727E}" = lport=138 | protocol=17 | dir=in | app=system |
"{FB1F321A-97BB-403F-9A93-4662DFD76E91}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC807EA-6A45-4860-AB8C-8BF7B2012D01}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{2A9809B2-0C94-4A49-B0D4-D9D98C0B19C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31EE8A4E-CAA4-489C-8303-43564901C04A}" = protocol=1 | dir=out | [email protected],-28544 |
"{38B97765-323F-430B-9498-94D64D1AC5C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{402836CF-B882-4F40-83D1-074EC4179F3E}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl10f\faxrx.exe |
"{456947C5-4AC1-44BD-B8F4-37F32B83EB82}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4B9B3016-6A73-4B56-BB1A-0ADAEFD0866C}" = dir=in | app=d:\setup\hpznui01.exe |
"{4E479ECF-2BC6-4A22-8E0E-D9E9047D336A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{513A22E3-C3BB-4074-81A7-20ACC34A8493}" = protocol=1 | dir=in | [email protected],-28543 |
"{5416994D-9486-4AAF-95C5-BB9338A55FC6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{7AD20B9B-312E-4CE2-A66F-379AB72BE4AA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{902A2F8C-C524-4689-9570-4CC659A1B6E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92A9BCC8-C36C-43D1-9105-4D769315206B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A7F05E57-89AB-4C21-82A8-10B48A958692}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{BCB519BB-A30D-48EA-9908-92D1E2980C94}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{C7E63050-7785-4514-83D8-C8207A31F062}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl10f\faxrx.exe |
"{CE2BB1F6-EAF3-4DEC-801B-C4AED8C8DE93}" = protocol=58 | dir=in | [email protected],-28545 |
"{D5A3C0D8-FA5F-46F6-9D4A-55494BEC65D2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{DC399104-4F34-4F90-9021-396C1B866623}" = protocol=58 | dir=out | [email protected],-28546 |
"{DE188C6A-16FE-45A2-B00E-759EAB4D90BE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{F62A6BB9-8A2C-4AED-A4E4-65D17007453A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A71C4F-94D9-44EA-AC98-FF8A045273AB}" = iSqFt Full Viewer V4.01
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{2A1E8C67-75A9-4145-AF28-C6337CF366CB}" = Inventory Pro for Windows Version 11.1 72C
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7860DW
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{47A54B4B-A4E6-4738-ADE8-75831FFBA0D2}" = C3400n from OKI® Printing Solutions GDI Driver Version 2.0.0 for Windows Vista
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}" = USB Display Device (Trigger 1+) 9.16.0912.0159
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_201414F1" = HSF2014 56K Data Fax Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Desktop" = Google Desktop
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 7.0 (x86 en-US)" = Mozilla Firefox 7.0 (x86 en-US)
"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"Revo Uninstaller" = Revo Uninstaller 1.93
"Shop for HP Supplies" = Shop for HP Supplies
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2011 12:56:35 PM | Computer Name = Simba-Sales | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/28/2011 1:26:28 PM | Computer Name = Simba-Sales | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/28/2011 1:56:38 PM | Computer Name = Simba-Sales | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/28/2011 1:58:27 PM | Computer Name = Simba-Sales | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/28/2011 2:01:35 PM | Computer Name = Simba-Sales | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/28/2011 2:12:02 PM | Computer Name = Simba-Sales | Source = EventSystem | ID = 4609
Description =

Error - 9/28/2011 2:13:08 PM | Computer Name = Simba-Sales | Source = WinMgmt | ID = 10
Description =

Error - 9/28/2011 2:19:19 PM | Computer Name = Simba-Sales | Source = WinMgmt | ID = 10
Description =

Error - 9/28/2011 2:19:56 PM | Computer Name = Simba-Sales | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/28/2011 2:32:03 PM | Computer Name = Simba-Sales | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/09/28 13:32:03.980]: [00002368]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.0.190]

[ OSession Events ]
Error - 6/17/2010 11:13:01 AM | Computer Name = Simba-Sales | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 4860
seconds with 1800 seconds of active time. This session ended with a crash.

Error - 6/24/2010 6:29:40 PM | Computer Name = Simba-Sales | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 28440
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 8/9/2010 1:57:43 PM | Computer Name = Simba-Sales | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 13248
seconds with 2820 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/28/2011 12:26:56 PM | Computer Name = Simba-Sales | Source = Service Control Manager | ID = 7026
Description =

Error - 9/28/2011 2:11:37 PM | Computer Name = Simba-Sales | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:08:07 PM on 9/28/2011 was unexpected.

Error - 9/28/2011 2:11:55 PM | Computer Name = Simba-Sales | Source = DCOM | ID = 10005
Description =

Error - 9/28/2011 2:12:02 PM | Computer Name = Simba-Sales | Source = DCOM | ID = 10005
Description =

Error - 9/28/2011 2:12:05 PM | Computer Name = Simba-Sales | Source = DCOM | ID = 10005
Description =

Error - 9/28/2011 2:13:09 PM | Computer Name = Simba-Sales | Source = Service Control Manager | ID = 7001
Description =

Error - 9/28/2011 2:13:09 PM | Computer Name = Simba-Sales | Source = Service Control Manager | ID = 7026
Description =

Error - 9/28/2011 2:13:45 PM | Computer Name = Simba-Sales | Source = Service Control Manager | ID = 7001
Description =

Error - 9/28/2011 2:18:45 PM | Computer Name = Simba-Sales | Source = DCOM | ID = 10016
Description =

Error - 9/28/2011 2:19:20 PM | Computer Name = Simba-Sales | Source = Service Control Manager | ID = 7026
Description =

< End of report >

Edited by Stang5Liter, 28 September 2011 - 01:31 PM.

#2
maliprog

Posted 05 October 2011 - 02:40 AM

Trusted Helper

Malware Removal
6,172 posts

Hello Stang5Liter and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
You must reply within 3 days or your topic will be closed

Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.

Extract the zip file to its own folder.
Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
Click Start scan to start scanning.
If infection is detected, the default setting for "action" should be Cure
- (If suspicious file is detected please click on it and change it to Skip).
Click Continue button
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Please don't forget to include these items in your reply:

Combofix log
TDSSKiller log
aswMBR log

It would be helpful if you could post each log in separate post

#3
Stang5Liter

Posted 05 October 2011 - 07:52 AM

Member

Topic Starter
Member
53 posts

Ok, here is the log but my computer fans are working overtime and when this happens it usually crashes so I am trying to post the log before it does crash...

ComboFix 11-10-05.01 - John 10/05/2011 8:37.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2014.1277 [GMT -5:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-05 to 2011-10-05 )))))))))))))))))))))))))))))))
.
.
2011-10-05 13:45 . 2011-10-05 13:45 -------- d-----w- c:\users\Simba1\AppData\Local\temp
2011-10-05 13:09 . 2011-10-05 13:09 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76ECF988-E76D-46AE-8172-D5D19E822B89}\offreg.dll
2011-10-04 14:06 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76ECF988-E76D-46AE-8172-D5D19E822B89}\mpengine.dll
2011-09-27 17:48 . 2011-09-27 17:48 -------- d-----w- c:\programdata\Malwarebytes
2011-09-27 17:48 . 2011-09-27 17:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-27 17:48 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-27 15:54 . 2011-09-27 16:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-27 14:29 . 2011-09-27 14:48 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2011-09-27 14:29 . 2011-09-27 14:48 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-09-27 14:27 . 2011-10-05 13:26 -------- d-----w- c:\programdata\Kaspersky Lab
2011-09-27 14:27 . 2011-09-27 14:27 -------- d-----w- c:\program files\Kaspersky Lab
2011-09-23 20:13 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-09-23 18:20 . 2009-08-20 04:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-09-23 17:24 . 2011-09-23 17:24 -------- d-----w- c:\program files\Windows Portable Devices
2011-09-23 17:20 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-09-23 17:20 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-09-23 17:20 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-09-23 17:20 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-09-23 17:20 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-09-23 17:20 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-09-23 17:20 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-09-23 17:20 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-09-23 17:20 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-09-23 17:20 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-09-23 17:18 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-23 17:18 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-09-23 17:18 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-09-23 17:03 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-23 17:02 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-09-23 17:02 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-09-23 17:02 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-09-23 17:01 . 2011-06-17 20:13 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-23 17:01 . 2011-06-17 13:31 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-09-23 17:01 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-09-23 14:55 . 2011-09-23 14:55 -------- d-----w- c:\program files\Common Files\Java
2011-09-23 14:55 . 2011-09-23 14:55 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-09-23 14:55 . 2011-09-23 14:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-23 14:55 . 2011-09-23 14:55 -------- d-----w- c:\program files\Java
2011-09-23 14:38 . 2011-09-23 14:38 -------- d-----w- c:\program files\VS Revo Group
2011-09-23 14:18 . 2011-09-23 14:19 -------- d-----w- c:\windows\system32\ca-ES
2011-09-23 14:18 . 2011-09-23 14:19 -------- d-----w- c:\windows\system32\eu-ES
2011-09-23 14:18 . 2011-09-23 14:19 -------- d-----w- c:\windows\system32\vi-VN
2011-09-23 14:04 . 2011-09-23 14:04 -------- d-----w- c:\windows\system32\EventProviders
2011-09-23 13:56 . 2011-09-23 13:56 -------- d-----w- c:\program files\Microsoft Silverlight
2011-09-23 13:54 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-09-23 13:49 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-09-23 13:48 . 2009-01-08 01:20 355832 ----a-w- c:\program files\Internet Explorer\pdm.dll
2011-09-23 13:48 . 2009-01-08 01:20 265720 ----a-w- c:\program files\Internet Explorer\msdbg2.dll
2011-09-23 13:47 . 2011-09-23 13:47 -------- d-----w- c:\program files\CONEXANT
2011-09-23 13:47 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2011-09-23 13:32 . 2011-10-03 13:18 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-09-23 13:32 . 2011-09-02 23:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-09-23 13:32 . 2011-10-03 13:18 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-09-23 13:32 . 2011-10-03 13:18 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-09-23 13:32 . 2011-10-03 13:18 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-09-23 13:32 . 2011-09-02 23:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-09-23 13:32 . 2011-10-03 13:18 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-09-23 13:32 . 2011-10-03 13:18 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-09-22 23:07 . 2011-09-27 14:28 -------- d-----w- c:\users\John
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2001-12-03 23:09 . 2010-03-02 15:39 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll
2011-10-03 13:18 . 2011-09-23 13:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-25 13:16 . 2010-02-16 18:57 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-03-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-23 8425472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-23 81920]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Evan S Burke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
login.bat [2010-2-20 48]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 30312]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-25 30192]
R3 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2008-07-10 131072]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-12-21 96488]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-12-21 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-12-21 121576]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
S2 U2VSvr;U2VSvr;c:\windows\system32\U2VSvr.exe [2009-08-26 198008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 T1PExGrp;T1PExGrp;c:\windows\system32\DRIVERS\T1PExGrp.sys [2009-06-24 18816]
S3 T1PMrGrp;T1PMrGrp;c:\windows\system32\DRIVERS\T1PMrGrp.sys [2009-06-24 19712]
S3 t1pusb;Trigger 1+ Graphics Card;c:\windows\system32\drivers\t1pusb.sys [2009-08-10 101248]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-05 c:\windows\Tasks\User_Feed_Synchronization-{9AAA8965-BFDA-45D0-AC40-4000B0060782}.job
- c:\windows\system32\msfeedssync.exe [2011-09-23 17:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\qbaye3th.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-05 08:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-05 08:47:30
ComboFix-quarantined-files.txt 2011-10-05 13:47
.
Pre-Run: 234,092,748,800 bytes free
Post-Run: 234,112,200,704 bytes free
.
- - End Of File - - D2ECFE6378C3AE81AA77E6E0DADFF694

#4
Stang5Liter

Posted 05 October 2011 - 08:33 AM

Member

Topic Starter
Member
53 posts

On the TDSSKILLER program, it ran successfully with no threat detections but for some reason I could not copy and paste the report log as you requested. I could highlight the report log but it would not let me right click and copy the text.

Here is the log from aswMBR:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-05 09:05:20
-----------------------------
09:05:20.731 OS Version: Windows 6.0.6002 Service Pack 2
09:05:20.731 Number of processors: 2 586 0x4B02
09:05:20.731 ComputerName: SIMBA-SALES UserName: John
09:06:07.449 Initialize success
09:10:34.887 AVAST engine defs: 11100500
09:14:41.746 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
09:14:41.762 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 6
09:14:43.793 Disk 0 MBR read successfully
09:14:43.793 Disk 0 MBR scan
09:14:43.809 Disk 0 Windows VISTA default MBR code
09:14:43.824 Disk 0 scanning sectors +625139712
09:14:44.324 Disk 0 scanning C:\Windows\system32\drivers
09:14:55.309 Service scanning
09:14:55.746 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
09:14:55.746 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
09:14:55.746 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
09:14:55.762 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
09:14:56.449 Modules scanning
09:15:02.121 Disk 0 trace - called modules:
09:15:02.153 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
09:15:02.168 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8636e9a0]
09:15:02.184 3 CLASSPNP.SYS[887628b3] -> nt!IofCallDriver -> [0x84445a10]
09:15:02.184 5 acpi.sys[8060a6bc] -> nt!IofCallDriver -> \Device\00000055[0x844478a8]
09:15:03.903 AVAST engine scan C:\Windows
09:15:08.840 AVAST engine scan C:\Windows\system32
09:17:31.981 AVAST engine scan C:\Windows\system32\drivers
09:17:48.684 AVAST engine scan C:\Users\John
09:19:03.168 AVAST engine scan C:\ProgramData
09:22:09.371 Scan finished successfully
09:26:30.559 Disk 0 MBR has been saved successfully to "C:\Users\John\Documents\MBR.dat"
09:26:30.574 The log file has been saved successfully to "C:\Users\John\Documents\aswMBR.txt"

#5
maliprog

Posted 05 October 2011 - 11:34 PM

Trusted Helper

Malware Removal
6,172 posts

Looks like to me that you are having some kind of hardware problem.

Step 1

Close all programs if you have opened any.

Can you open Task Manager by clicking Ctrl + Alt + Del key combination. Click on Processes tab and tell me is there any process using to much CPU (like 100%)?

Step 2

Go to Start -> My Computer
Right click on C: disk and clik on Properties
Click on tab Tools and click on Check now... button
Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
Click Start button
Confirm schedule disk check next time computer starts with Yes button
Restart your system and wait while system checks your disk for errors

#6
Stang5Liter

Posted 06 October 2011 - 07:28 AM

Member

Topic Starter
Member
53 posts

It is at random times that the computer will start working overtime. The last suggestion of checking for system errors and fixing bad sectors was completed at the end of last week when I was trying to diagnose if it may have been a hardware issue. That's why I was leaning more towards some kind of malware or other .exe file that was running at odd times, etc. As far as the processes running, the only thing that has been a resource killer is svchost and there are 3 copies of that in the task manager.

I will go ahead and do another round of disk check and again and report back the findings. Thanks for your help!!

#7
maliprog

Posted 06 October 2011 - 10:20 AM

Trusted Helper

Malware Removal
6,172 posts

OK. After you do this we'll do some more test and try to narrow the problem. I would like to do some malware scans also but as you sad that your system is unstable and some of scans need 3 - 4 hours to run.

We'll take our time and see what we can do.

#8
Stang5Liter

Posted 06 October 2011 - 12:53 PM

Member

Topic Starter
Member
53 posts

Been a busy work day but everything checked out ok so we are ready to proceed with the next test.

#9
maliprog

Posted 06 October 2011 - 01:14 PM

Trusted Helper

Malware Removal
6,172 posts

Let's try this scan.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

#10
Stang5Liter

Posted 07 October 2011 - 09:26 AM

Member

Topic Starter
Member
53 posts

Well after the scan ran for 2.5 hours it detected no active threats or malware. I open up the report log and there was nothing in there to copy.

#11
maliprog

Posted 07 October 2011 - 12:57 PM

Trusted Helper

Malware Removal
6,172 posts

OK. This scan took a long time and your system stayed on. How is your system now? Problems?

#12
Stang5Liter

Posted 07 October 2011 - 03:18 PM

Member

Topic Starter
Member
53 posts

There seems to be no more software issues but I think your right about one or more hardware components failing. Thanks for all of your help.

#13
maliprog

Posted 08 October 2011 - 12:30 AM

Trusted Helper

Malware Removal
6,172 posts

Hi Stang5Liter,

If you need help with your hardware open new topic in Hardware, Components and Peripherals.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update

Click Start, click Run, type sysdm.cpl, and then press ENTER.
Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
Click OK button

2. Delete Temp files

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.

4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.

#14
Stang5Liter

Posted 10 October 2011 - 07:05 AM

Member

Topic Starter
Member
53 posts

Thanks for all of your help.

#15
maliprog

Posted 10 October 2011 - 01:16 PM

Trusted Helper

Malware Removal
6,172 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.