Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojans from your links!?

Started by danielle07 , Oct 20 2011 01:35 AM

This topic is locked

#1
danielle07

Posted 20 October 2011 - 01:35 AM

Member

Member
18 posts

Before 4 days ago I noticed that my HP notebook (XP service pack 3) behaves strange.
So, I became more attention on Task Manager and yesterday I noticed that regedit32.exe was showing for a second. I searched all over my comp, but at least found it in the registry.
I deleted it, but my comp is still in the strange behaviour: The high consumption of PF usage is noticed and even, if I close all of the programs, there is activity in CPU Usage. The MS updates pops up occasionally.
I assume, that something is still left in my comp, but I can't find it.

Thank you in advance for your time and efford!

OTL logfile created on: 20.10.2011 9:24:54 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Zofy\Desktop\Security
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: d.M.yyyy

503,36 Mb Total Physical Memory | 283,99 Mb Available Physical Memory | 56,42% Memory free
1,19 Gb Paging File | 0,81 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67,69 Gb Total Space | 49,68 Gb Free Space | 73,40% Space Free | Partition Type: NTFS
Drive D: | 6,83 Gb Total Space | 0,68 Gb Free Space | 9,99% Space Free | Partition Type: FAT32

Computer Name: D | User Name: Zofy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.10.19 16:02:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zofy\Desktop\Security\OTL.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011.04.12 22:40:58 | 000,660,848 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (astcc)
SRV - File not found [Disabled | Stopped] -- -- (aspnet_state)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011.04.12 22:40:58 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2004.08.11 09:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004.08.11 06:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)

========== Driver Services (SafeList) ==========

DRV - [2011.10.19 16:58:23 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utm5nzy2.sys -- (utm5nzy2)
DRV - [2011.09.28 10:37:54 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011.04.12 22:10:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2011.03.10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2009.11.02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.06.22 13:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008.05.08 16:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2006.07.31 03:00:08 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.02.16 09:45:26 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.02.15 15:56:58 | 001,342,570 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006.02.06 04:00:06 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.01.19 15:50:40 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005.09.19 22:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005.09.19 22:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.09.19 22:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 2

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011.10.07 08:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011.10.07 08:33:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011.10.07 08:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.27 09:55:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.09.21 05:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zofy\Application Data\Mozilla\Extensions
[2011.10.15 10:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zofy\Application Data\Mozilla\Firefox\Profiles\alfwwljr.default\extensions
[2011.09.27 09:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ZOFY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ALFWWLJR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011.10.07 08:33:49 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2011.10.07 08:33:49 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2011.10.07 08:33:51 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2011.09.03 08:18:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.03 02:25:08 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011.09.03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 02:25:08 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011.09.03 02:25:08 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011.09.03 02:25:08 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Anti-Banner = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2011.10.19 19:57:44 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://emea-access....SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.223.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA704859-3CB0-4949-B633-903F93252C97}: DhcpNameServer = 192.168.223.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011.04.14 16:10:24 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001.07.27 23:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.10.19 19:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Juniper Networks
[2011.10.19 19:33:23 | 000,406,896 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2011.10.19 19:33:23 | 000,361,840 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll
[2011.10.19 19:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2011.10.19 14:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011.10.19 14:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011.10.19 10:19:38 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\44708738.sys
[2011.10.19 07:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.10.19 07:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011.10.19 07:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.10.19 07:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011.10.19 07:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Local Settings\Application Data\Adobe
[2011.10.18 19:57:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Zofy\Recent
[2011.10.18 19:57:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\Adobe
[2011.10.18 11:56:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011.10.18 09:50:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011.10.17 12:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Martau
[2011.10.17 12:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Total Uninstall 5
[2011.10.13 11:44:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011.10.13 11:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\SampleView
[2011.10.10 12:35:36 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011.10.10 12:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011.10.02 19:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Desktop\Marcantilaan
[2011.09.29 16:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\Downloaded Installations
[2011.09.28 14:01:17 | 000,000,000 | ---D | C] -- C:\LAB
[2011.09.28 14:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.28 14:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.09.28 14:00:16 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.09.28 14:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.28 10:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2012
[2011.09.28 10:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011.09.28 10:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011.09.28 10:37:54 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011.09.27 09:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011.09.26 10:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\Google Chrome
[2011.09.25 16:04:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\Administrative Tools
[2011.09.25 15:47:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Zofy\IECompatCache
[2011.09.25 11:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\Unlocker
[2011.09.25 11:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011.09.24 16:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011.09.24 16:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011.09.24 16:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011.09.24 16:43:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011.09.24 16:26:00 | 001,286,696 | ---- | C] (Juniper Networks) -- C:\Program Files\JuniperSetupClientInstaller.exe
[2011.09.24 16:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\Juniper Networks
[2011.09.24 16:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011.09.24 16:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\Juniper Networks
[2011.09.24 16:14:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011.09.24 14:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.09.23 13:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\WinRAR
[2011.09.23 13:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011.09.23 13:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\WinRAR
[2011.09.23 13:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.09.23 10:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011.09.22 19:14:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.09.22 18:40:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011.09.22 18:40:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.09.22 18:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011.09.22 18:40:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.09.22 18:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011.09.22 17:46:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011.09.22 11:04:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Zofy\PrivacIE
[2011.09.22 11:01:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Zofy\IETldCache
[2011.09.22 10:58:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.09.22 10:56:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011.09.22 10:56:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.09.22 10:56:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011.09.22 10:33:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011.09.22 10:22:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Zofy\My Documents\My Videos
[2011.09.22 07:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\Malwarebytes
[2011.09.21 18:17:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011.09.21 17:04:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011.09.21 16:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011.09.21 16:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\Skype
[2011.09.21 14:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\Macromedia
[2011.09.21 11:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\Sun
[2011.09.21 05:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011.09.21 05:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\My Documents\Downloads
[2011.09.21 05:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Local Settings\Application Data\Mozilla
[2011.09.21 05:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\Mozilla
[2011.09.21 05:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Local Settings\Application Data\Google
[2011.09.21 05:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Bluetooth Software
[2011.09.21 05:29:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Zofy\Application Data\Microsoft
[2011.09.21 05:29:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Zofy\SendTo
[2011.09.21 05:29:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Zofy\Application Data
[2011.09.21 05:29:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\Startup
[2011.09.21 05:29:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Zofy\Start Menu
[2011.09.21 05:29:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Zofy\My Documents\My Pictures
[2011.09.21 05:29:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Zofy\My Documents\My Music
[2011.09.21 05:29:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Zofy\My Documents
[2011.09.21 05:29:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Zofy\Favorites
[2011.09.21 05:29:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\Accessories
[2011.09.21 05:29:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Zofy\Cookies
[2011.09.21 05:29:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Zofy\Templates
[2011.09.21 05:29:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Zofy\PrintHood
[2011.09.21 05:29:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Zofy\NetHood
[2011.09.21 05:29:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Zofy\Local Settings
[2011.09.21 05:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Local Settings\Application Data\Microsoft
[2011.09.21 05:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\Identities
[2011.09.21 05:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Desktop
[2011.09.21 05:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Local Settings\Application Data\ApplicationHistory
[2011.09.21 05:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011.09.21 05:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011.09.21 05:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\Program Shortcuts
[2011.09.21 05:12:40 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011.09.21 04:01:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\i386
[2011.09.21 03:37:22 | 000,000,000 | ---D | C] -- C:\WINDOWS
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.10.20 06:47:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.10.20 06:46:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.10.19 19:57:44 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.10.19 16:58:23 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utm5nzy2.sys
[2011.10.19 10:19:38 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\44708738.sys
[2011.10.19 08:19:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011.10.17 14:05:34 | 000,348,204 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.10.17 14:05:34 | 000,054,620 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.17 12:31:58 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Uninstall 5.lnk
[2011.10.14 09:23:17 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.10.12 10:08:48 | 000,003,366 | ---- | M] () -- C:\Documents and Settings\Zofy\Desktop\keyword_ideas_20111012_0108609.csv
[2011.10.10 17:27:38 | 000,001,502 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator (2).lnk
[2011.10.10 13:01:26 | 000,000,588 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Skyp.lnk
[2011.10.02 09:40:56 | 000,032,116 | ---- | M] () -- C:\Documents and Settings\Zofy\Desktop\SloPodjetja_Nizozemska.pdf
[2011.09.29 11:36:24 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\mbam.lnk
[2011.09.28 11:06:47 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011.09.28 11:06:47 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011.09.28 10:41:25 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Zofy\Local Settings\Application Data\WebpageIcons.db
[2011.09.28 10:37:54 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011.09.27 09:55:59 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011.09.26 12:59:11 | 000,113,464 | ---- | M] () -- C:\cc_20110926_125905.reg
[2011.09.26 12:56:24 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011.09.26 10:22:43 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.09.24 16:47:25 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011.09.24 16:26:10 | 001,286,696 | ---- | M] (Juniper Networks) -- C:\Program Files\JuniperSetupClientInstaller.exe
[2011.09.23 08:40:57 | 000,001,497 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\ExploDer.lnk
[2011.09.23 08:18:53 | 000,001,529 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011.09.22 19:15:00 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011.09.22 18:34:52 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011.09.22 11:01:49 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.09.21 05:16:16 | 000,002,970 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011.09.21 05:13:29 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.10.19 16:58:21 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utm5nzy2.sys
[2011.10.19 08:00:42 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011.10.17 12:31:58 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Uninstall 5.lnk
[2011.10.17 12:31:58 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Total Uninstall 5.lnk
[2011.10.12 10:08:46 | 000,003,366 | ---- | C] () -- C:\Documents and Settings\Zofy\Desktop\keyword_ideas_20111012_0108609.csv
[2011.10.10 17:27:38 | 000,001,502 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator (2).lnk
[2011.10.10 13:01:26 | 000,000,588 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Skyp.lnk
[2011.10.02 09:40:56 | 000,032,116 | ---- | C] () -- C:\Documents and Settings\Zofy\Desktop\SloPodjetja_Nizozemska.pdf
[2011.09.29 11:36:24 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\mbam.lnk
[2011.09.28 10:41:23 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Zofy\Local Settings\Application Data\WebpageIcons.db
[2011.09.28 10:39:46 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011.09.28 10:39:46 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011.09.27 09:55:58 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011.09.26 12:59:08 | 000,113,464 | ---- | C] () -- C:\cc_20110926_125905.reg
[2011.09.26 12:56:24 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011.09.26 10:22:43 | 000,002,259 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.09.24 16:47:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.09.22 12:18:17 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011.09.22 12:16:50 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011.09.22 12:11:09 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011.09.21 14:13:03 | 000,001,529 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011.09.21 11:38:54 | 000,001,497 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\ExploDer.lnk
[2011.09.21 05:29:14 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.09.21 05:29:14 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Zofy\Local Settings\Application Data\fusioncache.dat
[2011.09.21 05:29:14 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011.09.21 05:29:13 | 000,001,603 | ---- | C] () -- C:\Documents and Settings\Zofy\Start Menu\Programs\Remote Assistance.lnk
[2011.09.21 05:29:13 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\Zofy\Start Menu\Programs\Software Setup.lnk
[2011.09.21 05:29:13 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\Zofy\Start Menu\Programs\Internet Explorer.lnk
[2011.09.21 05:29:13 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\Zofy\Start Menu\Programs\Windows Media Player.lnk
[2011.09.21 05:29:13 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Zofy\Start Menu\Programs\Outlook Express.lnk
[2011.09.21 05:13:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009.06.17 10:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2006.08.21 04:49:30 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.08.21 04:48:06 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.02.15 16:04:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.09.21 10:42:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.09.21 10:42:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.09.21 10:33:02 | 000,348,204 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.09.21 10:33:02 | 000,054,620 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.09.21 10:21:16 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.09.21 10:18:40 | 000,186,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.09.20 18:14:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.09.20 18:12:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.04 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 10:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.06.01 11:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002.05.28 10:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.05.28 10:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2006.08.21 05:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011.09.24 16:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011.10.17 12:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2006.08.21 05:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2011.10.18 12:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zofy\Application Data\Downloaded Installations
[2011.10.19 19:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zofy\Application Data\Juniper Networks
[2011.10.13 11:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zofy\Application Data\SampleView

========== Purity Check ==========

< End of report >

#2
danielle07

Posted 21 October 2011 - 10:58 PM

Member

Topic Starter
Member
18 posts

Hi,
I ask for your help few days ago, because I know something is going on on my computer (HP notebook, service pack 3, WinXP).
While waiting for your help, today I try to manage the problem myself and I downloaded erunt.zip and OTM.exe from your site. Before running them I scan them on Virus Total web site and the results are (all fresh scan!):

- erunt.zip - 2 (TrojanSpy.Golns.z + Suspicious File)
http://aumha.org/freeware/freeware.php

- OTM.exe - 4 (Trojan.Win32.Heur.087 + PUA.Packed.PECompact-1 + Suspicious File + Suspicious)

I also checked OTL.exe, which I downloaded few days ago from your Malware and Spyware Cleaning Guide and I noticed no redirection: [http://www.geekstogo...imers-list-it/] and found 4 (Trojan.Win32.Heur.087, PUA.Packed.PECompact-1, Suspicious File, Trojan/Swisyn.see )

I really do not what is happening and do not know how to clean up my computer.
My computer is every day slower, so please for help!

Thank you.

#3
Essexboy

Posted 22 October 2011 - 05:20 AM

GeekU Moderator

Retired Staff
69,964 posts

OTL is safe the reports are false positives (I have the programmes on my system )

What are your current symptoms ?

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Edited by Essexboy, 22 October 2011 - 05:22 AM.
Topics merged

#4
danielle07

Posted 22 October 2011 - 07:03 AM

Member

Topic Starter
Member
18 posts

Hi Essexboy,
thank you to take your time and look at my problem! Really appreciated.
I did as you requested, but:
- OTL did only one log and this is OTL.Txt.
- Extras.Txt was not created! (I try twice, but without success)
- My current symptoms are slow computer and constant higher PF Usage in Task manager. Every second day or third, the icon for MS UpDate is showing in the right corner of Task bar - when I click on the icon, than it vanish.
Thanx again!

OTL logfile created on: 22.10.2011 14:28:57 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Zofy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: d.M.yyyy

503,36 Mb Total Physical Memory | 180,30 Mb Available Physical Memory | 35,82% Memory free
1,19 Gb Paging File | 0,84 Gb Available in Paging File | 70,70% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67,69 Gb Total Space | 49,50 Gb Free Space | 73,13% Space Free | Partition Type: NTFS
Drive D: | 6,83 Gb Total Space | 0,68 Gb Free Space | 9,99% Space Free | Partition Type: FAT32

Computer Name: D | User Name: Zofy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.10.22 14:14:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zofy\Desktop\OTL.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011.04.12 22:40:58 | 000,660,848 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2004.06.01 11:39:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (astcc)
SRV - File not found [Disabled | Stopped] -- -- (aspnet_state)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011.04.12 22:40:58 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2004.08.11 09:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004.08.11 06:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)

========== Driver Services (SafeList) ==========

DRV - [2011.10.19 16:58:23 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utm5nzy2.sys -- (utm5nzy2)
DRV - [2011.09.28 10:37:54 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011.04.12 22:10:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2011.03.10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2009.11.02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.06.22 13:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008.05.08 16:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2006.07.31 03:00:08 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.02.16 09:45:26 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.02.15 15:56:58 | 001,342,570 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006.02.06 04:00:06 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.01.19 15:50:40 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005.09.19 22:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005.09.19 22:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.09.19 22:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 2

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011.10.07 08:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011.10.07 08:33:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011.10.07 08:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.27 09:55:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.09.21 05:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zofy\Application Data\Mozilla\Extensions
[2011.10.15 10:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zofy\Application Data\Mozilla\Firefox\Profiles\alfwwljr.default\extensions
[2011.09.27 09:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ZOFY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ALFWWLJR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011.10.07 08:33:49 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2011.10.07 08:33:49 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2011.10.07 08:33:51 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2011.09.03 08:18:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.03 02:25:08 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011.09.03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 02:25:08 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011.09.03 02:25:08 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011.09.03 02:25:08 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Anti-Banner = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2011.10.20 13:26:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://emea-access....SetupClient.cab (JuniperSetupClientControl Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.14 16:10:24 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001.07.27 23:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.10.22 14:13:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Zofy\Desktop\OTL.exe
[2011.10.22 10:30:17 | 000,705,952 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Zofy\Desktop\SpyHunter-Installer.exe
[2011.10.21 13:49:32 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011.10.21 12:57:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Zofy\Recent
[2011.10.21 09:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Local Settings\Application Data\Identities
[2011.10.20 16:58:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.10.20 13:28:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.10.20 13:19:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.10.20 13:19:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.10.20 13:19:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.10.20 13:19:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.10.20 13:18:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.10.19 19:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Juniper Networks
[2011.10.19 19:33:23 | 000,406,896 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2011.10.19 19:33:23 | 000,361,840 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll
[2011.10.19 19:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2011.10.19 10:19:38 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\44708738.sys
[2011.10.19 07:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.10.19 07:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011.10.19 07:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.10.19 07:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011.10.19 07:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Local Settings\Application Data\Adobe
[2011.10.18 19:57:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\Adobe
[2011.10.18 11:56:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011.10.13 11:44:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011.10.13 11:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\SampleView
[2011.10.10 12:35:36 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011.10.10 12:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011.10.02 19:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Desktop\Mercantilaan
[2011.09.29 16:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\Downloaded Installations
[2011.09.28 14:01:17 | 000,000,000 | ---D | C] -- C:\LAB
[2011.09.28 14:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.28 14:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.09.28 14:00:16 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.09.28 14:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.28 10:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2012
[2011.09.28 10:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011.09.28 10:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011.09.28 10:37:54 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011.09.27 09:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011.09.26 10:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\Google Chrome
[2011.09.25 16:04:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\Administrative Tools
[2011.09.25 15:47:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Zofy\IECompatCache
[2011.09.25 11:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\Unlocker
[2011.09.25 11:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011.09.24 16:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011.09.24 16:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011.09.24 16:43:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011.09.24 16:26:00 | 001,286,696 | ---- | C] (Juniper Networks) -- C:\Program Files\JuniperSetupClientInstaller.exe
[2011.09.24 16:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\Juniper Networks
[2011.09.24 16:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011.09.24 16:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\Juniper Networks
[2011.09.24 16:14:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011.09.24 14:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.09.23 13:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\WinRAR
[2011.09.23 13:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011.09.23 13:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\WinRAR
[2011.09.23 13:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.09.23 10:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011.09.22 19:14:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.09.22 18:40:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011.09.22 18:40:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.09.22 18:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011.09.22 18:40:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.09.22 18:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011.09.22 17:46:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.10.22 14:14:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zofy\Desktop\OTL.exe
[2011.10.22 14:06:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.10.22 14:06:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.10.22 10:30:25 | 000,705,952 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Zofy\Desktop\SpyHunter-Installer.exe
[2011.10.20 18:58:58 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011.10.20 13:26:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.10.19 16:58:23 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utm5nzy2.sys
[2011.10.19 10:19:38 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\44708738.sys
[2011.10.19 08:19:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011.10.17 14:05:34 | 000,348,204 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.10.17 14:05:34 | 000,054,620 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.14 09:23:17 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.10.12 10:08:48 | 000,003,366 | ---- | M] () -- C:\Documents and Settings\Zofy\Desktop\keyword_ideas_20111012_0108609.csv
[2011.10.10 17:27:38 | 000,001,502 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator (2).lnk
[2011.10.02 09:40:56 | 000,032,116 | ---- | M] () -- C:\Documents and Settings\Zofy\Desktop\SloPodjetja_Nizozemska.pdf
[2011.09.29 11:36:24 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\mbam.lnk
[2011.09.28 11:06:47 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011.09.28 11:06:47 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011.09.28 10:41:25 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Zofy\Local Settings\Application Data\WebpageIcons.db
[2011.09.28 10:37:54 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011.09.27 09:55:59 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011.09.26 12:59:11 | 000,113,464 | ---- | M] () -- C:\cc_20110926_125905.reg
[2011.09.26 12:56:24 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011.09.26 10:22:43 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.09.24 16:47:25 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011.09.24 16:26:10 | 001,286,696 | ---- | M] (Juniper Networks) -- C:\Program Files\JuniperSetupClientInstaller.exe
[2011.09.23 08:40:57 | 000,001,497 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\ExploDer.lnk
[2011.09.23 08:18:53 | 000,001,529 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011.09.22 19:15:00 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011.09.22 18:34:52 | 000,250,048 | RHS- | M] () -- C:\ntldr
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.10.20 18:58:58 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011.10.20 13:19:00 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.10.20 13:19:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.10.20 13:19:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.10.20 13:19:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.10.20 13:19:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.10.19 16:58:21 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utm5nzy2.sys
[2011.10.19 08:00:42 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011.10.12 10:08:46 | 000,003,366 | ---- | C] () -- C:\Documents and Settings\Zofy\Desktop\keyword_ideas_20111012_0108609.csv
[2011.10.10 17:27:38 | 000,001,502 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator (2).lnk
[2011.10.02 09:40:56 | 000,032,116 | ---- | C] () -- C:\Documents and Settings\Zofy\Desktop\SloPodjetja_Nizozemska.pdf
[2011.09.29 11:36:24 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\mbam.lnk
[2011.09.28 10:41:23 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Zofy\Local Settings\Application Data\WebpageIcons.db
[2011.09.28 10:39:46 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011.09.28 10:39:46 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011.09.27 09:55:58 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011.09.26 12:59:08 | 000,113,464 | ---- | C] () -- C:\cc_20110926_125905.reg
[2011.09.26 12:56:24 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011.09.26 10:22:43 | 000,002,259 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.09.24 16:47:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.09.21 05:29:14 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Zofy\Local Settings\Application Data\fusioncache.dat
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009.06.17 10:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2006.08.21 04:49:30 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.08.21 04:48:06 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.02.15 16:04:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.09.21 10:42:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.09.21 10:42:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.09.21 10:33:02 | 000,348,204 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.09.21 10:33:02 | 000,054,620 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.09.21 10:21:16 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.09.21 10:18:40 | 000,186,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.09.20 18:14:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.09.20 18:12:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.04 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 10:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.06.01 11:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002.05.28 10:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.05.28 10:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2006.08.21 05:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011.09.24 16:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2006.08.21 05:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2011.10.18 12:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zofy\Application Data\Downloaded Installations
[2011.10.19 19:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zofy\Application Data\Juniper Networks
[2011.10.13 11:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zofy\Application Data\SampleView

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >

#5
danielle07

Posted 22 October 2011 - 07:04 AM

Member

Topic Starter
Member
18 posts

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-22 14:35:48
-----------------------------
14:35:48.312 OS Version: Windows 5.1.2600 Service Pack 3
14:35:48.312 Number of processors: 2 586 0xF06
14:35:48.312 ComputerName: D UserName:
14:44:45.953 Initialize success
14:45:04.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:45:04.875 Disk 0 Vendor: ST98823A 7.24 Size: 76319MB BusType: 3
14:45:04.921 Disk 0 MBR read successfully
14:45:04.937 Disk 0 MBR scan
14:45:04.937 Disk 0 unknown MBR code
14:45:04.984 Disk 0 scanning sectors +156295440
14:45:05.093 Disk 0 scanning C:\WINDOWS\system32\drivers
14:45:12.875 Service scanning
14:45:13.359 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
14:45:13.359 Service ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys **LOCKED** 32
14:45:13.375 Service ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys **LOCKED** 32
14:45:13.390 Service AEAudioService C:\WINDOWS\system32\drivers\AEAudio.sys **LOCKED** 32
14:45:13.406 Service aec C:\WINDOWS\system32\drivers\aec.sys **LOCKED** 32
14:45:13.406 Service AFD C:\WINDOWS\System32\drivers\afd.sys **LOCKED** 32
14:45:13.421 Service AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys **LOCKED** 32
14:45:13.437 Service AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys **LOCKED** 32
14:45:13.468 Service Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys **LOCKED** 32
14:45:13.484 Service AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys **LOCKED** 32
14:45:13.500 Service atapi C:\WINDOWS\system32\DRIVERS\atapi.sys **LOCKED** 32
14:45:13.515 Service Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys **LOCKED** 32
14:45:13.531 Service audstub C:\WINDOWS\system32\DRIVERS\audstub.sys **LOCKED** 32
14:45:13.562 Service bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys **LOCKED** 32
14:45:13.578 Service Beep C:\WINDOWS\System32\Drivers\Beep.sys **LOCKED** 32
14:45:13.593 Service BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys **LOCKED** 32
14:45:13.609 Service BTWUSB C:\WINDOWS\System32\Drivers\btwusb.sys **LOCKED** 32
14:45:13.625 Service cbidf2k C:\WINDOWS\System32\Drivers\cbidf2k.sys **LOCKED** 32
14:45:13.656 Service Cdaudio C:\WINDOWS\System32\Drivers\Cdaudio.sys **LOCKED** 32
14:45:13.671 Service Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys **LOCKED** 32
14:45:13.687 Service CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys **LOCKED** 32
14:45:13.718 Service Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys **LOCKED** 32
14:45:13.734 Service Disk C:\WINDOWS\system32\DRIVERS\disk.sys **LOCKED** 32
14:45:13.765 Service dmboot C:\WINDOWS\System32\drivers\dmboot.sys **LOCKED** 32
14:45:13.781 Service dmio C:\WINDOWS\System32\drivers\dmio.sys **LOCKED** 32
14:45:13.796 Service dmload C:\WINDOWS\System32\drivers\dmload.sys **LOCKED** 32
14:45:13.828 Service DMusic C:\WINDOWS\system32\drivers\DMusic.sys **LOCKED** 32
14:45:13.843 Service drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys **LOCKED** 32
14:45:13.859 Service dsNcAdpt C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys **LOCKED** 32
14:45:13.890 Service eabfiltr C:\WINDOWS\system32\DRIVERS\eabfiltr.sys **LOCKED** 32
14:45:13.906 Service eabusb C:\WINDOWS\system32\DRIVERS\eabusb.sys **LOCKED** 32
14:45:13.937 Service Fdc C:\WINDOWS\System32\Drivers\Fdc.sys **LOCKED** 32
14:45:13.953 Service Fips C:\WINDOWS\System32\Drivers\Fips.sys **LOCKED** 32
14:45:13.968 Service Flpydisk C:\WINDOWS\System32\Drivers\Flpydisk.sys **LOCKED** 32
14:45:14.000 Service Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys **LOCKED** 32
14:45:14.015 Service Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys **LOCKED** 32
14:45:14.031 Service HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys **LOCKED** 32
14:45:14.062 Service HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys **LOCKED** 32
14:45:14.078 Service HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys **LOCKED** 32
14:45:14.093 Service HTTP C:\WINDOWS\System32\Drivers\HTTP.sys **LOCKED** 32
14:45:14.125 Service i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys **LOCKED** 32
14:45:14.140 Service ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys **LOCKED** 32
14:45:14.156 Service iaStor C:\WINDOWS\System32\DRIVERS\iaStor.sys **LOCKED** 32
14:45:14.187 Service Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys **LOCKED** 32
14:45:14.203 Service IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys **LOCKED** 32
14:45:14.234 Service intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys **LOCKED** 32
14:45:14.250 Service Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys **LOCKED** 32
14:45:14.265 Service IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys **LOCKED** 32
14:45:14.281 Service IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys **LOCKED** 32
14:45:14.312 Service IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys **LOCKED** 32
14:45:14.328 Service IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys **LOCKED** 32
14:45:14.343 Service IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys **LOCKED** 32
14:45:14.375 Service isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys **LOCKED** 32
14:45:14.390 Service Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys **LOCKED** 32
14:45:14.406 Service kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys **LOCKED** 32
14:45:14.437 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 32
14:45:14.453 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 32
14:45:14.468 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 32
14:45:14.500 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 32
14:45:14.515 Service kmixer C:\WINDOWS\system32\drivers\kmixer.sys **LOCKED** 32
14:45:14.531 Service KSecDD C:\WINDOWS\System32\Drivers\KSecDD.sys **LOCKED** 32
14:45:14.562 Service mnmdd C:\WINDOWS\System32\Drivers\mnmdd.sys **LOCKED** 32
14:45:14.578 Service Modem C:\WINDOWS\System32\Drivers\Modem.sys **LOCKED** 32
14:45:14.609 Service Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys **LOCKED** 32
14:45:14.625 Service mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys **LOCKED** 32
14:45:14.640 Service MountMgr C:\WINDOWS\System32\Drivers\MountMgr.sys **LOCKED** 32
14:45:14.671 Service MQAC C:\WINDOWS\system32\drivers\mqac.sys **LOCKED** 32
14:45:14.687 Service MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys **LOCKED** 32
14:45:14.703 Service MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys **LOCKED** 32
14:45:14.734 Service MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys **LOCKED** 32
14:45:14.750 Service mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys **LOCKED** 32
14:45:14.765 Service NDIS C:\WINDOWS\System32\Drivers\NDIS.sys **LOCKED** 32
14:45:14.796 Service NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys **LOCKED** 32
14:45:14.812 Service Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys **LOCKED** 32
14:45:14.828 Service NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys **LOCKED** 32
14:45:14.859 Service NDProxy C:\WINDOWS\System32\Drivers\NDProxy.sys **LOCKED** 32
14:45:14.875 Service NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys **LOCKED** 32
14:45:14.890 Service NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys **LOCKED** 32
14:45:14.921 Service Null C:\WINDOWS\System32\Drivers\Null.sys **LOCKED** 32
14:45:14.937 Service NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys **LOCKED** 32
14:45:14.968 Service NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys **LOCKED** 32
14:45:14.984 Service ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys **LOCKED** 32
14:45:15.000 Service Parport C:\WINDOWS\system32\DRIVERS\parport.sys **LOCKED** 32
14:45:15.031 Service PartMgr C:\WINDOWS\System32\Drivers\PartMgr.sys **LOCKED** 32
14:45:15.046 Service ParVdm C:\WINDOWS\System32\Drivers\ParVdm.sys **LOCKED** 32
14:45:15.062 Service PCI C:\WINDOWS\system32\DRIVERS\pci.sys **LOCKED** 32
14:45:15.093 Service PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys **LOCKED** 32
14:45:15.109 Service Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys **LOCKED** 32
14:45:15.140 Service PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys **LOCKED** 32
14:45:15.156 Service PSched C:\WINDOWS\system32\DRIVERS\psched.sys **LOCKED** 32
14:45:15.171 Service Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys **LOCKED** 32
14:45:15.203 Service RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys **LOCKED** 32
14:45:15.218 Service Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys **LOCKED** 32
14:45:15.250 Service RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys **LOCKED** 32
14:45:15.265 Service Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys **LOCKED** 32
14:45:15.281 Service RDPCDD C:\WINDOWS\System32\DRIVERS\RDPCDD.sys **LOCKED** 32
14:45:15.312 Service rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys **LOCKED** 32
14:45:15.328 Service RDPWD C:\WINDOWS\System32\Drivers\RDPWD.sys **LOCKED** 32
14:45:15.343 Service redbook C:\WINDOWS\system32\DRIVERS\redbook.sys **LOCKED** 32
14:45:15.375 Service RMCAST C:\WINDOWS\system32\drivers\RMCast.sys **LOCKED** 32
14:45:15.390 Service Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys **LOCKED** 32
14:45:15.421 Service Serial C:\WINDOWS\System32\Drivers\Serial.sys **LOCKED** 32
14:45:15.437 Service Sfloppy C:\WINDOWS\System32\Drivers\Sfloppy.sys **LOCKED** 32
14:45:15.453 Service splitter C:\WINDOWS\system32\drivers\splitter.sys **LOCKED** 32
14:45:15.484 Service swenum C:\WINDOWS\system32\DRIVERS\swenum.sys **LOCKED** 32
14:45:15.500 Service swmidi C:\WINDOWS\system32\drivers\swmidi.sys **LOCKED** 32
14:45:15.531 Service SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys **LOCKED** 32
14:45:15.546 Service sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys **LOCKED** 32
14:45:15.562 Service Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys **LOCKED** 32
14:45:15.593 Service TDPIPE C:\WINDOWS\System32\Drivers\TDPIPE.sys **LOCKED** 32
14:45:15.609 Service TDTCP C:\WINDOWS\System32\Drivers\TDTCP.sys **LOCKED** 32
14:45:15.625 Service TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys **LOCKED** 32
14:45:15.656 Service Update C:\WINDOWS\system32\DRIVERS\update.sys **LOCKED** 32
14:45:15.671 Service usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys **LOCKED** 32
14:45:15.687 Service usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys **LOCKED** 32
14:45:15.718 Service usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS **LOCKED** 32
14:45:15.734 Service usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys **LOCKED** 32
14:45:15.750 Service utm5nzy2 C:\WINDOWS\system32\Drivers\utm5nzy2.sys **LOCKED** 32
14:45:15.781 Service VgaSave C:\WINDOWS\System32\drivers\vga.sys **LOCKED** 32
14:45:15.796 Service ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys **LOCKED** 32
14:45:15.812 Service VolSnap C:\WINDOWS\System32\Drivers\VolSnap.sys **LOCKED** 32
14:45:15.843 Service w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys **LOCKED** 32
14:45:15.859 Service Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys **LOCKED** 32
14:45:15.875 Service wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys **LOCKED** 32
14:45:15.906 Service WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys **LOCKED** 32
14:45:16.437 Modules scanning
14:45:31.593 Disk 0 trace - called modules:
14:45:31.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
14:45:31.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d29030]
14:45:31.671 3 CLASSPNP.SYS[f85f2fd7] -> nt!IofCallDriver -> \Device\00000090[0x82d6d590]
14:45:31.703 5 ACPI.sys[f8489620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x82d6a030]
14:45:31.718 Scan finished successfully
14:46:06.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Zofy\Desktop\MBR.dat"
14:46:06.328 The log file has been saved successfully to "C:\Documents and Settings\Zofy\Desktop\aswMBR.txt"

#6
Essexboy

Posted 22 October 2011 - 07:16 AM

GeekU Moderator

Retired Staff
69,964 posts

OK a few minor elements to remove and I would then like you to run an analysis scan for me with Kaspersky

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2119758564-1861339448-2262761727-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please follow the instruction on this page to create an analysis zip file, please attach that in your next post

#7
danielle07

Posted 22 October 2011 - 08:08 AM

Member

Topic Starter
Member
18 posts

Hmm, while executing your OTL fix, the program freezes and blank blue screen appeared only with my mouse arrow. So, I call up the Task manager and rebooted the computer. After reboot the box with the massage appeared:
OTL: Cannot create file: C:\windows\system32\drivers\etc\hosts.
I got only solution with the OK button and than computer load on normal position.
Hope, that OTL log will be fine.

I noticed, that Spoolsv.exe is running though I do not have any printers installed on this comp.

Thank you.

OTL logfile created on: 22.10.2011 15:47:39 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Zofy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: d.M.yyyy

503,36 Mb Total Physical Memory | 202,28 Mb Available Physical Memory | 40,19% Memory free
1,19 Gb Paging File | 0,88 Gb Available in Paging File | 73,40% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67,69 Gb Total Space | 49,53 Gb Free Space | 73,18% Space Free | Partition Type: NTFS
Drive D: | 6,83 Gb Total Space | 0,68 Gb Free Space | 9,99% Space Free | Partition Type: FAT32

Computer Name: D | User Name: Zofy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.10.22 14:14:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zofy\Desktop\OTL.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011.04.12 22:40:58 | 000,660,848 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2004.06.01 11:39:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (astcc)
SRV - File not found [Disabled | Stopped] -- -- (aspnet_state)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011.04.12 22:40:58 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2004.08.11 09:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004.08.11 06:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)

========== Driver Services (SafeList) ==========

DRV - [2011.10.19 16:58:23 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utm5nzy2.sys -- (utm5nzy2)
DRV - [2011.09.28 10:37:54 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011.04.12 22:10:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2011.03.10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2009.11.02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.06.22 13:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008.05.08 16:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2006.07.31 03:00:08 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.02.16 09:45:26 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.02.15 15:56:58 | 001,342,570 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006.02.06 04:00:06 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.01.19 15:50:40 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005.09.19 22:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005.09.19 22:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.09.19 22:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 2

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011.10.07 08:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011.10.07 08:33:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011.10.07 08:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.27 09:55:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.09.21 05:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zofy\Application Data\Mozilla\Extensions
[2011.10.15 10:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zofy\Application Data\Mozilla\Firefox\Profiles\alfwwljr.default\extensions
[2011.09.27 09:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ZOFY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ALFWWLJR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011.10.07 08:33:49 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2011.10.07 08:33:49 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2011.10.07 08:33:51 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2011.09.03 08:18:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.03 02:25:08 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011.09.03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 02:25:08 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011.09.03 02:25:08 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011.09.03 02:25:08 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Anti-Banner = C:\Documents and Settings\Zofy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2011.10.20 13:26:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://emea-access....SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.223.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA704859-3CB0-4949-B633-903F93252C97}: DhcpNameServer = 192.168.223.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.14 16:10:24 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001.07.27 23:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.10.22 15:36:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.10.22 14:34:18 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Zofy\Desktop\aswMBR.exe
[2011.10.22 14:13:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Zofy\Desktop\OTL.exe
[2011.10.22 10:30:17 | 000,705,952 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Zofy\Desktop\SpyHunter-Installer.exe
[2011.10.21 13:49:32 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011.10.21 12:57:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Zofy\Recent
[2011.10.21 09:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Local Settings\Application Data\Identities
[2011.10.20 16:58:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.10.20 13:28:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.10.20 13:19:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.10.20 13:19:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.10.20 13:19:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.10.20 13:19:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.10.20 13:18:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.10.19 19:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Juniper Networks
[2011.10.19 19:33:23 | 000,406,896 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2011.10.19 19:33:23 | 000,361,840 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll
[2011.10.19 19:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2011.10.19 10:19:38 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\44708738.sys
[2011.10.19 07:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.10.19 07:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011.10.19 07:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.10.19 07:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011.10.19 07:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Local Settings\Application Data\Adobe
[2011.10.18 19:57:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\Adobe
[2011.10.18 11:56:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011.10.13 11:44:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011.10.13 11:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\SampleView
[2011.10.10 12:35:36 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011.10.10 12:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011.10.02 19:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Desktop\Mercantilaan
[2011.09.29 16:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\Downloaded Installations
[2011.09.28 14:01:17 | 000,000,000 | ---D | C] -- C:\LAB
[2011.09.28 14:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.28 14:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.09.28 14:00:16 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.09.28 14:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.28 10:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2012
[2011.09.28 10:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011.09.28 10:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011.09.28 10:37:54 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011.09.27 09:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011.09.26 10:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\Google Chrome
[2011.09.25 16:04:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\Administrative Tools
[2011.09.25 15:47:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Zofy\IECompatCache
[2011.09.25 11:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\Unlocker
[2011.09.25 11:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011.09.24 16:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011.09.24 16:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011.09.24 16:43:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011.09.24 16:26:00 | 001,286,696 | ---- | C] (Juniper Networks) -- C:\Program Files\JuniperSetupClientInstaller.exe
[2011.09.24 16:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\Juniper Networks
[2011.09.24 16:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011.09.24 16:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\Juniper Networks
[2011.09.24 16:14:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011.09.24 14:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.09.23 13:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Application Data\WinRAR
[2011.09.23 13:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011.09.23 13:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zofy\Start Menu\Programs\WinRAR
[2011.09.23 13:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.09.23 10:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011.09.22 19:14:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.09.22 18:40:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011.09.22 18:40:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.09.22 18:40:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011.09.22 18:40:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.09.22 18:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011.09.22 17:46:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.10.22 15:44:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.10.22 15:43:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.10.22 14:46:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Zofy\Desktop\MBR.dat
[2011.10.22 14:34:18 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Zofy\Desktop\aswMBR.exe
[2011.10.22 14:14:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zofy\Desktop\OTL.exe
[2011.10.22 10:30:25 | 000,705,952 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Zofy\Desktop\SpyHunter-Installer.exe
[2011.10.20 18:58:58 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011.10.20 13:26:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.10.19 16:58:23 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utm5nzy2.sys
[2011.10.19 10:19:38 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\44708738.sys
[2011.10.19 08:19:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011.10.17 14:05:34 | 000,348,204 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.10.17 14:05:34 | 000,054,620 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.14 09:23:17 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.10.12 10:08:48 | 000,003,366 | ---- | M] () -- C:\Documents and Settings\Zofy\Desktop\keyword_ideas_20111012_0108609.csv
[2011.10.10 17:27:38 | 000,001,502 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator (2).lnk
[2011.10.02 09:40:56 | 000,032,116 | ---- | M] () -- C:\Documents and Settings\Zofy\Desktop\SloPodjetja_Nizozemska.pdf
[2011.09.29 11:36:24 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\mbam.lnk
[2011.09.28 11:06:47 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011.09.28 11:06:47 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011.09.28 10:41:25 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Zofy\Local Settings\Application Data\WebpageIcons.db
[2011.09.28 10:37:54 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011.09.27 09:55:59 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011.09.26 12:59:11 | 000,113,464 | ---- | M] () -- C:\cc_20110926_125905.reg
[2011.09.26 12:56:24 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011.09.26 10:22:43 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.09.24 16:47:25 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011.09.24 16:26:10 | 001,286,696 | ---- | M] (Juniper Networks) -- C:\Program Files\JuniperSetupClientInstaller.exe
[2011.09.23 08:40:57 | 000,001,497 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\ExploDer.lnk
[2011.09.23 08:18:53 | 000,001,529 | ---- | M] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011.09.22 19:15:00 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011.09.22 18:34:52 | 000,250,048 | RHS- | M] () -- C:\ntldr
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.10.22 14:46:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Zofy\Desktop\MBR.dat
[2011.10.20 18:58:58 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011.10.20 13:19:00 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.10.20 13:19:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.10.20 13:19:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.10.20 13:19:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.10.20 13:19:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.10.19 16:58:21 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utm5nzy2.sys
[2011.10.19 08:00:42 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011.10.12 10:08:46 | 000,003,366 | ---- | C] () -- C:\Documents and Settings\Zofy\Desktop\keyword_ideas_20111012_0108609.csv
[2011.10.10 17:27:38 | 000,001,502 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator (2).lnk
[2011.10.02 09:40:56 | 000,032,116 | ---- | C] () -- C:\Documents and Settings\Zofy\Desktop\SloPodjetja_Nizozemska.pdf
[2011.09.29 11:36:24 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\mbam.lnk
[2011.09.28 10:41:23 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Zofy\Local Settings\Application Data\WebpageIcons.db
[2011.09.28 10:39:46 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011.09.28 10:39:46 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011.09.27 09:55:58 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011.09.26 12:59:08 | 000,113,464 | ---- | C] () -- C:\cc_20110926_125905.reg
[2011.09.26 12:56:24 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011.09.26 10:22:43 | 000,002,259 | ---- | C] () -- C:\Documents and Settings\Zofy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.09.24 16:47:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.09.21 05:29:14 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Zofy\Local Settings\Application Data\fusioncache.dat
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009.06.17 10:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2006.08.21 04:49:30 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.08.21 04:48:06 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.02.15 16:04:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.09.21 10:42:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.09.21 10:42:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.09.21 10:33:02 | 000,348,204 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.09.21 10:33:02 | 000,054,620 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.09.21 10:21:16 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.09.21 10:18:40 | 000,186,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.09.20 18:14:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.09.20 18:12:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.04 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 10:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.06.01 11:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002.05.28 10:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.05.28 10:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2011.09.24 16:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011.10.18 12:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zofy\Application Data\Downloaded Installations
[2011.10.19 19:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zofy\Application Data\Juniper Networks
[2011.10.13 11:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zofy\Application Data\SampleView

========== Purity Check ==========

< End of report >

Attached Files

sysinfo.zip 17.14KB 97 downloads

#8
danielle07

Posted 22 October 2011 - 08:10 AM

Member

Topic Starter
Member
18 posts

10222011_153656.log:

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

This was created after reboot.

#9
Essexboy

Posted 22 October 2011 - 08:18 AM

GeekU Moderator

Retired Staff
69,964 posts

Spoolsv is not essential so you can set it to manual within Control Panel, Administrative tools, services

Do you have any minidump files at C:\Windows\minidumps

#10
danielle07

Posted 22 October 2011 - 08:47 AM

Member

Topic Starter
Member
18 posts

No minidumps on my comp.
(sorry for delay - my dog has emergency call)

#11
Essexboy

Posted 22 October 2011 - 11:06 AM

GeekU Moderator

Retired Staff
69,964 posts

Are you still get the freezes/crashes ?

#12
danielle07

Posted 23 October 2011 - 02:33 AM

Member

Topic Starter
Member
18 posts

I tested my comp all this morning and the MS Update icon is not showing anymore, but computer is still slow.
I noticed, when I turn on my comp the PF Usage in Task manager is around 310MB (before a week ago - with the same computer configuration - there was 270MB).
After an hour the PF Usage raised to 470MB, though all programs are closed and computer works slower and slower (before, when I closed all programs the PF Usage returns on 270MB).
I must restart and than the PF Usage is back to 310MB and after the hour the same story must be accomplished.

Thank you for your time and efford!

#13
Essexboy

Posted 23 October 2011 - 05:50 AM

GeekU Moderator

Retired Staff
69,964 posts

OK one more confirmatory malware programme before we start investigating the system

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#14
danielle07

Posted 23 October 2011 - 07:21 AM

Member

Topic Starter
Member
18 posts

Yes, it is much, much better. I should say my comp is almost as it's been before.
I tested with the browser and when I shout down the browser the PF USage returns down to 290MB.
Most of all, what I forgot to tell you, the comp is now running in silent (before it's running loudly).

After enabled ComboFix Run button the program requested to install MS win recovery console.(This machine doesn't have a MS Win Recovery console installed).
Hope I did it right?
THANK you Essexboy!

ComboFix 11-10-23.01 - Zofy 23.10.2011 14:28:07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.386.1033.18.503.319 [GMT 2:00]
Running from: c:\documents and settings\Zofy\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\help\tours\htmltour\unlock_playing.htm
.
.
((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))
.
.
2011-10-23 07:11 . 2011-10-23 07:11 -------- d--h--w- c:\windows\PIF
2011-10-22 13:36 . 2011-10-22 13:36 -------- d-----w- C:\_OTL
2011-10-21 07:28 . 2011-10-21 07:28 -------- d-----w- c:\documents and settings\Zofy\Local Settings\Application Data\Identities
2011-10-19 17:33 . 2011-04-12 20:41 406896 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2011-10-19 17:33 . 2011-04-12 20:41 361840 ----a-w- c:\windows\system32\dsNcCredProv.dll
2011-10-19 17:32 . 2011-10-19 17:33 -------- d-----w- c:\program files\Juniper Networks
2011-10-19 14:58 . 2011-10-19 14:58 7168 ----a-w- c:\windows\system32\drivers\utm5nzy2.sys
2011-10-19 13:04 . 2011-10-19 13:04 12172336 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
2011-10-19 08:19 . 2011-10-19 08:19 94896 ----a-w- c:\windows\system32\drivers\44708738.sys
2011-10-19 05:59 . 2011-10-19 06:00 -------- d-----w- c:\program files\Common Files\Adobe
2011-10-19 05:47 . 2011-10-19 05:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-19 05:47 . 2011-10-19 06:03 -------- d-----w- c:\documents and settings\Zofy\Local Settings\Application Data\Adobe
2011-10-18 16:10 . 2011-10-18 16:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-10-13 09:43 . 2011-10-13 09:43 -------- d-----w- c:\documents and settings\Zofy\Application Data\SampleView
2011-10-10 10:35 . 2011-10-20 16:58 -------- d-----r- c:\program files\Skype
2011-09-29 14:51 . 2011-10-18 10:06 -------- d-----w- c:\documents and settings\Zofy\Application Data\Downloaded Installations
2011-09-28 12:01 . 2011-10-20 15:33 -------- d-----w- C:\LAB
2011-09-28 12:00 . 2011-09-28 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-28 12:00 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-28 12:00 . 2011-10-17 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-28 08:39 . 2011-09-28 09:06 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2011-09-28 08:39 . 2011-09-28 09:06 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-09-28 08:38 . 2011-10-23 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2011-09-28 08:38 . 2011-09-28 08:38 -------- d-----w- c:\program files\Kaspersky Lab
2011-09-26 10:59 . 2011-09-26 10:59 113464 ----a-w- C:\cc_20110926_125905.reg
2011-09-26 09:41 . 2011-09-26 09:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-25 13:47 . 2011-09-25 13:47 -------- d-sh--w- c:\documents and settings\Zofy\IECompatCache
2011-09-25 09:55 . 2011-10-20 10:50 -------- d-----w- c:\program files\Unlocker
2011-09-24 14:45 . 2011-09-24 14:45 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-09-24 14:43 . 2011-09-24 14:45 -------- d-----w- c:\windows\SHELLNEW
2011-09-24 14:26 . 2011-09-24 14:26 1286696 ----a-w- c:\program files\JuniperSetupClientInstaller.exe
2011-09-24 14:15 . 2011-09-24 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2011-09-24 14:15 . 2011-10-19 17:22 -------- d-----w- c:\documents and settings\Zofy\Application Data\Juniper Networks
2011-09-24 14:14 . 2011-09-24 14:14 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2004-08-04 08:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2004-08-04 08:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 08:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 08:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-04 08:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-03 06:18 . 2011-09-27 07:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2006-02-22 15:03 40960 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2006-02-14 17:49 454656 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-23 12:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-23 12:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-12-20 22:51 1187840 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-01-23 23:11 802816 ----a-w- c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-02-15 22:43 892928 ----a-w- c:\windows\SMINST\Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-10 18:04 761945 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PCA"=2 (0x2)
"LightScribeService"=2 (0x2)
"IDriverT"=3 (0x3)
"hpqwmiex"=2 (0x2)
"btwdins"=2 (0x2)
"TapiSrv"=3 (0x3)
"Spooler"=3 (0x3)
"Schedule"=2 (0x2)
"RemoteRegistry"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"MSMQTriggers"=2 (0x2)
"MSMQ"=2 (0x2)
"CryptSvc"=3 (0x3)
"NitroDriverReadSpool"=2 (0x2)
"aspnet_state"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [4.3.2011 13:23 11352]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10.3.2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.11.2009 20:27 19472]
S3 utm5nzy2;AVZ Kernel Driver;c:\windows\system32\drivers\utm5nzy2.sys [19.10.2011 16:58 7168]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Zofy\Application Data\Mozilla\Firefox\Profiles\alfwwljr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-23 14:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-10-23 14:34:31
ComboFix-quarantined-files.txt 2011-10-23 12:34
ComboFix2.txt 2011-10-20 11:28
.
Pre-Run: 53.127.286.784 bytes free
Post-Run: 53.115.166.720 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B562D88A67DCE60801E98BC8AE85E75B

#15
Essexboy

Posted 23 October 2011 - 07:30 AM

GeekU Moderator

Retired Staff
69,964 posts

OK progress

Lets do a final sweep before we look at the speed problem

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.