Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Netbook's CPU usage is 100%when idle and too slow!


  • Please log in to reply

#61
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
OTL logfile created on: 11/10/2011 1:49:09 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 697.70 Mb Available Physical Memory | 68.72% Memory free
2.38 Gb Paging File | 2.21 Gb Available in Paging File | 92.74% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.13 Gb Total Space | 24.39 Gb Free Space | 34.78% Space Free | Partition Type: NTFS
Drive D: | 78.91 Gb Total Space | 21.16 Gb Free Space | 26.81% Space Free | Partition Type: NTFS

Computer Name: COMPUTER_1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/30 21:01:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
PRC - [2011/10/01 21:54:23 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 01:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/24 03:43:48 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions\{c66f6b8c-7cdb-437c-b9db-9a7a7d9cdd1b}\components\RadioWMPCoreGecko7.dll
MOD - [2011/10/01 21:54:22 | 001,833,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (STacSV)
SRV - File not found [Auto | Stopped] -- -- (HWDeviceService.exe)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 10:53:34 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Internet Everywhere 3G+\UpdateDog\ouc.exe -- (Internet Everywhere 3G+. RunOuc)
SRV - [2010/09/24 20:12:15 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2009/12/21 09:53:26 | 000,512,000 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ZTEMT UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2007/11/06 23:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/11 10:53:37 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/08/11 10:53:37 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/08/11 10:53:36 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/08/11 10:53:36 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/09/24 20:12:15 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/09/08 08:56:50 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/09/08 08:56:50 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/09/08 08:56:48 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/09/04 01:24:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/07/17 22:22:49 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/07/15 18:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 18:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/25 14:51:28 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/06/29 23:44:38 | 001,642,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/04/21 20:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/31 23:11:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/04/13 20:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/06 23:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2790392
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "TVfree Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "TVfree Customized Web Search"
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2111809&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 21:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 21:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\components [2011/10/01 21:54:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/09/21 06:37:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3

[2011/07/11 18:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/10/26 23:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions
[2011/10/26 23:43:04 | 000,000,000 | ---D | M] (TVfree Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions\{c66f6b8c-7cdb-437c-b9db-9a7a7d9cdd1b}
[2011/06/19 12:16:08 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\searchplugins\conduit.xml
[2011/11/04 20:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 19:48:51 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/21 06:38:47 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/07/27 11:09:47 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/10/01 00:05:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/11/05 00:49:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg File not found
O4 - HKLM..\Run: [autodetect] C:\Program Files\Safaricom Broadband\AutoDect.exe ()
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Autochartist] C:\Program Files\Autochartist\autochartist_interbankfx.exe ()
O4 - HKCU..\Run: [DriverMax] File not found
O4 - HKCU..\Run: [DriverMax_RESTART] File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot File not found
O4 - HKCU..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B77C15E-2662-49C1-BA87-4398E0F21B5C}: NameServer = 41.220.238.4,196.201.231.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8541A0A8-C403-47D8-AC89-C34BB98AEEB7}: NameServer = 41.220.238.4,196.201.231.167
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/17 22:06:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/04 07:51:40 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/11/04 07:51:40 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Drivers
[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Innovative Solutions
[2011/11/09 23:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverMax
[2011/11/09 23:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2011/11/06 00:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/05 07:03:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/05 00:47:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/05 00:38:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/05 00:33:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/05 00:33:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/05 00:33:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/05 00:33:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/05 00:33:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/05 00:33:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/05 00:33:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 00:32:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/11/05 00:32:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/11/05 00:16:36 | 004,284,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/04 21:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/04 21:40:45 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/04 21:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/04 20:41:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/04 20:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/11/04 20:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2011/11/04 20:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autorun Eater
[2011/11/04 07:51:40 | 000,000,000 | ---D | C] -- C:\autorun.inf
[2011/10/31 20:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/10/31 20:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/30 21:00:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/10/29 18:44:00 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/10/29 18:43:59 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/29 18:40:30 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/10/29 10:47:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/28 10:10:49 | 000,000,000 | ---D | C] -- C:\ubuntu
[2011/10/27 19:50:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/25 22:13:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/23 10:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/10 01:46:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/10 00:48:35 | 000,000,354 | RHS- | M] () -- C:\boot.ini
[2011/11/09 23:47:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500UA.job
[2011/11/09 23:47:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500Core.job
[2011/11/09 23:23:05 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DriverMax.lnk
[2011/11/09 21:35:28 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B104C796-8274-4204-92E1-E8EF1497D78A}.job
[2011/11/09 05:57:14 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/08 16:38:44 | 000,767,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 16:38:44 | 000,262,118 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/08 08:47:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/06 10:10:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/05 00:49:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/05 00:18:32 | 004,284,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/04 21:41:20 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/04 21:41:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 20:35:35 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2011/10/30 21:01:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/10/29 18:48:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/28 16:14:39 | 000,134,978 | ---- | M] () -- C:\wubildr
[2011/10/28 16:14:14 | 000,000,238 | ---- | M] () -- C:\Boot.bak
[2011/10/28 16:12:48 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2011/10/27 19:51:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/22 00:11:04 | 000,001,882 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fxTrade Practice.lnk
[2011/10/20 14:03:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/20 08:27:35 | 000,160,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/09 23:23:05 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DriverMax.lnk
[2011/11/09 21:02:58 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2011/11/05 08:36:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/05 00:38:31 | 000,000,238 | ---- | C] () -- C:\Boot.bak
[2011/11/05 00:38:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/05 00:33:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/05 00:33:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/05 00:33:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/05 00:33:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/05 00:33:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/04 21:41:20 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/04 21:41:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 20:35:35 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2011/10/29 18:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/28 16:12:48 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2011/10/28 16:12:47 | 000,134,978 | ---- | C] () -- C:\wubildr
[2011/10/25 23:22:32 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2011/09/21 15:19:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/08 23:10:00 | 000,000,088 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[2011/07/23 09:28:39 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2010/12/23 22:48:16 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\AI_ContextMenu.dll
[2010/12/23 17:36:09 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2010/09/21 06:38:29 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/09/21 06:38:29 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/09/07 21:46:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/06 08:58:11 | 001,774,720 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/08/06 08:58:11 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/08/06 08:58:11 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/08/06 08:58:11 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/08/06 08:58:11 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/07/29 21:13:40 | 000,160,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 08:36:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/17 22:20:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/07/17 22:10:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/17 22:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/17 14:55:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/17 14:53:49 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2008/04/14 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/11/06 23:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/12/31 03:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,767,302 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,262,118 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< >


< MD5 for: ACADPROC.DLL >
[2008/04/14 01:41:50 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=EA9EE60B408878E5F2012F9C783836DB -- C:\WINDOWS\AppPatch\AcAdProc.dll

< MD5 for: ADVAPI32.DLL >
[2008/04/14 01:41:50 | 000,617,472 | ---- | M] (Microsoft Corporation) MD5=BAB489A5FE26F2D0C910CF7AF7E4CF92 -- C:\WINDOWS\system32\advapi32.dll
[2008/04/14 01:41:50 | 000,617,472 | ---- | M] (Microsoft Corporation) MD5=BAB489A5FE26F2D0C910CF7AF7E4CF92 -- C:\WINDOWS\system32\dllcache\advapi32.dll

< MD5 for: APPHELP.DLL >
[2008/04/14 01:41:50 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=CF492D7E9AF1C628B3536D20EF6F5CC7 -- C:\WINDOWS\system32\apphelp.dll
[2008/04/14 01:41:50 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=CF492D7E9AF1C628B3536D20EF6F5CC7 -- C:\WINDOWS\system32\dllcache\apphelp.dll

< MD5 for: AUTHZ.DLL >
[2008/04/14 01:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=714705F29A917993536A6AB2DEDB0B7F -- C:\WINDOWS\system32\authz.dll
[2008/04/14 01:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=714705F29A917993536A6AB2DEDB0B7F -- C:\WINDOWS\system32\dllcache\authz.dll

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 01:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: GDI32.DLL >
[2008/04/14 01:41:56 | 000,285,184 | ---- | M] (Microsoft Corporation) MD5=B015B9134DAD7E29E7D2D6B5F5C8C2FC -- C:\WINDOWS\system32\dllcache\gdi32.dll
[2008/04/14 01:41:56 | 000,285,184 | ---- | M] (Microsoft Corporation) MD5=B015B9134DAD7E29E7D2D6B5F5C8C2FC -- C:\WINDOWS\system32\gdi32.dll

< MD5 for: IMM32.DLL >
[2008/04/14 01:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\dllcache\imm32.dll
[2008/04/14 01:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll

< MD5 for: KERNEL32.DLL >
[2008/04/14 01:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2008/04/14 01:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\system32\kernel32.dll

< MD5 for: MSVCP60.DLL >
[2007/02/18 17:37:28 | 000,401,462 | ---- | M] (Microsoft Corporation) MD5=3FFEAF764207CD5B2FD8AC1FC118D548 -- C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll
[2011/08/11 10:53:35 | 000,413,696 | ---- | M] (Microsoft Corporation) MD5=59A6413FB2CC89FD8651B1D2962FB8B9 -- C:\Program Files\Internet Everywhere 3G+\msvcp60.dll
[2008/10/11 11:39:04 | 000,413,696 | ---- | M] (Microsoft Corporation) MD5=59A6413FB2CC89FD8651B1D2962FB8B9 -- C:\Program Files\Zain e-GO\Zain e-GO\msvcp60.dll
[2010/05/26 16:42:22 | 000,419,160 | ---- | M] (Microsoft Corporation) MD5=C5F3ADB964749A958BA99CA0717E5C34 -- C:\Program Files\Safaricom Broadband\msvcp60.dll
[2000/08/29 11:00:00 | 000,401,462 | ---- | M] (Microsoft Corporation) MD5=CB21D826D9C39AED19DD431C1880F5DE -- C:\Program Files\Deltastock\DeltaTrading\Dlls\msvcp60.dll
[2010/07/01 21:06:42 | 000,401,462 | ---- | M] (Microsoft Corporation) MD5=CB21D826D9C39AED19DD431C1880F5DE -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\msvcp60.dll
[2000/08/29 11:00:00 | 000,401,462 | ---- | M] (Microsoft Corporation) MD5=CB21D826D9C39AED19DD431C1880F5DE -- C:\WINDOWS\system\msvcp60.dll
[2008/04/14 01:42:02 | 000,413,696 | ---- | M] (Microsoft Corporation) MD5=F404830F3CD9BF8F2515E489C0CDA297 -- C:\WINDOWS\system32\dllcache\msvcp60.dll
[2008/04/14 01:42:02 | 000,413,696 | ---- | M] (Microsoft Corporation) MD5=F404830F3CD9BF8F2515E489C0CDA297 -- C:\WINDOWS\system32\msvcp60.dll
[2007/02/18 17:39:39 | 000,401,462 | ---- | M] (Microsoft Corporation) MD5=F9AF0EF6B472EE0F60D5C494F9E2BC33 -- C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll

< MD5 for: MSVCRT.DLL >
[2008/04/14 01:42:02 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=355EDBB4D412B01F1740C17E3F50FA00 -- C:\WINDOWS\system32\dllcache\msvcrt.dll
[2008/04/14 01:42:02 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=355EDBB4D412B01F1740C17E3F50FA00 -- C:\WINDOWS\system32\msvcrt.dll
[2007/02/18 17:37:29 | 000,322,560 | ---- | M] (Microsoft Corporation) MD5=4200BE3808F6406DBE45A7B88DAE5035 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[2008/01/04 14:18:06 | 000,278,581 | ---- | M] (Microsoft Corporation) MD5=4300D1A092B91E7C8DFA6F1E5E7973B2 -- C:\Program Files\Palm\PhotoDesktop\MSVCRT.DLL
[2010/10/01 00:05:15 | 000,266,293 | ---- | M] (Microsoft Corporation) MD5=63DA4613383EC70E047B4CD5C48F0B05 -- C:\Program Files\Java\jre6\bin\msvcrt.dll
[2007/01/18 04:04:58 | 000,266,293 | ---- | M] (Microsoft Corporation) MD5=63DA4613383EC70E047B4CD5C48F0B05 -- C:\Program Files\Safaricom Mobile Office\msvcrt.dll
[2003/06/19 22:05:04 | 000,286,773 | ---- | M] (Microsoft Corporation) MD5=BA7BE6F92680B28B9031170659FD222D -- C:\Program Files\Deltastock\DeltaTrading\Dlls\msvcrt.dll
[2003/06/19 22:05:04 | 000,286,773 | ---- | M] (Microsoft Corporation) MD5=BA7BE6F92680B28B9031170659FD222D -- C:\WINDOWS\system\msvcrt.dll
[2008/04/14 01:42:52 | 000,343,040 | R--- | M] (Microsoft Corporation) MD5=D7075E95AA599EE77B7A89D39296BD3D -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

< MD5 for: NCOBJAPI.DLL >
[2008/04/14 01:42:02 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=EC29A79F1E76DC509E24D401F29D0678 -- C:\WINDOWS\system32\dllcache\ncobjapi.dll
[2008/04/14 01:42:02 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=EC29A79F1E76DC509E24D401F29D0678 -- C:\WINDOWS\system32\ncobjapi.dll

< MD5 for: NETAPI32.DLL >
[2008/04/14 01:42:02 | 000,337,408 | ---- | M] (Microsoft Corporation) MD5=6DB7788FA7E2566267516FA635C3797E -- C:\WINDOWS\system32\dllcache\netapi32.dll
[2008/04/14 01:42:02 | 000,337,408 | ---- | M] (Microsoft Corporation) MD5=6DB7788FA7E2566267516FA635C3797E -- C:\WINDOWS\system32\netapi32.dll

< MD5 for: NTDLL.DLL >
[2008/04/14 01:41:26 | 000,706,048 | ---- | M] (Microsoft Corporation) MD5=27D9ED8CB8B62D1E0A8E5ACE6CF52E2F -- C:\WINDOWS\system32\dllcache\ntdll.dll
[2008/04/14 01:41:26 | 000,706,048 | ---- | M] (Microsoft Corporation) MD5=27D9ED8CB8B62D1E0A8E5ACE6CF52E2F -- C:\WINDOWS\system32\ntdll.dll
[2004/08/04 00:56:38 | 000,708,096 | ---- | M] (Microsoft Corporation) MD5=BB5CBFFC096497506167BCE1D9690EF2 -- C:\cmdcons\SYSTEM32\NTDLL.DLL

< MD5 for: PSAPI.DLL >
[2008/04/14 01:42:04 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=9CFCB3CA3D83B4EAA133F0644A2C6F31 -- C:\WINDOWS\system32\dllcache\psapi.dll
[2008/04/14 01:42:04 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=9CFCB3CA3D83B4EAA133F0644A2C6F31 -- C:\WINDOWS\system32\psapi.dll

< MD5 for: RPCRT4.DLL >
[2008/04/14 01:42:06 | 000,584,704 | ---- | M] (Microsoft Corporation) MD5=B979D9D1C8073DA21A7F80345F306A1D -- C:\WINDOWS\system32\dllcache\rpcrt4.dll
[2008/04/14 01:42:06 | 000,584,704 | ---- | M] (Microsoft Corporation) MD5=B979D9D1C8073DA21A7F80345F306A1D -- C:\WINDOWS\system32\rpcrt4.dll

< MD5 for: SCESRV.DLL >
[2008/04/14 01:42:06 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=B24A42A413E694AD73FDFB7FBD492C31 -- C:\WINDOWS\system32\dllcache\scesrv.dll
[2008/04/14 01:42:06 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=B24A42A413E694AD73FDFB7FBD492C31 -- C:\WINDOWS\system32\scesrv.dll

< MD5 for: SECUR32.DLL >
[2008/04/14 01:42:06 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=7459C16CC3EF4651CAB7C9260E43FC58 -- C:\WINDOWS\system32\dllcache\secur32.dll
[2008/04/14 01:42:06 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=7459C16CC3EF4651CAB7C9260E43FC58 -- C:\WINDOWS\system32\secur32.dll

< MD5 for: SERVICES.EXE >
[2008/04/14 01:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\system32\dllcache\services.exe
[2008/04/14 01:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\system32\services.exe

< MD5 for: SHIMENG.DLL >
[2008/04/14 01:42:06 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=1F03103598BD817B1078DAB1326DDE11 -- C:\WINDOWS\system32\dllcache\shimeng.dll
[2008/04/14 01:42:06 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=1F03103598BD817B1078DAB1326DDE11 -- C:\WINDOWS\system32\shimeng.dll

< MD5 for: UMPNPMGR.DLL >
[2008/04/14 01:42:08 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=2EDFC2A8893435723AD80481803C6D5C -- C:\WINDOWS\system32\dllcache\umpnpmgr.dll
[2008/04/14 01:42:08 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=2EDFC2A8893435723AD80481803C6D5C -- C:\WINDOWS\system32\umpnpmgr.dll

< MD5 for: USER32.DLL >
[2008/04/14 01:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\dllcache\user32.dll
[2008/04/14 01:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< MD5 for: USERENV.DLL >
[2008/04/14 01:42:10 | 000,727,040 | ---- | M] (Microsoft Corporation) MD5=43D13C80EBEC0135A3611E0F616F179B -- C:\WINDOWS\system32\dllcache\userenv.dll
[2008/04/14 01:42:10 | 000,727,040 | ---- | M] (Microsoft Corporation) MD5=43D13C80EBEC0135A3611E0F616F179B -- C:\WINDOWS\system32\userenv.dll

< MD5 for: VERSION.DLL >
[2008/04/14 01:42:10 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=C7CE131408739B0B3A318BE2D0032719 -- C:\WINDOWS\system32\dllcache\version.dll
[2008/04/14 01:42:10 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=C7CE131408739B0B3A318BE2D0032719 -- C:\WINDOWS\system32\version.dll

< MD5 for: WINSTA.DLL >
[2008/04/14 01:42:10 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=430CEB794F6E6EF8AC86958C242366D6 -- C:\WINDOWS\system32\dllcache\winsta.dll
[2008/04/14 01:42:10 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=430CEB794F6E6EF8AC86958C242366D6 -- C:\WINDOWS\system32\winsta.dll

< MD5 for: WS2_32.DLL >
[2008/04/14 01:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008/04/14 01:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< MD5 for: WS2HELP.DLL >
[2008/04/14 01:42:12 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\dllcache\ws2help.dll
[2008/04/14 01:42:12 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< MD5 for: WTSAPI32.DLL >
[2008/04/14 01:42:12 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=0E2735281FBB9A764D5584C2A5DCBA59 -- C:\WINDOWS\system32\dllcache\wtsapi32.dll
[2008/04/14 01:42:12 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=0E2735281FBB9A764D5584C2A5DCBA59 -- C:\WINDOWS\system32\wtsapi32.dll

< End of report >
  • 0

Advertisements


#62
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP
You have two services which are not running. Start, Run, cmd, OK then type:
sc  config  HWDeviceService.exe  start=  disabled 

sc  config  STacSV  start=  disabled 


Do you get an error with either line?

Let's look at some more files which I have on my XP that do not seem to be running on yours.

Copy the text in the code box by highlighting and Ctrl + c

/md5start
WINTRUST.dll
CRYPT32.dll
MSASN1.dll
IMAGEHLP.dll
xpsp2res.dll
rsaenh.dll
uxtheme.dll
Cabinet.dll
ole32.dll
SHLWAPI.dll
comctl32.dll
comctl32.dll 
HWDeviceService.exe
STacSV.exe  
/md5stop

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, (Doesn't matter if this is in Safe mode or without the P&P running.) Copy and Paste the log.
  • 0

#63
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
OTL logfile created on: 11/10/2011 6:20:00 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 660.00 Mb Available Physical Memory | 65.01% Memory free
2.38 Gb Paging File | 2.13 Gb Available in Paging File | 89.54% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.13 Gb Total Space | 24.35 Gb Free Space | 34.72% Space Free | Partition Type: NTFS
Drive D: | 78.91 Gb Total Space | 21.16 Gb Free Space | 26.81% Space Free | Partition Type: NTFS

Computer Name: COMPUTER_1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 05:55:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\firefox.exe
PRC - [2011/10/30 21:01:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
PRC - [2011/06/07 10:52:26 | 001,840,072 | ---- | M] (MetaQuotes Software Corp.) -- C:\IBFXAustralia_1-Click\terminal.exe
PRC - [2008/04/14 01:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 05:54:53 | 001,989,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\mozjs.dll
MOD - [2011/04/01 17:18:38 | 000,049,152 | ---- | M] () -- C:\IBFXAustralia_1-Click\experts\libraries\CheckAccountType.dll
MOD - [2010/07/19 19:19:18 | 000,153,600 | ---- | M] () -- C:\WINDOWS\system32\AI_ContextMenu.dll
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/06/21 23:26:00 | 000,305,664 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (STacSV)
SRV - File not found [Disabled | Stopped] -- -- (HWDeviceService.exe)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 10:53:34 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Internet Everywhere 3G+\UpdateDog\ouc.exe -- (Internet Everywhere 3G+. RunOuc)
SRV - [2010/09/24 20:12:15 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2009/12/21 09:53:26 | 000,512,000 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ZTEMT UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2007/11/06 23:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/11 10:53:37 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/08/11 10:53:37 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/08/11 10:53:36 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/08/11 10:53:36 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/09/24 20:12:15 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/09/08 08:56:50 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/09/08 08:56:50 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/09/08 08:56:48 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/09/04 01:24:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/07/17 22:22:49 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/07/15 18:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 18:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/25 14:51:28 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/06/29 23:44:38 | 001,642,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/04/21 20:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/31 23:11:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/04/13 20:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/06 23:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2790392
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "TVfree Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "TVfree Customized Web Search"
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2111809&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 21:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 21:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\components [2011/11/10 05:55:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/09/21 06:37:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3

[2011/07/11 18:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/10/26 23:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions
[2011/10/26 23:43:04 | 000,000,000 | ---D | M] (TVfree Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions\{c66f6b8c-7cdb-437c-b9db-9a7a7d9cdd1b}
[2011/06/19 12:16:08 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\searchplugins\conduit.xml
[2011/11/04 20:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 19:48:51 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/21 06:38:47 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/07/27 11:09:47 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/11/05 00:49:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg File not found
O4 - HKLM..\Run: [autodetect] C:\Program Files\Safaricom Broadband\AutoDect.exe ()
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Autochartist] C:\Program Files\Autochartist\autochartist_interbankfx.exe ()
O4 - HKCU..\Run: [DriverMax] File not found
O4 - HKCU..\Run: [DriverMax_RESTART] File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot File not found
O4 - HKCU..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B77C15E-2662-49C1-BA87-4398E0F21B5C}: NameServer = 41.220.238.4,196.201.231.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8541A0A8-C403-47D8-AC89-C34BB98AEEB7}: NameServer = 41.220.238.4,196.201.231.167
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/17 22:06:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/04 07:51:40 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/11/04 07:51:40 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Drivers
[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Innovative Solutions
[2011/11/09 23:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverMax
[2011/11/09 23:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2011/11/06 00:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/05 07:03:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/05 00:47:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/05 00:38:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/05 00:33:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/05 00:33:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/05 00:33:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/05 00:33:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/05 00:33:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/05 00:33:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/05 00:33:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 00:32:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/11/05 00:32:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/11/05 00:16:36 | 004,284,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/04 21:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/04 21:40:45 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/04 21:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/04 20:41:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/04 20:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/11/04 20:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2011/11/04 20:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autorun Eater
[2011/11/04 07:51:40 | 000,000,000 | ---D | C] -- C:\autorun.inf
[2011/10/31 20:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/10/31 20:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/30 21:00:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/10/29 18:44:00 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/10/29 18:43:59 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/29 18:40:30 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/10/29 10:47:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/28 10:10:49 | 000,000,000 | ---D | C] -- C:\ubuntu
[2011/10/27 19:50:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/25 22:13:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/23 10:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/10 06:16:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/10 05:52:47 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500UA.job
[2011/11/10 03:40:24 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B104C796-8274-4204-92E1-E8EF1497D78A}.job
[2011/11/10 03:12:38 | 000,000,354 | RHS- | M] () -- C:\boot.ini
[2011/11/09 23:47:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500Core.job
[2011/11/09 23:23:05 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DriverMax.lnk
[2011/11/09 05:57:14 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/08 16:38:44 | 000,767,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 16:38:44 | 000,262,118 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/08 08:47:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/06 10:10:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/05 00:49:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/05 00:18:32 | 004,284,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/04 21:41:20 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/04 21:41:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 20:35:35 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2011/10/30 21:01:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/10/29 18:48:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/28 16:14:39 | 000,134,978 | ---- | M] () -- C:\wubildr
[2011/10/28 16:14:14 | 000,000,238 | ---- | M] () -- C:\Boot.bak
[2011/10/28 16:12:48 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2011/10/27 19:51:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/22 00:11:04 | 000,001,882 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fxTrade Practice.lnk
[2011/10/20 14:03:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/20 08:27:35 | 000,160,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/09 23:23:05 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DriverMax.lnk
[2011/11/09 21:02:58 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2011/11/05 08:36:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/05 00:38:31 | 000,000,238 | ---- | C] () -- C:\Boot.bak
[2011/11/05 00:38:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/05 00:33:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/05 00:33:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/05 00:33:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/05 00:33:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/05 00:33:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/04 21:41:20 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/04 21:41:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 20:35:35 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2011/10/29 18:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/28 16:12:48 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2011/10/28 16:12:47 | 000,134,978 | ---- | C] () -- C:\wubildr
[2011/10/25 23:22:32 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2011/09/21 15:19:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/08 23:10:00 | 000,000,088 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[2011/07/23 09:28:39 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2010/12/23 22:48:16 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\AI_ContextMenu.dll
[2010/12/23 17:36:09 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2010/09/21 06:38:29 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/09/21 06:38:29 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/09/07 21:46:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/06 08:58:11 | 001,774,720 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/08/06 08:58:11 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/08/06 08:58:11 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/08/06 08:58:11 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/08/06 08:58:11 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/07/29 21:13:40 | 000,160,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 08:36:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/17 22:20:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/07/17 22:10:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/17 22:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/17 14:55:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/17 14:53:49 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2008/04/14 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/11/06 23:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/12/31 03:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,767,302 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,262,118 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========



< MD5 for: CABINET.DLL >
[2008/04/14 01:41:52 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=F9D3C78CFE15271D80790677C893CE45 -- C:\WINDOWS\system32\cabinet.dll
[2008/04/14 01:41:52 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=F9D3C78CFE15271D80790677C893CE45 -- C:\WINDOWS\system32\dllcache\cabinet.dll

< MD5 for: COMCTL32.DLL >
[2008/04/14 01:41:52 | 000,617,472 | ---- | M] (Microsoft Corporation) MD5=06F247492BC786CE5C24A23E178C711A -- C:\WINDOWS\system32\comctl32.dll
[2008/04/14 01:41:52 | 000,617,472 | ---- | M] (Microsoft Corporation) MD5=06F247492BC786CE5C24A23E178C711A -- C:\WINDOWS\system32\comctl32.dll
[2008/04/14 01:41:52 | 000,617,472 | ---- | M] (Microsoft Corporation) MD5=06F247492BC786CE5C24A23E178C711A -- C:\WINDOWS\system32\dllcache\comctl32.dll
[2008/04/14 01:41:52 | 000,617,472 | ---- | M] (Microsoft Corporation) MD5=06F247492BC786CE5C24A23E178C711A -- C:\WINDOWS\system32\dllcache\comctl32.dll
[2007/02/18 17:37:29 | 000,921,088 | ---- | M] (Microsoft Corporation) MD5=AEF3D788DBF40C7C4D204EA45EB0C505 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[2007/02/18 17:37:29 | 000,921,088 | ---- | M] (Microsoft Corporation) MD5=AEF3D788DBF40C7C4D204EA45EB0C505 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[2008/04/14 01:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) MD5=BD38D1EBE24A46BD3EDA059560AFBA12 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[2008/04/14 01:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) MD5=BD38D1EBE24A46BD3EDA059560AFBA12 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

< MD5 for: CRYPT32.DLL >
[2008/04/14 01:41:52 | 000,599,040 | ---- | M] (Microsoft Corporation) MD5=BDAAF79DD63F194434D31A74B9BB8B77 -- C:\WINDOWS\system32\crypt32.dll
[2008/04/14 01:41:52 | 000,599,040 | ---- | M] (Microsoft Corporation) MD5=BDAAF79DD63F194434D31A74B9BB8B77 -- C:\WINDOWS\system32\dllcache\crypt32.dll

< MD5 for: HWDEVICESERVICE.EXE >
[2010/11/16 16:37:38 | 000,264,704 | ---- | M] () MD5=E956C0614367D4106A4411F151D494A5 -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe

< MD5 for: IMAGEHLP.DLL >
[2008/04/14 01:41:56 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=CA648BD638245EB83F971FF71B031BEC -- C:\WINDOWS\system32\dllcache\imagehlp.dll
[2008/04/14 01:41:56 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=CA648BD638245EB83F971FF71B031BEC -- C:\WINDOWS\system32\imagehlp.dll

< MD5 for: MSASN1.DLL >
[2008/04/14 01:42:00 | 000,057,344 | ---- | M] (Microsoft Corporation) MD5=A11F1EA5346165347BF54C1F959C3FBC -- C:\WINDOWS\system32\dllcache\msasn1.dll
[2008/04/14 01:42:00 | 000,057,344 | ---- | M] (Microsoft Corporation) MD5=A11F1EA5346165347BF54C1F959C3FBC -- C:\WINDOWS\system32\msasn1.dll

< MD5 for: OLE32.DLL >
[2008/04/14 01:42:04 | 001,287,168 | ---- | M] (Microsoft Corporation) MD5=ECCE74BC6168375016450A86A164D976 -- C:\WINDOWS\system32\dllcache\ole32.dll
[2008/04/14 01:42:04 | 001,287,168 | ---- | M] (Microsoft Corporation) MD5=ECCE74BC6168375016450A86A164D976 -- C:\WINDOWS\system32\ole32.dll

< MD5 for: RSAENH.DLL >
[2008/04/13 19:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) MD5=54DAE3EA34802B4ED9AE1C6B1209FA56 -- C:\WINDOWS\system32\dllcache\rsaenh.dll
[2008/04/13 19:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) MD5=54DAE3EA34802B4ED9AE1C6B1209FA56 -- C:\WINDOWS\system32\rsaenh.dll

< MD5 for: SHLWAPI.DLL >
[2008/04/14 01:42:06 | 000,474,112 | ---- | M] (Microsoft Corporation) MD5=72EDAE61E761C14714BFD0CB4BA3C0DB -- C:\WINDOWS\system32\dllcache\shlwapi.dll
[2008/04/14 01:42:06 | 000,474,112 | ---- | M] (Microsoft Corporation) MD5=72EDAE61E761C14714BFD0CB4BA3C0DB -- C:\WINDOWS\system32\shlwapi.dll

< MD5 for: STACSV.EXE >
[2010/07/02 12:16:05 | 000,221,184 | ---- | M] (IDT, Inc.) MD5=ED9420915A95D61A3A87C63EFF4A4F41 -- C:\_OTL\MovedFiles\11062011_073354\C_Program Files\IDT\WDM\stacsv.exe
[2010/07/02 12:16:05 | 000,221,184 | ---- | M] (IDT, Inc.) MD5=ED9420915A95D61A3A87C63EFF4A4F41 -- C:\_OTL\MovedFiles\11062011_073354\C_WINDOWS\system32\stacsv.exe

< MD5 for: UXTHEME.DLL >
[2008/04/14 01:42:10 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOWS\system32\dllcache\uxtheme.dll
[2008/04/14 01:42:10 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOWS\system32\uxtheme.dll

< MD5 for: WINTRUST.DLL >
[2008/04/14 01:42:10 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=B25D14DCBBB6623C1A63CD07A97DF32B -- C:\WINDOWS\system32\dllcache\wintrust.dll
[2008/04/14 01:42:10 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=B25D14DCBBB6623C1A63CD07A97DF32B -- C:\WINDOWS\system32\wintrust.dll

< MD5 for: XPSP2RES.DLL >
[2008/04/13 20:07:38 | 000,543,744 | ---- | M] (Microsoft Corporation) MD5=0071BEF4BB988730CF3F8FD0B07EFC80 -- C:\WINDOWS\system32\mui\0412\xpsp2res.dll
[2008/04/13 20:05:56 | 000,470,016 | ---- | M] (Microsoft Corporation) MD5=0B6A72104FD3D6DCCEFD9AB2774C28CE -- C:\WINDOWS\system32\mui\0804\xpsp2res.dll
[2008/04/13 20:08:38 | 000,757,248 | ---- | M] (Microsoft Corporation) MD5=105B80858899E977B77F50CBA757E266 -- C:\WINDOWS\system32\mui\041b\xpsp2res.dll
[2008/04/13 19:09:26 | 002,897,920 | ---- | M] (Microsoft Corporation) MD5=16403217AB6FC5C30C14C6B12098AD4B -- C:\WINDOWS\system32\dllcache\xpsp2res.dll
[2008/04/13 19:09:26 | 002,897,920 | ---- | M] (Microsoft Corporation) MD5=16403217AB6FC5C30C14C6B12098AD4B -- C:\WINDOWS\system32\xpsp2res.dll
[2008/04/13 20:08:30 | 000,736,768 | ---- | M] (Корпорация Майкрософт) MD5=1B3E83649A7DA1D2458FD791090E799C -- C:\WINDOWS\system32\mui\0419\xpsp2res.dll
[2008/04/13 20:07:04 | 000,788,480 | ---- | M] (Microsoft Corporation) MD5=2B602FB2DB9DB6DD732E92148DC6FD17 -- C:\WINDOWS\system32\mui\0407\xpsp2res.dll
[2008/04/13 20:08:06 | 000,759,808 | ---- | M] (Microsoft Corporation) MD5=451279EE7837D0D1F2CE7015AD0CBC8C -- C:\WINDOWS\system32\mui\0415\xpsp2res.dll
[2008/04/13 20:07:24 | 000,769,536 | ---- | M] (Microsoft Corporation) MD5=56E8375A260159E5FE85A3500CC1EFA6 -- C:\WINDOWS\system32\mui\040e\xpsp2res.dll
[2008/04/13 20:06:12 | 000,477,696 | ---- | M] (Microsoft Corporation) MD5=648B77690B05ED84FC738081BFC99DDD -- C:\WINDOWS\system32\mui\0404\xpsp2res.dll
[2008/04/13 20:05:50 | 002,869,248 | ---- | M] (Microsoft Corporation) MD5=671A3D8CC04DC6B988780D94CED9E8D8 -- C:\WINDOWS\system32\mui\0401\xpsp2res.dll
[2008/04/13 20:07:08 | 002,842,112 | ---- | M] (Microsoft Corporation) MD5=7FADB9522A5671798471D1493274BF1A -- C:\WINDOWS\system32\mui\040D\xpsp2res.dll
[2008/04/13 20:08:02 | 000,769,024 | ---- | M] (Microsoft Corporation) MD5=82EF67694493B56E03270DE9D021168D -- C:\WINDOWS\system32\mui\0413\xpsp2res.dll
[2008/04/13 20:05:44 | 000,752,128 | ---- | M] (Microsoft Corporation) MD5=8ACD0AF9B71923F6697C9652177C812E -- C:\WINDOWS\system32\mui\0416\xpsp2res.dll
[2008/04/13 20:06:40 | 000,773,632 | ---- | M] (Microsoft Corporation) MD5=93C24CDF5FAEB6A895D39904B81C645D -- C:\WINDOWS\system32\mui\0C0A\xpsp2res.dll
[2008/04/13 20:08:52 | 000,724,480 | ---- | M] (Microsoft Corporation) MD5=965E0C110943A6E86CE1FD0F070ADC10 -- C:\WINDOWS\system32\mui\041f\xpsp2res.dll
[2008/04/13 20:08:48 | 000,724,480 | ---- | M] (Microsoft Corporation) MD5=9A45DC383B9B260D87EAC1156C451DCD -- C:\WINDOWS\system32\mui\041D\xpsp2res.dll
[2008/04/13 20:06:12 | 000,742,912 | ---- | M] (Microsoft Corporation) MD5=AEC2BD1D8595C3FFC6EDA4B39DE68234 -- C:\WINDOWS\system32\mui\0406\xpsp2res.dll
[2008/04/13 20:07:36 | 000,562,688 | ---- | M] (Microsoft Corporation) MD5=B7D4E77047288CC263552FE55C9C2905 -- C:\WINDOWS\system32\mui\0411\xpsp2res.dll
[2008/04/13 20:08:04 | 000,716,288 | ---- | M] (Microsoft Corporation) MD5=BA00CDD2F8CBFDDA4268F08CFFD864D3 -- C:\WINDOWS\system32\mui\0414\xpsp2res.dll
[2008/04/13 20:07:24 | 000,769,536 | ---- | M] (Microsoft Corporation) MD5=BF0C7B9E8E69DF92B93922FD26C688C2 -- C:\WINDOWS\system32\mui\0410\xpsp2res.dll
[2008/04/13 20:06:40 | 000,729,088 | ---- | M] (Microsoft Corporation) MD5=C22E955BA77B50974BD28EBD1A00D054 -- C:\WINDOWS\system32\mui\040b\xpsp2res.dll
[2008/04/13 20:06:36 | 000,801,280 | ---- | M] (Microsoft Corporation) MD5=D37389B807816BCA4D87B61CF8D060A5 -- C:\WINDOWS\system32\mui\0408\xpsp2res.dll
[2008/04/13 20:08:08 | 000,751,616 | ---- | M] (Microsoft Corporation) MD5=E459FB6CB04B66C34AC901470C0E3965 -- C:\WINDOWS\system32\mui\0816\xpsp2res.dll
[2008/04/13 20:06:12 | 000,734,720 | ---- | M] (Microsoft Corporation) MD5=ECBCA494A6055FEB5E47F2367824F5BA -- C:\WINDOWS\system32\mui\0405\xpsp2res.dll
[2008/04/13 20:08:38 | 000,732,160 | ---- | M] (Microsoft Corporation) MD5=F022A6D0F2F663C4D7F7614BC1AB364D -- C:\WINDOWS\system32\mui\0424\xpsp2res.dll
[2008/04/13 20:06:56 | 000,793,088 | ---- | M] (Microsoft Corporation) MD5=F3552EC1F72E23B9391FD2D51D62CDB4 -- C:\WINDOWS\system32\mui\040C\xpsp2res.dll

< End of report >
  • 0

#64
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O4 - HKLM..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg File not found
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found
O4 - HKCU..\Run: [DriverMax] File not found
O4 - HKCU..\Run: [DriverMax_RESTART] File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot File not found

:files
C:\Windows\System32\consrv.dll
mkdir \Windows\System32\consrv.dll /c
dir /a /s \windows\assembly\temp /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems" /s /c
     
:Commands
[EMPTYTEMP]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Copy and Paste the log into a reply.

Try turning on P&P and then run an OTL quickscan.


I would go to the PC maker's website and look for a new program for your IDT audio sincve it was taken out by the infection.

About the only other thing I can suggest is uninstalling Kaspersky and installing Avast then running their boot scan. If that doesn't work then a Repair install is your best bet.
  • 0

#65
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AESTFltr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SysTrayApp deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DriverMax deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DriverMax_RESTART deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IDMan deleted successfully.
========== FILES ==========
File\Folder C:\Windows\System32\consrv.dll not found.
< mkdir \Windows\System32\consrv.dll /c >
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< dir /a /s \windows\assembly\temp /c >
Volume in drive C has no label.
Volume Serial Number is 241D-EF22
Directory of C:\windows\assembly\temp
10/06/2011 09:41 PM <DIR> .
10/06/2011 09:41 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 25,853,104,128 bytes free
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems" /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems
Debug REG_EXPAND_SZ
Kmode REG_EXPAND_SZ %SystemRoot%\system32\win32k.sys
Optional REG_MULTI_SZ Posix\0\0
Posix REG_EXPAND_SZ %SystemRoot%\system32\psxss.exe
Required REG_MULTI_SZ Debug\0Windows\0\0
Windows REG_EXPAND_SZ %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS
CsrSrvSharedSectionBase REG_DWORD 0x7f6f0000
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 140772689 bytes
->Temporary Internet Files folder emptied: 95492590 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 188239560 bytes
->Flash cache emptied: 2473 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 711921 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 408.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11102011_212130

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\klsC23B.tmp not found!

Registry entries deleted on Reboot...


i will now turn the P P and run the OTL
  • 0

#66
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I have run OTL quick scan, when it gets to scanning modules, it doesn't respond,it hangs. I will run it in safe mode. I need to inform you my connect to. .. at the start is also missing and the internet connection icon at the bottom right conner is also not there. in that case I can't be able to change my IP address if I want to. thanks.
  • 0

#67
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I have run OTL quick scan, when it gets to scanning modules, it doesn't respond,it hangs. I will run it in safe mode. I need to inform you my connect to. .. at the start is also missing and the internet connection icon at the bottom right conner is also not there. in that case I can't be able to change my IP address if I want to. thanks.
  • 0

#68
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP
http://www.winxptuto...m/connectto.htm

http://support.microsoft.com/kb/825826
  • 0

#69
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I have run it in safe mode. Do i unistall the kaspersky right now?



OTL logfile created on: 11/10/2011 11:14:26 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 801.14 Mb Available Physical Memory | 78.91% Memory free
2.38 Gb Paging File | 2.31 Gb Available in Paging File | 96.89% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.13 Gb Total Space | 24.43 Gb Free Space | 34.83% Space Free | Partition Type: NTFS
Drive D: | 78.91 Gb Total Space | 21.16 Gb Free Space | 26.81% Space Free | Partition Type: NTFS

Computer Name: COMPUTER_1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/30 21:01:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
PRC - [2008/04/14 01:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HWDeviceService.exe)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 10:53:34 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Internet Everywhere 3G+\UpdateDog\ouc.exe -- (Internet Everywhere 3G+. RunOuc)
SRV - [2010/09/24 20:12:15 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2009/12/21 09:53:26 | 000,512,000 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ZTEMT UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2007/11/06 23:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/11 10:53:37 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/08/11 10:53:37 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/08/11 10:53:36 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/08/11 10:53:36 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/09/24 20:12:15 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/09/08 08:56:50 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/09/08 08:56:50 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/09/08 08:56:48 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/09/04 01:24:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/07/17 22:22:49 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/07/15 18:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 18:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/25 14:51:28 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/06/29 23:44:38 | 001,642,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/04/21 20:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/31 23:11:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/04/13 20:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/06 23:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2790392
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "TVfree Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "TVfree Customized Web Search"
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2111809&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 21:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 21:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\components [2011/11/10 05:55:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/09/21 06:37:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3

[2011/07/11 18:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/10/26 23:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions
[2011/10/26 23:43:04 | 000,000,000 | ---D | M] (TVfree Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions\{c66f6b8c-7cdb-437c-b9db-9a7a7d9cdd1b}
[2011/06/19 12:16:08 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\searchplugins\conduit.xml
[2011/11/04 20:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 19:48:51 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/21 06:38:47 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]aspersky.ru
[2010/07/27 11:09:47 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/11/05 00:49:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [autodetect] C:\Program Files\Safaricom Broadband\AutoDect.exe ()
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Autochartist] C:\Program Files\Autochartist\autochartist_interbankfx.exe ()
O4 - HKCU..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B77C15E-2662-49C1-BA87-4398E0F21B5C}: NameServer = 41.220.238.4,196.201.231.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8541A0A8-C403-47D8-AC89-C34BB98AEEB7}: NameServer = 41.220.238.4,196.201.231.167
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/17 22:06:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/04 07:51:40 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/11/04 07:51:40 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 21:21:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\consrv.dll
[2011/11/10 20:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/11/10 20:24:20 | 000,000,000 | ---D | C] -- C:\swsetup
[2011/11/10 06:53:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Drivers
[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Innovative Solutions
[2011/11/09 23:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverMax
[2011/11/09 23:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2011/11/06 00:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/05 07:03:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/05 00:47:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/05 00:38:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/05 00:33:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/05 00:33:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/05 00:33:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/05 00:33:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/05 00:33:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/05 00:33:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/05 00:33:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 00:32:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/11/05 00:32:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/11/05 00:16:36 | 004,284,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/04 21:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/04 21:40:45 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/04 21:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/04 20:41:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/04 20:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/11/04 20:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2011/11/04 20:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autorun Eater
[2011/11/04 07:51:40 | 000,000,000 | ---D | C] -- C:\autorun.inf
[2011/10/31 20:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/10/31 20:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/30 21:00:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/10/29 18:44:00 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/10/29 18:43:59 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/29 18:40:30 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/10/29 10:47:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/28 10:10:49 | 000,000,000 | ---D | C] -- C:\ubuntu
[2011/10/27 19:50:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/25 22:13:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/23 10:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook

========== Files - Modified Within 30 Days ==========

[2011/11/10 23:13:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/10 23:11:25 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B104C796-8274-4204-92E1-E8EF1497D78A}.job
[2011/11/10 22:47:50 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500UA.job
[2011/11/10 22:29:08 | 000,000,354 | RHS- | M] () -- C:\boot.ini
[2011/11/09 23:47:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500Core.job
[2011/11/09 23:23:05 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DriverMax.lnk
[2011/11/09 05:57:14 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/08 16:38:44 | 000,767,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 16:38:44 | 000,262,118 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/08 08:47:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/06 10:10:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/05 00:49:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/05 00:18:32 | 004,284,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/04 21:41:20 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/04 21:41:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 20:35:35 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2011/10/30 21:01:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/10/29 18:48:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/28 16:14:39 | 000,134,978 | ---- | M] () -- C:\wubildr
[2011/10/28 16:14:14 | 000,000,238 | ---- | M] () -- C:\Boot.bak
[2011/10/28 16:12:48 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2011/10/27 19:51:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/22 00:11:04 | 000,001,882 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fxTrade Practice.lnk
[2011/10/20 14:03:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/20 08:27:35 | 000,160,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/11/09 23:23:05 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DriverMax.lnk
[2011/11/09 21:02:58 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2011/11/05 08:36:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/05 00:38:31 | 000,000,238 | ---- | C] () -- C:\Boot.bak
[2011/11/05 00:38:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/05 00:33:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/05 00:33:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/05 00:33:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/05 00:33:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/05 00:33:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/04 21:41:20 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/04 21:41:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 20:35:35 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2011/10/29 18:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/28 16:12:48 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2011/10/28 16:12:47 | 000,134,978 | ---- | C] () -- C:\wubildr
[2011/10/25 23:22:32 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2011/09/21 15:19:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/08 23:10:00 | 000,000,088 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[2011/07/23 09:28:39 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2010/12/23 22:48:16 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\AI_ContextMenu.dll
[2010/12/23 17:36:09 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2010/09/21 06:38:29 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/09/21 06:38:29 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/09/07 21:46:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/06 08:58:11 | 001,774,720 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/08/06 08:58:11 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/08/06 08:58:11 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/08/06 08:58:11 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/08/06 08:58:11 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/07/29 21:13:40 | 000,160,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 08:36:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/17 22:20:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/07/17 22:10:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/17 22:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/17 14:55:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/17 14:53:49 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2008/04/14 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/11/06 23:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/12/31 03:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,767,302 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,262,118 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/28 23:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2011/11/05 08:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2011/07/20 00:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FXTS2
[2011/08/19 22:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HotSync
[2011/08/28 07:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\JetStart
[2011/11/05 21:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeraCopy
[2011/10/09 22:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ZTEEVDO
[2011/11/04 20:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/08/08 15:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2011/08/19 22:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/11/09 23:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/08/11 11:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Internet Everywhere 3G+
[2011/09/23 22:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/01/21 23:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/24 07:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2011/11/10 23:11:25 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B104C796-8274-4204-92E1-E8EF1497D78A}.job

========== Purity Check ==========



< End of report >
  • 0

#70
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP
Yes but you will have to turn off P&P and run in regular mode in order to uninstall Kaspersky and install Avast.
  • 0

Advertisements


#71
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
hi after removing the kaspersky,I can't connect to the internet at all. I have tried using the modem it can't also work.
I have tried to check in the device manager it is empty. I don't know what to do now. using my phone to communicate.
  • 0

#72
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP
In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, (Tools or the Firefox button), Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Restart and test. If still no good:

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box:

ipconfig /flushdns

netsh  winsock  reset catalog


netsh  int ip reset reset.log

(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Reboot and test. If it still doesn't work:


1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."

4. Click "Use the following DNS server addresses," and then type 8.8.8.8 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

5. Click "OK"

Reboot and test. If it still doesn't work:

(Start) Right click on My Computer, select Manage then Device Manager. Find the Network Adapters and click on the + in front to open up the sub entries. Right click on each sun-entry under Network Adapters and Uninstall. (Doesn't hurt to write down the names in case you need to download the drivers from the PC Maker's website. Normally you don't but with malware you never know.) Reboot and test. If it still doesn't work:

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box:

proxycfg  -d
ipconfig  /all
ipconfig  /release
ipconfig  /renew
ipconfig  /all


Report any errors you get and the IP addresses of the last ipconfig /all
  • 0

#73
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
hi I have some all what you have instructed me. but when I open the network connections there nothing appearing on that page,its blank. when I went to device manager it is also empty, nothing appears on that page. it can't connect internet even from my phone either by tethering or enabling portable wi fi. let me try the last option. thanks
  • 0

#74
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP
Maybe you have something turned off in msconfig that you need?
  • 0

#75
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
hi I have used the command prompt and this is the report. when I put the 1st command it said proxyfg is not recognized as an internal or external command. all the other commands brought Windows IP configuration. no IP address appeared. regards
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP