Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Netbook's CPU usage is 100%when idle and too slow!


  • Please log in to reply

#91
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP
Appears you need The Plug and Play service turned on. Can you turn it back on?

Ron
  • 0

Advertisements


#92
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
ok let me turn it on. Then i try to update it.
  • 0

#93
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
hi I turned the P P on and tried to update without success. it took almost three hours without response. it hang. I updated it as an offline by going to safe mode and downloading the updates. when I tried to register it also hanged, waited for more than 30min. now I don't know what to do.
regards.
  • 0

#94
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP
It should work without registering. Go ahead and see if you can get it to do a boot-time scan.

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load window
  • 0

#95
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I have skipped the registration part and I have scheduled the boot scan and changed the settings from ask to move to chest and now it is scanning. I hope the offline update I did is fine. thanks.
  • 0

#96
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Hi
It completed the scan and found 15 viruses. This the text.

11/12/2011 09:03
Scan of all local drives

File C:\Documents and Settings\Administrator\Desktop\fx.php|>Jan 10-14\Jan 13\audjpy\audjpy d.gif Error 42125 {ZIP archive is corrupted.}
File C:\_OTL\MovedFiles\11062011_073354\C_Program Files\IDT\WDM\AESTFl64.exe is infected by Win64:Vitro, Moved to chest
File C:\_OTL\MovedFiles\11062011_073354\C_Program Files\IDT\WDM\AESTFltr.exe is infected by Win32:Vitro, Moved to chest
File C:\_OTL\MovedFiles\11062011_073354\C_Program Files\IDT\WDM\stacsv.exe is infected by Win32:Vitro, Moved to chest
File C:\_OTL\MovedFiles\11062011_073354\C_Program Files\IDT\WDM\stacsv64.exe is infected by Win64:Vitro, Moved to chest
File C:\_OTL\MovedFiles\11062011_073354\C_Program Files\IDT\WDM\sttray.exe is infected by Win32:Vitro, Moved to chest
File C:\_OTL\MovedFiles\11062011_073354\C_Program Files\IDT\WDM\sttray64.exe is infected by Win64:Vitro, Moved to chest
File C:\_OTL\MovedFiles\11062011_073354\C_WINDOWS\sttray.exe is infected by Win32:Vitro, Moved to chest
File C:\_OTL\MovedFiles\11062011_073354\C_WINDOWS\system32\AESTFltr.exe is infected by Win32:Vitro, Moved to chest
File C:\_OTL\MovedFiles\11062011_073354\C_WINDOWS\system32\Atheros_L1e\DriUpdate32.exe is infected by Win32:Vitro, Moved to chest
File C:\_OTL\MovedFiles\11062011_073354\C_WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\igfxext.exe is infected by Win32:Vitro, Moved to chest
File C:\_OTL\MovedFiles\11062011_073354\C_WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\igfxsrvc.exe is infected by Win32:Vitro, Moved to chest
File C:\_OTL\MovedFiles\11062011_073354\C_WINDOWS\system32\igfxext.exe is infected by Win32:Vitro, Moved to chest
File C:\_OTL\MovedFiles\11062011_073354\C_WINDOWS\system32\stacsv.exe is infected by Win32:Vitro, Moved to chest
File C:\_OTL\MovedFiles\11062011_100657\C_WINDOWS\system32\igfxsrvc.exe is infected by Win32:Vitro, Moved to chest
File D:\Application Data\Mozilla\Firefox\Profiles\wd7kewv9.default\extensions\[email protected]\chrome\temp\ff-config.Tue-15-Mar-2011-19-18-24-GMT\ff-config.zip|>ff-config\skin\links-IT.properties Error 42125 {ZIP archive is corrupted.}
File D:\Flash disk\New Folder (4)\Technical report Edward May.doc is infected by INF:AutoRun-CN [Wrm], Moved to chest
File D:\flash new\1st QUARTERLY MEETING 2011 NYAKI\4Na02224|>NN.ppt Error 42125 {ZIP archive is corrupted.}
File D:\flash new\1st QUARTERLY MEETING 2011 NYAKI\part 1\KIRINYAGA SOUTH 1ST QUARTER 2011 REPORT.pptx|>ppt\slides\slide37.xml Error 42125 {ZIP archive is corrupted.}
File D:\flash new\1st QUARTERLY MEETING 2011 NYAKI\part3.zip|>NN.ppt Error 42125 {ZIP archive is corrupted.}
File D:\flash new\DailyWrapup 07March07.zip|>DailyWrapup 07March.mp3 Error 42125 {ZIP archive is corrupted.}
File D:\flash new\JUNE11 MDR TB STOCK.xls|>Workbook Error 42144 {OLE archive is corrupted.}
File D:\flash new\JUNE11 MDRTB REGISTER.xls|>Workbook Error 42144 {OLE archive is corrupted.}
File D:\My Documents\Downloads\BitTorrent-7.2.1(1).exe|>bt_conduit-20101115.exe|>META-INF\manifest.mf Error 42125 {ZIP archive is corrupted.}
File D:\Tonec.Inc.Internet.Download.Manager.v6.03.Beta.Incl.Keygen.and.Patch-Lz0.rar|>Linezer0.part3.rar Error 42126 {RAR archive is corrupted.}
Number of searched folders: 9026
Number of tested files: 353462
Number of infected files: 15


When i put the PP on the CPU usage is still 100%. I tried runnind OTL in normal mode and while the PP is on and it couldnt continue so i have tun it in safe mode.
  • 0

#97
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
This is the OTL log

OTL logfile created on: 11/12/2011 4:13:50 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 793.81 Mb Available Physical Memory | 78.19% Memory free
2.38 Gb Paging File | 2.30 Gb Available in Paging File | 96.37% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.13 Gb Total Space | 26.05 Gb Free Space | 37.14% Space Free | Partition Type: NTFS
Drive D: | 78.91 Gb Total Space | 21.06 Gb Free Space | 26.69% Space Free | Partition Type: NTFS

Computer Name: COMPUTER_1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/30 21:01:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
PRC - [2011/09/06 23:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2008/04/14 01:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HWDeviceService.exe)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/06 23:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 10:53:34 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Internet Everywhere 3G+\UpdateDog\ouc.exe -- (Internet Everywhere 3G+. RunOuc)
SRV - [2010/09/24 20:12:15 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2009/12/21 09:53:26 | 000,512,000 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ZTEMT UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2007/11/06 23:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 23:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 23:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 23:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 23:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 23:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 23:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 23:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/11 10:53:37 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/08/11 10:53:37 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/08/11 10:53:36 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/08/11 10:53:36 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/09/24 20:12:15 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/09/08 08:56:50 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/09/08 08:56:50 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/09/08 08:56:48 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/09/04 01:24:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/07/17 22:22:49 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/07/15 18:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 18:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/25 14:51:28 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/06/29 23:44:38 | 001,642,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/04/21 20:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/31 23:11:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/04/13 20:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/06 23:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2790392
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "TVfree Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "TVfree Customized Web Search"
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2111809&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/11 22:11:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 21:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 21:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\components [2011/11/11 18:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2011/11/11 18:38:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3

[2011/07/11 18:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/10/26 23:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions
[2011/10/26 23:43:04 | 000,000,000 | ---D | M] (TVfree Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions\{c66f6b8c-7cdb-437c-b9db-9a7a7d9cdd1b}
[2011/06/19 12:16:08 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\searchplugins\conduit.xml
[2011/11/04 20:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 19:48:51 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/21 06:38:47 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/07/27 11:09:47 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/11/11 22:11:55 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/11/05 00:49:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [autodetect] C:\Program Files\Safaricom Broadband\AutoDect.exe ()
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Autochartist] C:\Program Files\Autochartist\autochartist_interbankfx.exe ()
O4 - HKCU..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B77C15E-2662-49C1-BA87-4398E0F21B5C}: NameServer = 41.220.238.4,196.201.231.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8541A0A8-C403-47D8-AC89-C34BB98AEEB7}: NameServer = 41.220.238.4,196.201.231.167
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/17 22:06:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/04 07:51:40 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/11/04 07:51:40 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/11 22:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/11/11 22:12:54 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/11 22:12:54 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/11 22:12:50 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/11 22:12:49 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/11 22:12:49 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/11 22:12:47 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/11 22:12:47 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/11 22:12:47 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/11 22:11:49 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/11 22:11:48 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/11 22:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/11 22:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/11/11 18:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/11/11 18:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/11/11 18:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/11/11 18:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011/11/11 18:35:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\consrv.dll
[2011/11/11 18:34:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/11/11 18:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/11/11 18:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverMax
[2011/11/10 23:51:53 | 000,228,024 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\klogon.dll
[2011/11/10 23:50:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/10 20:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/11/10 20:24:20 | 000,000,000 | ---D | C] -- C:\swsetup
[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Drivers
[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Innovative Solutions
[2011/11/09 23:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2011/11/06 00:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/05 07:03:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/05 00:47:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/05 00:38:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/05 00:33:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/05 00:33:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/05 00:33:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/05 00:33:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/05 00:33:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/05 00:33:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/05 00:33:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 00:32:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/11/05 00:32:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/11/05 00:16:36 | 004,284,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/04 21:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/04 21:40:45 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/04 21:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/04 20:41:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/04 20:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/11/04 20:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2011/11/04 20:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autorun Eater
[2011/11/04 07:51:40 | 000,000,000 | ---D | C] -- C:\autorun.inf
[2011/10/31 20:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/10/31 20:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/30 21:00:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/10/29 18:44:00 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/10/29 18:43:59 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/29 18:40:30 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/10/29 10:47:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/28 10:10:49 | 000,000,000 | ---D | C] -- C:\ubuntu
[2011/10/27 19:50:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/25 22:13:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/23 10:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook

========== Files - Modified Within 30 Days ==========

[2011/11/12 16:11:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/12 16:08:24 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B104C796-8274-4204-92E1-E8EF1497D78A}.job
[2011/11/12 15:50:16 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500UA.job
[2011/11/12 08:43:06 | 000,000,354 | RHS- | M] () -- C:\boot.ini
[2011/11/11 23:47:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500Core.job
[2011/11/11 22:12:55 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/11/11 22:12:48 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/11 18:40:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/09 23:23:05 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DriverMax.lnk
[2011/11/09 05:57:14 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/08 16:38:44 | 000,767,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 16:38:44 | 000,262,118 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/06 10:10:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/05 00:49:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/05 00:18:32 | 004,284,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/04 21:41:20 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/04 21:41:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 20:35:35 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2011/10/30 21:01:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/10/29 18:48:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/28 16:14:39 | 000,134,978 | ---- | M] () -- C:\wubildr
[2011/10/28 16:14:14 | 000,000,238 | ---- | M] () -- C:\Boot.bak
[2011/10/28 16:12:48 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2011/10/27 19:51:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/22 00:11:04 | 000,001,882 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fxTrade Practice.lnk
[2011/10/20 14:03:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/20 08:27:35 | 000,160,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/11/11 22:12:55 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/11/09 23:23:05 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DriverMax.lnk
[2011/11/09 21:02:58 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2011/11/05 08:36:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/05 00:38:31 | 000,000,238 | ---- | C] () -- C:\Boot.bak
[2011/11/05 00:38:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/05 00:33:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/05 00:33:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/05 00:33:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/05 00:33:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/05 00:33:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/04 21:41:20 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/04 21:41:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 20:35:35 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2011/10/29 18:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/28 16:12:48 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2011/10/28 16:12:47 | 000,134,978 | ---- | C] () -- C:\wubildr
[2011/10/25 23:22:32 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2011/09/21 15:19:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/08 23:10:00 | 000,000,088 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[2011/07/23 09:28:39 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2010/12/23 22:48:16 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\AI_ContextMenu.dll
[2010/12/23 17:36:09 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2010/09/07 21:46:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/06 08:58:11 | 001,774,720 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/08/06 08:58:11 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/08/06 08:58:11 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/08/06 08:58:11 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/08/06 08:58:11 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/07/29 21:13:40 | 000,160,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 08:36:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/17 22:20:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/07/17 22:10:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/17 22:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/17 14:55:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/17 14:53:49 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/11/06 23:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/12/31 03:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,767,302 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,262,118 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/28 23:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2011/11/05 08:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2011/07/20 00:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FXTS2
[2011/08/19 22:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HotSync
[2011/08/28 07:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\JetStart
[2011/11/05 21:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeraCopy
[2011/10/09 22:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ZTEEVDO
[2011/11/04 20:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/11/11 22:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/08/08 15:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2011/08/19 22:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/11/11 18:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/08/11 11:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Internet Everywhere 3G+
[2011/09/23 22:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/01/21 23:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/24 07:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2011/11/12 16:08:24 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B104C796-8274-4204-92E1-E8EF1497D78A}.job

========== Purity Check ==========



< End of report >

Now i want to run the Removal tool for Kaspersky Lab products.

Regards
  • 0

#98
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I have run the kaspersky removal and the internet went off. but I have restored the system and it is back to normal. regards
  • 0

#99
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

/md5start
ndis.sys
userinit.exe
explorer.exe
shell.dll
/md5stop

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

I want to try removing some junk with Combofix.

If it doesn't work afterward you can put it back with a restore.



Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{cacef07c-182a-4b92-941e-4bc52e0e5aca}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fad7e09b-f099-4c45-89bc-3b29bdabf179}]

Registry::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{cacef07c-182a-4b92-941e-4bc52e0e5aca}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fad7e09b-f099-4c45-89bc-3b29bdabf179}]

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.



Ron
  • 0

#100
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Hi
I am sorry for the delay in responding but i wasnt around yesterday. I have copied and RUN SCAN as you had instructed although it did not reboot. This is the log

OTL logfile created on: 11/13/2011 4:22:30 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 728.84 Mb Available Physical Memory | 71.79% Memory free
2.38 Gb Paging File | 2.24 Gb Available in Paging File | 94.09% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.13 Gb Total Space | 25.67 Gb Free Space | 36.61% Space Free | Partition Type: NTFS
Drive D: | 78.91 Gb Total Space | 20.98 Gb Free Space | 26.59% Space Free | Partition Type: NTFS

Computer Name: COMPUTER_1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 05:55:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\firefox.exe
PRC - [2011/10/30 21:01:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
PRC - [2008/04/14 01:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 05:54:53 | 001,989,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HWDeviceService.exe)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 10:53:34 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Internet Everywhere 3G+\UpdateDog\ouc.exe -- (Internet Everywhere 3G+. RunOuc)
SRV - [2010/09/24 20:12:15 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2009/12/21 09:53:26 | 000,512,000 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ZTEMT UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2007/11/06 23:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/11 10:53:37 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/08/11 10:53:37 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/08/11 10:53:36 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/08/11 10:53:36 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/09/24 20:12:15 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/09/08 08:56:50 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/09/08 08:56:50 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/09/08 08:56:48 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/09/04 01:24:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/07/17 22:22:49 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/07/15 18:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 18:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/25 14:51:28 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/06/29 23:44:38 | 001,642,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/04/21 20:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/31 23:11:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/04/13 20:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/06 23:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2790392
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "TVfree Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "TVfree Customized Web Search"
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2111809&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 21:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 21:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\components [2011/11/11 18:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2011/11/12 17:29:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3

[2011/07/11 18:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/10/26 23:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions
[2011/10/26 23:43:04 | 000,000,000 | ---D | M] (TVfree Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions\{c66f6b8c-7cdb-437c-b9db-9a7a7d9cdd1b}
[2011/06/19 12:16:08 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\searchplugins\conduit.xml
[2011/11/12 17:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 19:48:51 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/21 06:38:47 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/11/12 17:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/11/05 00:49:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [autodetect] C:\Program Files\Safaricom Broadband\AutoDect.exe ()
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Autochartist] C:\Program Files\Autochartist\autochartist_interbankfx.exe ()
O4 - HKCU..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKCU..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B77C15E-2662-49C1-BA87-4398E0F21B5C}: NameServer = 41.220.238.4,196.201.231.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8541A0A8-C403-47D8-AC89-C34BB98AEEB7}: NameServer = 41.220.238.4,196.201.231.167
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/17 22:06:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/04 07:51:40 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/11/04 07:51:40 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/12 17:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/11/12 17:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/11/12 17:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/11/12 17:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011/11/11 22:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/11 22:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/11/11 18:35:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\consrv.dll
[2011/11/11 18:34:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/11/11 18:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/11/11 18:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverMax
[2011/11/10 23:51:53 | 000,228,024 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\klogon.dll
[2011/11/10 23:50:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/10 20:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/11/10 20:24:20 | 000,000,000 | ---D | C] -- C:\swsetup
[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Drivers
[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Innovative Solutions
[2011/11/09 23:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2011/11/06 00:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/05 07:03:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/05 00:47:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/05 00:38:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/05 00:33:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/05 00:33:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/05 00:33:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/05 00:33:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/05 00:33:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/05 00:33:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/05 00:33:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 00:32:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/11/05 00:32:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/11/05 00:16:36 | 004,284,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/04 21:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/04 21:40:45 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/04 21:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/04 20:41:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/04 20:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/11/04 20:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2011/11/04 20:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autorun Eater
[2011/11/04 07:51:40 | 000,000,000 | ---D | C] -- C:\autorun.inf
[2011/10/31 20:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/10/31 20:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/30 21:00:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/10/29 18:44:00 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/10/29 18:43:59 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/29 18:40:30 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/10/29 10:47:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/28 10:10:49 | 000,000,000 | ---D | C] -- C:\ubuntu
[2011/10/27 19:50:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/25 22:13:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/23 10:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook

========== Files - Modified Within 30 Days ==========

[2011/11/13 16:20:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/13 16:19:49 | 000,000,354 | RHS- | M] () -- C:\boot.ini
[2011/11/13 16:15:29 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B104C796-8274-4204-92E1-E8EF1497D78A}.job
[2011/11/12 17:47:03 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500UA.job
[2011/11/11 23:47:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500Core.job
[2011/11/11 22:12:48 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/11 18:40:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/09 23:23:05 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DriverMax.lnk
[2011/11/09 05:57:14 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/08 16:38:44 | 000,767,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 16:38:44 | 000,262,118 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/06 10:10:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/05 00:49:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/05 00:18:32 | 004,284,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/04 21:41:20 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/04 21:41:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 20:35:35 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2011/10/30 21:01:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/10/29 18:48:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/28 16:14:39 | 000,134,978 | ---- | M] () -- C:\wubildr
[2011/10/28 16:14:14 | 000,000,238 | ---- | M] () -- C:\Boot.bak
[2011/10/28 16:12:48 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2011/10/27 19:51:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/22 00:11:04 | 000,001,882 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fxTrade Practice.lnk
[2011/10/20 14:03:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/20 08:27:35 | 000,160,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/11/09 23:23:05 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DriverMax.lnk
[2011/11/09 21:02:58 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2011/11/05 08:36:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/05 00:38:31 | 000,000,238 | ---- | C] () -- C:\Boot.bak
[2011/11/05 00:38:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/05 00:33:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/05 00:33:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/05 00:33:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/05 00:33:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/05 00:33:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/04 21:41:20 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/04 21:41:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 20:35:35 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2011/10/29 18:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/28 16:12:48 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2011/10/28 16:12:47 | 000,134,978 | ---- | C] () -- C:\wubildr
[2011/10/25 23:22:32 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2011/09/21 15:19:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/08 23:10:00 | 000,000,088 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[2011/07/23 09:28:39 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2010/12/23 22:48:16 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\AI_ContextMenu.dll
[2010/12/23 17:36:09 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2010/09/07 21:46:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/06 08:58:11 | 001,774,720 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/08/06 08:58:11 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/08/06 08:58:11 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/08/06 08:58:11 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/08/06 08:58:11 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/07/29 21:13:40 | 000,160,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 08:36:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/17 22:20:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/07/17 22:10:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/17 22:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/17 14:55:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/17 14:53:49 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/11/06 23:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/12/31 03:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,767,302 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,262,118 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/14 01:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: NDIS.SYS >
[2008/04/13 20:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008/04/13 20:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: SHELL.DLL >
[2001/08/23 08:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=DC8A8C47542EDD026AD8F4AC3D6C2292 -- C:\WINDOWS\system\SHELL.DLL
[2001/08/23 08:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=DC8A8C47542EDD026AD8F4AC3D6C2292 -- C:\WINDOWS\system32\dllcache\shell.dll
[2001/08/23 08:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=DC8A8C47542EDD026AD8F4AC3D6C2292 -- C:\WINDOWS\system32\shell.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 01:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 01:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< End of report >
  • 0

Advertisements


#101
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Hi i had followed the instructions of Drag CFScript.txt over to Combofix and i waited over 30 min for it to start but it didn't start. It just brought a window in which it extracted some file and that window disappeared after extracting, then i waited for that long with nothing happening. I don't know why.

I don't have also the avast ball on the bottom right corner even the short cut on the desk top is not also there.
I don't have even the sound.

Regards
  • 0

#102
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP
Can you run Combofix by itself?
  • 0

#103
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I have tried it but warns me that Kaspersky Internet Security is running and it is risk so i couldn't stop Combofix and a restarted the computer.
I had run the kaspersky removal which after that made my internet to disappear and i restored the system.
I don't know whether that restoration put the KIS back or what.
I don't know.
  • 0

#104
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP
It's likely that it put back the registry entries. Didn't think it saved the files too but your last scan in Safe Mode shows it and doesn't say anything about missing files. You can right click on the clock and select Task Manager then Processes then look and see if avp.exe is running. That's the main kaspersky program. If Avast is still there (Looks like it is not) it should have two entries both starting with Avast. You can try to click on avp.exe and End Process. (Ignore the warning). If avp is not running then tell Combofix to run anyway.
  • 0

#105
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
There was no avp.exe

I have run the Combofix and this is the log

ComboFix 11-11-13.02 - Administrator 11/13/2011 20:47:35.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.459 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
.
.
2011-11-13 16:28 . 2011-11-13 16:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2011-11-13 16:24 . 2011-11-13 16:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2011-11-12 14:30 . 2011-11-12 14:30 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-12 14:29 . 2011-11-12 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2011-11-12 14:29 . 2011-11-13 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2011-11-12 14:29 . 2011-11-12 14:29 -------- d-----w- c:\program files\Kaspersky Lab
2011-11-11 19:11 . 2011-11-11 19:11 -------- d-----w- c:\program files\AVAST Software
2011-11-11 19:11 . 2011-11-11 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-11-11 15:35 . 2011-11-11 15:35 -------- d-----w- c:\windows\system32\consrv.dll
2011-11-11 15:34 . 2011-11-11 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2011-11-10 20:51 . 2010-07-01 18:35 228024 ----a-w- c:\windows\system32\klogon.dll
2011-11-10 17:33 . 2011-11-11 15:35 -------- d-----w- c:\program files\IDT
2011-11-10 17:24 . 2011-11-10 21:05 -------- d-----w- C:\swsetup
2011-11-09 20:23 . 2011-11-09 20:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Innovative Solutions
2011-11-09 20:23 . 2011-11-09 20:23 -------- d-----w- c:\program files\Innovative Solutions
2011-11-05 21:45 . 2011-11-05 21:45 -------- d-----w- c:\program files\ESET
2011-11-04 18:40 . 2011-08-31 14:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-04 18:40 . 2011-11-04 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-04 17:41 . 2011-11-04 17:41 -------- d-----w- C:\_OTL
2011-11-04 17:35 . 2011-11-04 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2011-11-04 17:35 . 2011-11-04 17:35 -------- d-----w- c:\program files\Autorun Eater
2011-10-31 17:44 . 2011-10-31 17:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-10-31 17:35 . 2011-10-31 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-29 15:44 . 2010-11-09 11:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-10-29 15:43 . 2010-11-09 11:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-29 15:40 . 2011-10-30 08:17 -------- d-----w- C:\VIPRERESCUE
2011-10-28 07:10 . 2011-10-28 13:14 -------- d-----w- C:\ubuntu
2011-10-23 07:42 . 2011-10-23 07:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-08 65216]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Autochartist"="c:\program files\Autochartist\Autochartist_INTERBANKFX.exe" [2011-01-25 4916560]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2011-10-19 9251240]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2011-10-19 9251240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-11 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-02 131072]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-02 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-02 163840]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216]
"autodetect"="c:\program files\Safaricom Broadband\AutoDect.exe" [2010-05-26 128864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-09-24 352976]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
2010-09-24 17:12 352976 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PlugPlay"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\My Documents\\Downloads\\BitTorrent-7.2.1(1).exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/29/2011 6:43 PM 98392]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/4/2011 9:41 PM 366152]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/17/2010 10:17 PM 113664]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [8/11/2011 11:30 AM 73216]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 12:06 PM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/15/2010 3:56 PM 39424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/4/2011 9:40 PM 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Internet Everywhere 3G+. RunOuc;Internet Everywhere 3G+. OUC;c:\program files\Internet Everywhere 3G+\UpdateDog\ouc.exe [8/6/2011 8:34 PM 218624]
S2 UDisk Monitor;UDisk Monitor;c:\program files\ZTEMT UI\bin\MonServiceUDisk.exe [10/9/2011 9:22 PM 512000]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/6/2010 8:58 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/6/2010 8:58 AM 8456]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [8/11/2011 11:30 AM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [8/11/2011 11:30 AM 235392]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 11:22 PM 34064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [10/9/2011 9:22 PM 104704]
S4 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe -/service --> c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe -/service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-13 16:06]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-13 16:06]
.
2011-11-13 c:\windows\Tasks\User_Feed_Synchronization-{B104C796-8274-4204-92E1-E8EF1497D78A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{6B77C15E-2662-49C1-BA87-4398E0F21B5C}: NameServer = 41.220.238.4,196.201.231.167
TCP: Interfaces\{8541A0A8-C403-47D8-AC89-C34BB98AEEB7}: NameServer = 41.220.238.4,196.201.231.167
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2111809&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - TVfree Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2111809&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-13 20:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-2077806209-515967899-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,da,6a,0e,83,a7,18,46,b4,e7,e1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,da,6a,0e,83,a7,18,46,b4,e7,e1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):41,d8,c1,08,f2,7c,fb,61,28,c3,e4,fd,07,8a,ea,96,e5,a8,ff,0b,62,
52,7a,6e,84,8f,cb,ed,ac,52,32,7b,d4,d4,24,52,e0,c4,70,45,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):77,bb,8d,86,c9,f2,15,53,1d,d6,d5,83,1b,ab,0d,53,98,60,55,26,38,
b0,09,78,85,d3,58,67,7e,84,12,1f,3b,24,d7,cd,62,a1,e5,83,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{cacef07c-182a-4b92-941e-4bc52e0e5aca}]
@Denied: (Full) (Everyone)
"Model"=dword:0000008e
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fad7e09b-f099-4c45-89bc-3b29bdabf179}]
@Denied: (Full) (Everyone)
"Model"=dword:00000112
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,ab,9e,50,1b,eb,77,d1,ab,9b,4c,c0,c8,c5,f9,b5,7b,83,e0,8b,c5,07,bb,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4016)
c:\documents and settings\Administrator\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2011-11-13 21:00:05
ComboFix-quarantined-files.txt 2011-11-13 18:00
ComboFix2.txt 2011-11-05 03:10
.
Pre-Run: 27,479,859,200 bytes free
Post-Run: 27,498,237,952 bytes free
.
- - End Of File - - 479235EABB36317DABB94E6A00FD6BD7
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP