[mikerz]

I have run combofix a few times because at first parts of the program would become non responsive due to the cpu usage (i think.) But mainly the user was complaining of a slow computer. I will post the combofix log if it is wanted. I did not ever get a specific name on the virus. (I may fail at reading logs)

OTL logfile created on: 1/24/2012 1:30:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\lfisher\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 67.42% Memory free
6.99 Gb Paging File | 5.89 Gb Available in Paging File | 84.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.98 Gb Total Space | 118.04 Gb Free Space | 79.23% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive H: | 123.43 Gb Total Space | 90.31 Gb Free Space | 73.17% Space Free | Partition Type: NTFS
Drive U: | 123.43 Gb Total Space | 90.31 Gb Free Space | 73.17% Space Free | Partition Type: NTFS

Computer Name: LFISHERLAP | User Name: lfisher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/23 10:54:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\lfisher\Desktop\OTL.exe
PRC - [2011/10/14 16:17:12 | 000,277,440 | ---- | M] (DameWare Development) -- C:\Windows\dwrcs\DWRCST.EXE
PRC - [2011/10/14 16:16:48 | 000,588,736 | ---- | M] (DameWare Development LLC) -- C:\Windows\dwrcs\DWRCS.EXE
PRC - [2011/10/14 16:16:10 | 000,120,768 | ---- | M] (DameWare Development LLC) -- C:\Windows\System32\DNTUS26.EXE
PRC - [2011/09/21 10:26:30 | 015,759,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2011/08/15 08:21:00 | 001,091,072 | ---- | M] (SysAid Ltd) -- C:\Program Files\SysAid\IliAS.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 16:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/20 12:38:38 | 000,141,688 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe
PRC - [2010/03/12 19:29:22 | 000,311,680 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
PRC - [2005/07/22 03:47:22 | 000,151,552 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2004/02/13 14:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 00:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2005/07/22 05:35:14 | 000,323,584 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2005/07/22 05:34:16 | 000,393,216 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2005/07/22 05:20:34 | 000,160,256 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2005/07/22 05:15:34 | 000,417,792 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaEmail.esx
MOD - [2005/07/22 05:01:54 | 000,087,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2005/07/22 05:00:12 | 000,266,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2005/07/22 04:58:30 | 000,046,592 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2005/07/22 04:52:32 | 000,204,800 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2005/07/22 04:51:26 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2005/07/22 04:45:08 | 000,131,072 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2005/07/22 04:37:28 | 000,306,176 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2005/07/22 04:28:46 | 000,076,288 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2005/07/22 04:16:26 | 000,092,160 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpri40.dll
MOD - [2005/07/22 04:06:26 | 000,671,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2005/07/22 03:54:12 | 000,086,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2005/07/22 03:53:42 | 000,059,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2005/07/22 03:53:10 | 000,175,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2005/07/22 03:51:32 | 000,261,120 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2005/07/22 03:49:14 | 000,296,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2005/07/22 03:48:02 | 000,100,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2005/07/22 03:47:22 | 000,151,552 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
MOD - [2005/07/22 03:45:50 | 000,215,552 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2005/07/22 03:44:42 | 000,032,256 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2005/07/13 10:21:08 | 000,503,808 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommon30.dll
MOD - [2005/07/13 10:20:50 | 000,319,488 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProc30.dll
MOD - [2005/07/13 10:20:32 | 000,565,248 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML30.dll
MOD - [2005/07/13 10:20:12 | 000,311,296 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFF30.dll
MOD - [2005/07/13 10:20:00 | 001,126,400 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmp30.dll
MOD - [2005/07/13 10:19:12 | 000,438,272 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxIm30.dll
MOD - [2005/07/13 10:18:50 | 000,516,096 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBase30.dll
MOD - [2005/03/04 08:26:10 | 000,024,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KcmsMgr.dll
MOD - [2004/02/13 14:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
MOD - [2004/02/11 16:58:16 | 000,147,493 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\bwfiles.dll
MOD - [2004/02/11 16:58:16 | 000,094,243 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\FrExt.dll
MOD - [2004/02/11 16:58:16 | 000,061,496 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\clntutil.dll
MOD - [2003/06/08 19:21:14 | 000,135,168 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWTargetInf.dll
MOD - [2003/06/08 17:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\frext-7288971.dll
MOD - [2003/06/08 17:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/02 07:35:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/10/14 16:16:48 | 000,588,736 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\Windows\dwrcs\DWRCS.EXE -- (dwmrcs)
SRV - [2011/10/14 16:16:10 | 000,120,768 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\Windows\System32\DNTUS26.EXE -- (DNTUS26)
SRV - [2011/08/15 08:21:00 | 001,091,072 | ---- | M] () [Auto | Running] -- C:\Program Files\SysAid\\IliAS.exe -- (SysAidAgent)
SRV - [2011/06/21 13:58:38 | 001,659,392 | ---- | M] (SysAid Technology ltd.) [On_Demand | Stopped] -- C:\Program Files\SysAid\SysAidRCC.exe -- (SysAidRCC Remote)
SRV - [2010/10/20 12:38:38 | 000,141,688 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe -- (klnagent)
SRV - [2010/03/12 19:29:22 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe -- (AVP)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/01/19 22:34:35 | 000,233,560 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/01/19 22:34:35 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/11/12 17:49:02 | 000,126,480 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/09/09 17:19:16 | 000,069,664 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2009/09/03 15:24:40 | 000,024,848 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2009/08/19 16:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2007/02/15 06:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\System32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/02/07 06:00:00 | 000,003,712 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2005/02/18 10:57:10 | 000,071,168 | ---- | M] (Gemplus) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GKUPRO2D.sys -- (GKUPRO2D)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dsresidential.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2012/01/23 15:19:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DameWare MRC Agent] C:\Windows\dwrcs\DWRCST.EXE (DameWare Development)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\LinksBar present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun_KL_notset = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll (Kaspersky Lab)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 127.0.0.1 192.168.0.12 192.168.0.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dsresidential.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89BA0856-EAFF-489E-9047-44C5C63D379C}: DhcpNameServer = 127.0.0.1 192.168.0.12 192.168.0.13
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll) -C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\adialhk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/02/07 12:29:03 | 000,000,000 | ---D | M] - H:\auto accident report -- [ NTFS ]
O32 - AutoRun File - [2011/07/28 09:42:39 | 000,000,000 | ---D | M] - H:\Auto Maintanence -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/23 16:03:35 | 000,000,000 | ---D | C] -- C:\Users\lfisher\AppData\Local\temp
[2012/01/23 15:20:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/23 11:43:21 | 000,000,000 | ---D | C] -- C:\asdtfgjhk
[2012/01/23 11:20:11 | 004,388,468 | R--- | C] (Swearware) -- C:\Users\lfisher\Desktop\asdtfgjhk.exe
[2012/01/23 10:53:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\lfisher\Desktop\OTL.exe
[2012/01/20 16:03:34 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/20 16:03:33 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/20 10:28:19 | 000,000,000 | ---D | C] -- C:\gdfkauyhsgbf
[2012/01/19 18:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/19 18:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4
[2012/01/19 18:45:48 | 000,233,560 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/01/19 17:10:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/19 17:10:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/19 17:10:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/19 17:09:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/19 16:34:11 | 000,120,768 | ---- | C] (DameWare Development LLC) -- C:\Windows\System32\DNTUS26.EXE
[2012/01/19 16:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/01/19 16:32:10 | 000,000,000 | ---D | C] -- C:\Users\lfisher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/01/19 16:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2012/01/19 16:07:52 | 000,000,000 | ---D | C] -- C:\Windows\dwrcs
[2012/01/11 10:56:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 10:56:47 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 10:56:45 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/10 11:59:25 | 000,000,000 | ---D | C] -- C:\Users\lfisher\Desktop\Due 1st of month
[2012/01/10 11:58:33 | 000,000,000 | ---D | C] -- C:\Users\lfisher\Desktop\Forms
[2012/01/10 11:57:10 | 000,000,000 | ---D | C] -- C:\Users\lfisher\Desktop\Schedules
[1 \\knox01\lfisher$\*.tmp files -> \\knox01\lfisher$\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/24 13:44:04 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/24 13:34:03 | 000,022,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 13:34:03 | 000,022,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 11:00:14 | 000,029,696 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2012/01/24 11:00:14 | 000,004,096 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2012/01/24 11:00:11 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/01/24 11:00:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/24 10:58:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/24 10:58:04 | 2816,974,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/23 15:19:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/23 14:14:43 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2012/01/23 11:37:00 | 000,627,762 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/23 11:36:59 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/23 11:17:19 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\lfisher\Desktop\asdtfgjhk.exe
[2012/01/23 10:54:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\lfisher\Desktop\OTL.exe
[2012/01/23 08:26:43 | 000,004,682 | RHS- | M] () -- C:\Users\lfisher\ntuser.pol
[2012/01/19 22:34:35 | 000,233,560 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/01/19 22:34:35 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klim6.sys
[2012/01/19 19:51:37 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012/01/19 19:51:37 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012/01/19 16:38:52 | 000,007,605 | ---- | M] () -- C:\Users\lfisher\AppData\Local\Resmon.ResmonCfg
[2012/01/19 16:32:59 | 000,000,965 | ---- | M] () -- C:\Users\lfisher\Desktop\SpeedFan.lnk
[2012/01/19 16:30:16 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2012/01/19 16:28:35 | 000,000,000 | ---- | M] () -- C:\Users\lfisher\Desktop\initdebug.nfo
[2012/01/19 16:07:45 | 000,000,117 | ---- | M] () -- C:\Windows\System32\DWRCCMDError.ini
[1 \\knox01\lfisher$\*.tmp files -> \\knox01\lfisher$\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/19 18:50:44 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012/01/19 18:50:44 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012/01/19 17:10:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 17:10:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 17:10:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 17:10:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 17:10:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/19 16:38:52 | 000,007,605 | ---- | C] () -- C:\Users\lfisher\AppData\Local\Resmon.ResmonCfg
[2012/01/19 16:32:59 | 000,000,965 | ---- | C] () -- C:\Users\lfisher\Desktop\SpeedFan.lnk
[2012/01/19 16:28:36 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2012/01/19 16:28:31 | 000,000,000 | ---- | C] () -- C:\Users\lfisher\Desktop\initdebug.nfo
[2012/01/19 16:07:44 | 000,000,117 | ---- | C] () -- C:\Windows\System32\DWRCCMDError.ini
[2011/11/17 11:07:21 | 000,684,032 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2011/11/17 11:07:21 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2011/11/02 09:38:31 | 000,021,700 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/10/31 15:02:43 | 000,012,048 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/15 08:59:18 | 000,053,248 | ---- | C] () -- C:\Windows\System32\JrlSrvClient.dll
[2011/04/15 08:59:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\MsgSrvClient.dll
[2011/04/15 08:59:18 | 000,040,448 | ---- | C] () -- C:\Windows\System32\REGOBJ.DLL
[2011/04/15 08:59:16 | 000,158,208 | ---- | C] () -- C:\Windows\System32\biidll.dll
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/09/30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,407,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,627,762 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/10/30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll
[2008/10/30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll
[2004/12/14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2004/12/14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2004/12/14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\Windows\System32\KodakOneTouch.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

< End of report >

[Advertisements]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• In the custom scan box paste the following:
  

  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  %SYSTEMDRIVE%\*.exe
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90

• Push the button.
• A report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

[myrti]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• In the custom scan box paste the following:
  

  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  %SYSTEMDRIVE%\*.exe
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90

• Push the button.
• A report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

[myrti]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.