Inactive [A] Win32:Karagany-EW trojan please help ASAP (Firefox crashed)

Status
Not open for further replies.
F

flakeup

18:29:04.014 File: C:\Documents and Settings\Os\Application Data\Sun\Java\Deployment\cache\6.0\2\8a4cec2-66aced2c **INFECTED** Win32:Karagany-EW [Trj]

hijack/DDS, OTL and Asw logs below.....

Microsoft confirmed I have the virus when they check command prompt, csrss.exe (which sends email PWs or unecessary ones and downloadhelp.exe. It already shut down security tasks, and kaspersky didn't catch it, maybe cause malware bytes was installed too?

Please help with the removal! He said if I reboot I may get the blue screen which can make it worse. What should I do??



LOG:

DDS FILE:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Os at 17:10:28 on 2012-04-19
MicrosoftWindowsXP Home Edition 5.1.2600.3.1252.1.1033.18.2037.378 [GMT -4:00]
.
AV: Kaspersky InternetSecurity *Enabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Os\LOCALS~1\Temp\TeamViewer\Version7\TeamViewer.exe
C:\DOCUME~1\Os\LOCALS~1\Temp\TeamViewer\Version7\tv_w32.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_Plugin.exe -update plugin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\os\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} - hxxps://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262676841203
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262676836453
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{37F52497-B5D4-4FFF-8FA0-43DE8A52246C} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\os\application data\mozilla\firefox\profiles\3qc9ow07.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
.txt=Word Reader-TXT
.
=============== Created Last 30 ================
.
2012-04-19 20:10:05 -------- d-----w- c:\documents and settings\os\application data\TeamViewer
2012-04-03 0548 -------- d-----w- C:\HakkasanApr2
2012-03-30 21:20:14 -------- d-----w- C:\kaspseria
2012-03-29 16:42:22 -------- d-----w- c:\program files\iPod
2012-03-29 16:42:16 -------- d-----w- c:\program files\iTunes
2012-03-29 16:22:10 -------- d-----w- C:\simon
2012-03-22 20:50:49 -------- d-----w- c:\program files\HitmanPro
2012-03-22 20:44:36 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
.
==================== Find3M ====================
.
2012-03-03 05:20:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-01 00:47:24 709968 ----a-w- c:\windows\isRS-000.tmp
2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.
============= FINISH: 17:15:28.49 ===============


[HJT log removed by Broni]

OTL logfile created on: 4/19/2012 6:04:32 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Os\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.33 Gb Available Physical Memory | 16.34% Memory free
3.83 Gb Paging File | 1.64 Gb Available in Paging File | 42.84% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 68.73 Gb Free Space | 46.14% Space Free | Partition Type: NTFS

Computer Name: D9BH4YF1 | User Name: Os | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 17:59:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Os\Desktop\OTL.exe
PRC - [2012/03/18 14:57:29 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/12/10 12:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2009/11/27 13:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2009/02/20 14:23:26 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/10/20 00:54:44 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/18 14:57:28 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/31 19:55:56 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/19 17:22:42 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2010/04/12 18:46:46 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/12/10 12:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
MOD - [2009/11/27 13:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
MOD - [2009/11/20 15:22:28 | 000,212,992 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
MOD - [2009/08/28 17:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
MOD - [2009/02/27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/04/14 08:00:00 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:59 | 000,376,832 | ---- | M] () -- C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2009/11/27 13:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2009/11/05 17:08:36 | 000,360,529 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/02/20 14:23:26 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2009/01/07 19:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2007/07/26 19:03:46 | 000,358,936 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/20 14:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\PROCEXP151.SYS -- (PROCEXP151)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Os\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Os\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/15 22:40:16 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/25 13:21:00 | 001,710,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/01/30 18:13:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/09/25 19:07:00 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/07/25 21:55:36 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2006/11/29 01:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/03/17 19:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32)
 
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080325
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080325
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
IE - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9.3
FF - prefs.js..extensions.enabledItems: {84417002-6445-49b4-9fd7-1ef48240fa41}:1.0.6
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/07/15 22:55:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2011/07/15 22:55:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 14:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/12 18:21:44 | 000,000,000 | ---D | M]

[2008/08/28 15:30:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Os\Application Data\Mozilla\Extensions
[2012/03/29 16:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Os\Application Data\Mozilla\Firefox\Profiles\3qc9ow07.default\extensions
[2009/08/02 01:49:13 | 000,000,000 | ---D | M] (Tab History) -- C:\Documents and Settings\Os\Application Data\Mozilla\Firefox\Profiles\3qc9ow07.default\extensions\{84417002-6445-49b4-9fd7-1ef48240fa41}
[2012/03/29 16:53:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Os\Application Data\Mozilla\Firefox\Profiles\3qc9ow07.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/03 02:26:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Os\Application Data\Mozilla\Firefox\Profiles\3qc9ow07.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/01/11 01:35:54 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Os\Application Data\Mozilla\Firefox\Profiles\3qc9ow07.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/01/17 17:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Os\Application Data\Mozilla\Firefox\Profiles\3qc9ow07.default\extensions\fsonlinescanner@f-secure.com
[2009/07/04 00:03:55 | 000,000,000 | ---D | M] (Tab buttons) -- C:\Documents and Settings\Os\Application Data\Mozilla\Firefox\Profiles\3qc9ow07.default\extensions\tabbuttons.ff@octopod.org
[2012/02/18 18:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/15 22:42:32 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2012/03/18 14:57:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/08/31 15:55:51 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol308.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/18 18:14:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/18 18:14:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-200287221-3165070041-3785318082-1006..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
O4 - Startup: C:\Documents and Settings\Os\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\mswsock.dll File not found
O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} https://install.home...ive/HS_live.cab (HS_live Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1262676841203 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1262676836453 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37F52497-B5D4-4FFF-8FA0-43DE8A52246C}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (猀瀀爀攀猀琀爀琀)
O34 - HKLM BootExecute: (猀瀀爀攀猀琀爀琀)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: net1nsta - (C:\WINDOWS\system32\cmdlreg.dll) - File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 17:59:18 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Os\Desktop\OTL.exe
[2012/04/19 17:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Os\Start Menu\Programs\HiJackThis
[2012/04/19 17:09:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Os\Desktop\dds.scr
[2012/04/19 17:08:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Os\Start Menu\Programs\Administrative Tools
[2012/04/19 16:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Os\Application Data\TeamViewer
[2012/04/03 01:06:48 | 000,000,000 | ---D | C] -- C:\HakkasanApr2
[2012/03/30 17:20:14 | 000,000,000 | ---D | C] -- C:\kaspseria
[2012/03/29 12:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/29 12:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/29 12:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/29 12:22:10 | 000,000,000 | ---D | C] -- C:\simon
[2012/03/22 16:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/03/22 16:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/19 17:59:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Os\Desktop\OTL.exe
[2012/04/19 17:27:51 | 000,001,978 | ---- | M] () -- C:\Documents and Settings\Os\Desktop\HiJackThis.lnk
[2012/04/19 17:06:47 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Os\Desktop\dds.scr
[2012/04/19 16:27:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/16 13:36:14 | 000,127,493 | ---- | M] () -- C:\apr21-22-green2.jpg
[2012/04/16 13:35:33 | 000,127,493 | ---- | M] () -- C:\apr21-22-greentwo.jpg
[2012/04/16 13:34:01 | 000,138,851 | ---- | M] () -- C:\apr21-22-green1.jpg
[2012/04/14 12:08:16 | 000,127,713 | ---- | M] () -- C:\Apr14-15-Kochcomic.jpg
[2012/04/14 12:05:28 | 000,131,961 | ---- | M] () -- C:\apr20-Resonance.jpg
[2012/04/14 11:45:22 | 000,092,303 | ---- | M] () -- C:\apr14-bar.jpg
[2012/04/13 10:42:20 | 000,092,793 | ---- | M] () -- C:\apr14-seams.jpg
[2012/04/12 18:45:43 | 000,073,793 | ---- | M] () -- C:\larrycard2.jpg
[2012/04/12 17:36:33 | 000,088,668 | ---- | M] () -- C:\Apr15-openh.jpg
[2012/04/12 17:36:06 | 000,130,445 | ---- | M] () -- C:\Apr15.png
[2012/04/12 17:32:29 | 000,105,997 | ---- | M] () -- C:\Apr14-chimp1.jpg
[2012/04/12 17:23:11 | 000,121,705 | ---- | M] () -- C:\Apr14-carshowNJ.jpg
[2012/04/11 10:32:25 | 000,072,501 | ---- | M] () -- C:\apr16-turk.jpg
[2012/04/10 22:30:17 | 000,093,887 | ---- | M] () -- C:\Apr11-sherrywines.jpg
[2012/04/10 22:30:07 | 000,077,000 | ---- | M] () -- C:\Apr11-sherrywines2.jpg
[2012/04/10 15:51:38 | 001,409,473 | ---- | M] () -- C:\Documents and Settings\Os\Desktop\Origamizer043.zip
[2012/04/10 15:31:14 | 000,136,947 | ---- | M] () -- C:\Apr11-cabin.jpg
[2012/04/09 18:54:06 | 000,216,060 | ---- | M] () -- C:\Apr8-ronwoodgallery2.sJPG
[2012/04/09 18:53:56 | 000,300,643 | ---- | M] () -- C:\Apr8-ronwoodgallery.sJPG
[2012/04/08 18:21:02 | 000,112,255 | ---- | M] () -- C:\Apr12-Metamorph.jpg
[2012/04/08 18:09:59 | 000,036,117 | ---- | M] () -- C:\Apr14-ShirHash.jpg
[2012/04/08 18:09:41 | 000,036,117 | ---- | M] () -- C:\Shir-Hashirim.jpg
[2012/04/08 02:50:34 | 000,035,189 | ---- | M] () -- C:\Bsmith-coupon2011.jpg
[2012/04/07 18:17:33 | 000,272,021 | ---- | M] () -- C:\mar14-havana.jpg
[2012/04/07 13:49:53 | 000,085,541 | ---- | M] () -- C:\Apr13-Sohofest.jpg
[2012/04/06 19:30:20 | 000,161,310 | ---- | M] () -- C:\May8-storyville.jpg
[2012/04/06 19:28:31 | 000,070,938 | ---- | M] () -- C:\Apr12-Alessi.jpg
[2012/04/06 19:02:14 | 000,095,469 | ---- | M] () -- C:\Apr22-bronxhealth.jpg
[2012/04/06 18:59:28 | 000,033,568 | ---- | M] () -- C:\Apr17-cinnabon.jpg
[2012/04/06 18:49:26 | 000,086,715 | ---- | M] () -- C:\apr7-milk.jpg
[2012/04/06 00:06:55 | 000,042,151 | ---- | M] () -- C:\Guessprev.jpg
[2012/04/05 18:43:52 | 000,086,514 | ---- | M] () -- C:\apr12-carnival.jpg
[2012/04/05 18:03:32 | 000,058,127 | ---- | M] () -- C:\apr5-politics.jpg
[2012/04/05 18:00:08 | 000,187,471 | ---- | M] () -- C:\apr5-rica2.png
[2012/04/05 17:59:52 | 000,606,565 | ---- | M] () -- C:\apr5-rica.png
[2012/04/05 15:01:15 | 000,070,833 | ---- | M] () -- C:\Apr5-sluteverparty-westway.jpg
[2012/04/05 14:05:34 | 000,164,911 | ---- | M] () -- C:\apr14-chimpw.jpg
[2012/04/05 14:02:34 | 000,264,396 | ---- | M] () -- C:\apr14-chimp.jpg
[2012/04/05 13:57:22 | 000,096,211 | ---- | M] () -- C:\apr5-hennesy.jpg
[2012/04/05 13:30:22 | 000,192,333 | ---- | M] () -- C:\apr5-korean.jpg
[2012/04/05 11:00:12 | 000,056,964 | ---- | M] () -- C:\Apr7-Women.jpg
[2012/04/04 17:10:21 | 000,082,524 | ---- | M] () -- C:\Apr4-mlbfancave.jpg
[2012/04/04 10:24:57 | 000,116,432 | ---- | M] () -- C:\Zagatcard.jpg
[2012/04/03 14:49:06 | 000,059,372 | ---- | M] () -- C:\Apr4-reunion.jpg
[2012/04/03 14:40:02 | 000,047,633 | ---- | M] () -- C:\simonpp4.jpg
[2012/04/03 01:00:04 | 000,134,463 | ---- | M] () -- C:\Hakasan.jpg
[2012/04/02 17:35:51 | 000,125,018 | ---- | M] () -- C:\Apr4-politics.jpg
[2012/04/02 17:35:17 | 000,113,338 | ---- | M] () -- C:\Apr4-buffet.jpg
[2012/04/02 17:13:17 | 000,073,019 | ---- | M] () -- C:\apr2-realpranna.jpg
[2012/04/02 01:32:46 | 000,071,027 | ---- | M] () -- C:\Apr-adweek.jpg
[2012/04/01 19:30:13 | 000,042,493 | ---- | M] () -- C:\Apr26-gallery.jpg
[2012/04/01 18:19:16 | 000,080,715 | ---- | M] () -- C:\Apr4-Areunion.jpg
[2012/04/01 18:07:33 | 000,127,806 | ---- | M] () -- C:\2012Bway-prev.jpg
[2012/04/01 18:04:19 | 000,049,489 | ---- | M] () -- C:\Apr6-15-Autoshow.jpg
[2012/04/01 14:25:01 | 000,110,540 | ---- | M] () -- C:\Apr7-Hippop2.jpg
[2012/04/01 14:24:59 | 000,109,724 | ---- | M] () -- C:\Apr7-Hippop1.jpg
[2012/04/01 14:22:59 | 000,117,805 | ---- | M] () -- C:\Hippop2.jpg
[2012/04/01 14:20:24 | 000,123,914 | ---- | M] () -- C:\Apr4-brooklynbohem.jpg
[2012/04/01 14:11:45 | 000,093,824 | ---- | M] () -- C:\Apr14-Escapetravel.jpg
[2012/04/01 14:01:21 | 000,066,299 | ---- | M] () -- C:\Apr13-15-AVaudio.jpg
[2012/04/01 13:40:50 | 000,093,590 | ---- | M] () -- C:\Apr10-PizzaAC2.jpg
[2012/04/01 13:37:55 | 000,093,749 | ---- | M] () -- C:\Apr10-PizzaAC1.jpg
[2012/04/01 13:19:39 | 000,082,706 | ---- | M] () -- C:\Apr1-HermeexpoAC.jpg
[2012/03/31 02:26:51 | 000,023,265 | ---- | M] () -- C:\may11-2012-carbon.jpg
[2012/03/30 00:54:09 | 000,053,394 | ---- | M] () -- C:\mar30-Pinkolive.jpg
[2012/03/29 16:49:26 | 000,064,634 | ---- | M] () -- C:\mar29-coloroutside.jpg
[2012/03/29 16:39:39 | 000,036,968 | ---- | M] () -- C:\Apr5-johnlastcall.jpg
[2012/03/29 16:39:08 | 000,059,903 | ---- | M] () -- C:\mar5-johnlastcall.gif
[2012/03/29 14:57:34 | 000,050,508 | ---- | M] () -- C:\apr19-bootcamp.jpg
[2012/03/29 14:56:43 | 000,030,935 | ---- | M] () -- C:\Apr19-wedding.jpg
[2012/03/29 14:27:15 | 000,149,321 | ---- | M] () -- C:\mar29-carisa.jpg
[2012/03/29 14:06:59 | 000,076,871 | ---- | M] () -- C:\Apr5-lexus-.jpg
[2012/03/29 14:01:30 | 000,031,281 | ---- | M] () -- C:\Apr8-Sword.jpg
[2012/03/29 13:54:21 | 000,052,669 | ---- | M] () -- C:\Apr2-Fooddrink.jpg
[2012/03/29 13:29:33 | 000,034,802 | ---- | M] () -- C:\Mar31-Apr1.jpg
[2012/03/29 13:22:14 | 000,047,131 | ---- | M] () -- C:\Mar-Apr-Flyer.jpg
[2012/03/29 13:18:04 | 000,086,979 | ---- | M] () -- C:\mar29-BAM.jpg
[2012/03/29 12:43:54 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/29 12:27:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/29 01:05:43 | 000,244,701 | ---- | M] () -- C:\apr5-lexus.JPG
[2012/03/29 01:05:25 | 000,244,701 | ---- | M] () -- C:\Documents and Settings\Os\Desktop\apr5-lexus.JPG
[2012/03/29 01:04:24 | 000,388,344 | ---- | M] () -- C:\Documents and Settings\Os\Desktop\3909lexus.png
[2012/03/28 19:03:14 | 000,388,344 | ---- | M] () -- C:\Mar5-lexus.jpg
[2012/03/27 16:39:38 | 000,201,599 | ---- | M] () -- C:\mar29-peryotel.jpg
[2012/03/27 16:19:05 | 000,077,525 | ---- | M] () -- C:\mar27-ital.jpg
[2012/03/27 15:59:17 | 000,163,322 | ---- | M] () -- C:\Page1-.jpg
[2012/03/27 15:59:10 | 000,167,083 | ---- | M] () -- C:\Page2-.jpg
[2012/03/27 01:37:49 | 000,077,275 | ---- | M] () -- C:\Mar27-Calimedia.jpg
[2012/03/26 19:15:46 | 000,022,748 | ---- | M] () -- C:\Mar28-newbalance.jpg
[2012/03/25 23:57:26 | 000,049,631 | ---- | M] () -- C:\mar27-postal.jpg
[2012/03/25 23:37:12 | 000,077,680 | ---- | M] () -- C:\Mar28-NYMagwed.jpg
[2012/03/25 23:27:10 | 000,054,248 | ---- | M] () -- C:\Mar28-Jazzmixer.jpg
[2012/03/25 23:15:27 | 000,038,837 | ---- | M] () -- C:\beard-4.jpg
[2012/03/25 23:10:40 | 000,041,679 | ---- | M] () -- C:\beard-3.jpg
[2012/03/25 23:09:05 | 000,025,000 | ---- | M] () -- C:\beard-2.jpg
[2012/03/25 23:06:13 | 000,071,218 | ---- | M] () -- C:\Beard-1.jpg
[2012/03/23 23:18:26 | 000,117,150 | ---- | M] () -- C:\Mar29-31-opengall.jpg
[2012/03/22 12:58:38 | 000,121,605 | ---- | M] () -- C:\mar28-denim.jpg
[2012/03/22 12:52:49 | 000,052,421 | ---- | M] () -- C:\Mar22-zen.jpg
[2012/03/22 01:12:57 | 000,022,848 | ---- | M] () -- C:\o-fpot.jpg
[2012/03/22 00:53:23 | 000,057,073 | ---- | M] () -- C:\mar23-alibi.jpg
[2012/03/21 17:04:55 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/16 13:36:13 | 000,127,493 | ---- | C] () -- C:\apr21-22-green2.jpg
[2012/04/16 13:34:07 | 000,127,493 | ---- | C] () -- C:\apr21-22-greentwo.jpg
[2012/04/16 13:34:00 | 000,138,851 | ---- | C] () -- C:\apr21-22-green1.jpg
[2012/04/14 12:08:15 | 000,127,713 | ---- | C] () -- C:\Apr14-15-Kochcomic.jpg
[2012/04/14 12:05:27 | 000,131,961 | ---- | C] () -- C:\apr20-Resonance.jpg
[2012/04/14 11:45:18 | 000,092,303 | ---- | C] () -- C:\apr14-bar.jpg
[2012/04/13 10:42:19 | 000,092,793 | ---- | C] () -- C:\apr14-seams.jpg
[2012/04/12 18:45:42 | 000,073,793 | ---- | C] () -- C:\larrycard2.jpg
[2012/04/12 17:36:32 | 000,088,668 | ---- | C] () -- C:\Apr15-openh.jpg
[2012/04/12 17:36:06 | 000,130,445 | ---- | C] () -- C:\Apr15.png
[2012/04/12 17:32:28 | 000,105,997 | ---- | C] () -- C:\Apr14-chimp1.jpg
[2012/04/12 17:23:09 | 000,121,705 | ---- | C] () -- C:\Apr14-carshowNJ.jpg
[2012/04/11 10:32:25 | 000,072,501 | ---- | C] () -- C:\apr16-turk.jpg
[2012/04/10 22:26:54 | 000,077,000 | ---- | C] () -- C:\Apr11-sherrywines2.jpg
[2012/04/10 22:26:14 | 000,093,887 | ---- | C] () -- C:\Apr11-sherrywines.jpg
[2012/04/10 15:31:13 | 000,136,947 | ---- | C] () -- C:\Apr11-cabin.jpg
[2012/04/09 18:54:06 | 000,216,060 | ---- | C] () -- C:\Apr8-ronwoodgallery2.sJPG
[2012/04/09 18:53:56 | 000,300,643 | ---- | C] () -- C:\Apr8-ronwoodgallery.sJPG
[2012/04/08 18:21:01 | 000,112,255 | ---- | C] () -- C:\Apr12-Metamorph.jpg
[2012/04/08 18:09:58 | 000,036,117 | ---- | C] () -- C:\Apr14-ShirHash.jpg
[2012/04/08 18:09:16 | 000,036,117 | ---- | C] () -- C:\Shir-Hashirim.jpg
[2012/04/08 02:50:33 | 000,035,189 | ---- | C] () -- C:\Bsmith-coupon2011.jpg
[2012/04/07 18:17:33 | 000,272,021 | ---- | C] () -- C:\mar14-havana.jpg
[2012/04/07 13:49:52 | 000,085,541 | ---- | C] () -- C:\Apr13-Sohofest.jpg
[2012/04/06 19:30:19 | 000,161,310 | ---- | C] () -- C:\May8-storyville.jpg
[2012/04/06 19:21:39 | 000,070,938 | ---- | C] () -- C:\Apr12-Alessi.jpg
[2012/04/06 19:00:13 | 000,095,469 | ---- | C] () -- C:\Apr22-bronxhealth.jpg
[2012/04/06 18:59:28 | 000,033,568 | ---- | C] () -- C:\Apr17-cinnabon.jpg
[2012/04/06 18:48:34 | 000,086,715 | ---- | C] () -- C:\apr7-milk.jpg
[2012/04/06 00:06:54 | 000,042,151 | ---- | C] () -- C:\Guessprev.jpg
[2012/04/05 18:43:51 | 000,086,514 | ---- | C] () -- C:\apr12-carnival.jpg
[2012/04/05 18:03:32 | 000,058,127 | ---- | C] () -- C:\apr5-politics.jpg
[2012/04/05 18:00:08 | 000,187,471 | ---- | C] () -- C:\apr5-rica2.png
[2012/04/05 17:59:52 | 000,606,565 | ---- | C] () -- C:\apr5-rica.png
[2012/04/05 15:01:15 | 000,070,833 | ---- | C] () -- C:\Apr5-sluteverparty-westway.jpg
[2012/04/05 14:04:22 | 000,164,911 | ---- | C] () -- C:\apr14-chimpw.jpg
[2012/04/05 14:02:34 | 000,264,396 | ---- | C] () -- C:\apr14-chimp.jpg
[2012/04/05 13:55:41 | 000,096,211 | ---- | C] () -- C:\apr5-hennesy.jpg
[2012/04/05 13:30:21 | 000,192,333 | ---- | C] () -- C:\apr5-korean.jpg
[2012/04/05 11:00:11 | 000,056,964 | ---- | C] () -- C:\Apr7-Women.jpg
[2012/04/04 17:10:21 | 000,082,524 | ---- | C] () -- C:\Apr4-mlbfancave.jpg
[2012/04/04 10:24:54 | 000,116,432 | ---- | C] () -- C:\Zagatcard.jpg
[2012/04/03 14:45:55 | 000,059,372 | ---- | C] () -- C:\Apr4-reunion.jpg
[2012/04/03 14:40:01 | 000,047,633 | ---- | C] () -- C:\simonpp4.jpg
[2012/04/03 00:56:26 | 000,134,463 | ---- | C] () -- C:\Hakasan.jpg
[2012/04/02 17:35:50 | 000,125,018 | ---- | C] () -- C:\Apr4-politics.jpg
[2012/04/02 17:35:17 | 000,113,338 | ---- | C] () -- C:\Apr4-buffet.jpg
[2012/04/02 17:11:26 | 000,073,019 | ---- | C] () -- C:\apr2-realpranna.jpg
[2012/04/02 01:32:45 | 000,071,027 | ---- | C] () -- C:\Apr-adweek.jpg
[2012/04/01 19:30:11 | 000,042,493 | ---- | C] () -- C:\Apr26-gallery.jpg
[2012/04/01 18:19:10 | 000,080,715 | ---- | C] () -- C:\Apr4-Areunion.jpg
[2012/04/01 18:06:07 | 000,127,806 | ---- | C] () -- C:\2012Bway-prev.jpg
[2012/04/01 18:04:18 | 000,049,489 | ---- | C] () -- C:\Apr6-15-Autoshow.jpg
[2012/04/01 14:23:06 | 000,110,540 | ---- | C] () -- C:\Apr7-Hippop2.jpg
[2012/04/01 14:22:58 | 000,117,805 | ---- | C] () -- C:\Hippop2.jpg
[2012/04/01 14:22:34 | 000,109,724 | ---- | C] () -- C:\Apr7-Hippop1.jpg
[2012/04/01 14:18:43 | 000,123,914 | ---- | C] () -- C:\Apr4-brooklynbohem.jpg
[2012/04/01 14:11:44 | 000,093,824 | ---- | C] () -- C:\Apr14-Escapetravel.jpg
[2012/04/01 14:01:20 | 000,066,299 | ---- | C] () -- C:\Apr13-15-AVaudio.jpg
[2012/04/01 13:36:54 | 000,093,590 | ---- | C] () -- C:\Apr10-PizzaAC2.jpg
[2012/04/01 13:36:46 | 000,093,749 | ---- | C] () -- C:\Apr10-PizzaAC1.jpg
[2012/04/01 13:19:36 | 000,082,706 | ---- | C] () -- C:\Apr1-HermeexpoAC.jpg
[2012/03/31 02:26:49 | 000,023,265 | ---- | C] () -- C:\may11-2012-carbon.jpg
[2012/03/30 00:54:06 | 000,053,394 | ---- | C] () -- C:\mar30-Pinkolive.jpg
[2012/03/29 16:49:09 | 000,064,634 | ---- | C] () -- C:\mar29-coloroutside.jpg
[2012/03/29 16:39:39 | 000,036,968 | ---- | C] () -- C:\Apr5-johnlastcall.jpg
[2012/03/29 16:39:08 | 000,059,903 | ---- | C] () -- C:\mar5-johnlastcall.gif
[2012/03/29 14:57:31 | 000,050,508 | ---- | C] () -- C:\apr19-bootcamp.jpg
[2012/03/29 14:56:42 | 000,030,935 | ---- | C] () -- C:\Apr19-wedding.jpg
[2012/03/29 14:19:16 | 000,149,321 | ---- | C] () -- C:\mar29-carisa.jpg
[2012/03/29 14:06:58 | 000,076,871 | ---- | C] () -- C:\Apr5-lexus-.jpg
[2012/03/29 14:01:29 | 000,031,281 | ---- | C] () -- C:\Apr8-Sword.jpg
[2012/03/29 13:54:20 | 000,052,669 | ---- | C] () -- C:\Apr2-Fooddrink.jpg
[2012/03/29 13:29:31 | 000,034,802 | ---- | C] () -- C:\Mar31-Apr1.jpg
[2012/03/29 13:22:13 | 000,047,131 | ---- | C] () -- C:\Mar-Apr-Flyer.jpg
[2012/03/29 13:18:02 | 000,086,979 | ---- | C] () -- C:\mar29-BAM.jpg
[2012/03/29 12:43:54 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/29 01:05:43 | 000,244,701 | ---- | C] () -- C:\apr5-lexus.JPG
[2012/03/29 01:05:25 | 000,244,701 | ---- | C] () -- C:\Documents and Settings\Os\Desktop\apr5-lexus.JPG
[2012/03/29 01:04:24 | 000,388,344 | ---- | C] () -- C:\Documents and Settings\Os\Desktop\3909lexus.png
[2012/03/28 19:03:13 | 000,388,344 | ---- | C] () -- C:\Mar5-lexus.jpg
[2012/03/27 16:37:43 | 000,201,599 | ---- | C] () -- C:\mar29-peryotel.jpg
[2012/03/27 16:18:47 | 000,077,525 | ---- | C] () -- C:\mar27-ital.jpg
[2012/03/27 15:59:16 | 000,163,322 | ---- | C] () -- C:\Page1-.jpg
[2012/03/27 15:59:09 | 000,167,083 | ---- | C] () -- C:\Page2-.jpg
[2012/03/27 01:37:24 | 000,077,275 | ---- | C] () -- C:\Mar27-Calimedia.jpg
[2012/03/26 19:14:29 | 000,022,748 | ---- | C] () -- C:\Mar28-newbalance.jpg
[2012/03/25 23:56:00 | 000,049,631 | ---- | C] () -- C:\mar27-postal.jpg
[2012/03/25 23:37:10 | 000,077,680 | ---- | C] () -- C:\Mar28-NYMagwed.jpg
[2012/03/25 23:27:09 | 000,054,248 | ---- | C] () -- C:\Mar28-Jazzmixer.jpg
[2012/03/25 23:15:26 | 000,038,837 | ---- | C] () -- C:\beard-4.jpg
[2012/03/25 23:10:40 | 000,041,679 | ---- | C] () -- C:\beard-3.jpg
[2012/03/25 23:09:05 | 000,025,000 | ---- | C] () -- C:\beard-2.jpg
[2012/03/25 23:06:11 | 000,071,218 | ---- | C] () -- C:\Beard-1.jpg
[2012/03/23 23:18:25 | 000,117,150 | ---- | C] () -- C:\Mar29-31-opengall.jpg
[2012/03/22 12:57:39 | 000,121,605 | ---- | C] () -- C:\mar28-denim.jpg
[2012/03/22 12:52:49 | 000,052,421 | ---- | C] () -- C:\Mar22-zen.jpg
[2012/03/22 01:12:56 | 000,022,848 | ---- | C] () -- C:\o-fpot.jpg
[2012/03/22 00:52:52 | 000,057,073 | ---- | C] () -- C:\mar23-alibi.jpg
[2012/03/03 00:52:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/04 13:38:22 | 000,000,023 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012/02/03 22:18:42 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2012/01/03 17:18:39 | 000,000,370 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/12/23 22:07:27 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/12/07 11:57:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/15 22:42:20 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/07/15 22:42:20 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat

========== LOP Check ==========

[2008/05/30 19:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/01/17 17:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/03/22 16:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/01/31 19:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2009/12/29 18:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeRecovery
[2011/05/24 14:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/10/15 13:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}
[2008/09/05 10:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\aAvgApi
[2008/10/04 15:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\Acoustica
[2009/12/29 18:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/05 01:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\mjusbsp
[2010/12/28 15:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\ntr
[2009/12/29 18:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\OfficeRecovery
[2010/09/28 16:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\OpenOffice.org
[2011/05/12 15:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\OrgPlus9
[2009/07/13 13:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\Scalabium
[2012/04/19 16:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\TeamViewer
[2012/01/31 03:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2012/01/31 09:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2012/01/31 15:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2012/01/30 21:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2012/01/30 03:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/01/31 20:55:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0BB28F5F-6E80-458F-8B51-086F0450C44C}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2010/01/08 03:06:07 | 091,338,304 | ---- | M] (Lavasoft ) -- C:\Ad-AwareInstallation.exe
[2009/04/20 13:46:52 | 063,752,952 | ---- | M] (AVG Technologies) -- C:\avg_free_stf_en_85_287a1483.exe
[2008/10/15 04:37:55 | 003,514,567 | ---- | M] (Goldzsoft Inc. ) -- C:\avijoiner.exe
[2009/05/06 15:50:34 | 001,277,680 | ---- | M] () -- C:\couponprinter.exe
[2009/04/08 13:48:51 | 005,977,684 | ---- | M] (DVDVideoSoft Limited. ) -- C:\freeyoutubedownload.exe
[2010/01/08 20:29:27 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2011/01/18 12:32:12 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.1.1100.exe
[2010/01/08 20:52:06 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/10/10 12:52:28 | 000,615,144 | ---- | M] (June Fabrics Technology Inc. ) -- C:\PdaNetW20.exe
[2003/07/04 09:20:00 | 000,229,376 | ---- | M] () -- C:\ReferenceFinder 3.1.exe
[2008/10/08 20:11:00 | 007,647,053 | ---- | M] (EffectMatrix Inc. ) -- C:\tvcnew.exe
[2009/08/31 15:54:29 | 018,015,723 | ---- | M] () -- C:\vlc-1.0.1-win32.exe
[2009/03/24 16:09:15 | 015,484,083 | ---- | M] (NETGEAR ) -- C:\wg311v3_3_1_setup.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: D9BH4YF1
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 C NTFS Partition 149 GB Healthy System

< >

========== Files - Unicode (All) ==========
[2009/12/29 05:05:05 | 000,160,211 | ---- | M] ()(C:\Tu?nPh?m-Saberlord-2008-2009.jpg) -- C:\TuấnPhạm-Saberlord-2008-2009.jpg
[2009/12/29 05:05:01 | 000,160,211 | ---- | C] ()(C:\Tu?nPh?m-Saberlord-2008-2009.jpg) -- C:\TuấnPhạm-Saberlord-2008-2009.jpg

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB32285$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

___________

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-19 18:22:40
-----------------------------
18:22:40.858 OS Version: Windows 5.1.2600 Service Pack 3
18:22:40.858 Number of processors: 2 586 0xF0D
18:22:40.858 ComputerName: D9BH4YF1 UserName: Os
18:22:41.811 Initialize success
18:24:03.967 AVAST engine defs: 12041901
18:24:31.670 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:24:31.670 Disk 0 Vendor: Intel___ 1.0. Size: 152585MB BusType: 8
18:24:31.686 Disk 0 MBR read successfully
18:24:31.686 Disk 0 MBR scan
18:24:31.733 Disk 0 Windows XP default MBR code
18:24:31.733 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
18:24:31.764 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152531 MB offset 96390
18:24:31.764 Disk 0 scanning sectors +312480315
18:24:31.858 Disk 0 scanning C:\WINDOWS\system32\drivers
18:24:45.108 Service scanning
18:24:52.873 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
18:24:52.920 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
18:24:53.389 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
18:24:53.451 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
18:25:03.264 Modules scanning
18:25:11.451 Disk 0 trace - called modules:
18:25:11.467
18:25:12.201 AVAST engine scan C:\WINDOWS
18:25:28.623 AVAST engine scan C:\WINDOWS\system32
18:27:39.404 AVAST engine scan C:\WINDOWS\system32\drivers
18:27:57.764 AVAST engine scan C:\Documents and Settings\Os
18:29:04.014 File: C:\Documents and Settings\Os\Application Data\Sun\Java\Deployment\cache\6.0\2\8a4cec2-66aced2c **INFECTED** Win32:Karagany-EW [Trj]
18:30:37.904 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Os\Desktop\MBR.dat"
18:30:37.904 The log file has been saved successfully to "C:\Documents and Settings\Os\Desktop\aswMBR.txt"
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
I still need Attach.txt part of DDS, MBAM and GMER logs
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back