TechSpot

[A] Win32:Karagany-EW trojan please help ASAP (Firefox crashed)

Inactive
By flakeup
Apr 19, 2012
Topic Status:
Not open for further replies.
  1. 18:29:04.014 File: C:\Documents and Settings\Os\Application Data\Sun\Java\Deployment\cache\6.0\2\8a4cec2-66aced2c **INFECTED** Win32:Karagany-EW [Trj]

    hijack/DDS, OTL and Asw logs below.....

    Microsoft confirmed I have the virus when they check command prompt, csrss.exe (which sends email PWs or unecessary ones and downloadhelp.exe. It already shut down security tasks, and kaspersky didn't catch it, maybe cause malware bytes was installed too?

    Please help with the removal! He said if I reboot I may get the blue screen which can make it worse. What should I do??



    LOG:

    DDS FILE:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
    Run by Os at 17:10:28 on 2012-04-19
    MicrosoftWindowsXP Home Edition 5.1.2600.3.1252.1.1033.18.2037.378 [GMT -4:00]
    .
    AV: Kaspersky InternetSecurity *Enabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Os\LOCALS~1\Temp\TeamViewer\Version7\TeamViewer.exe
    C:\DOCUME~1\Os\LOCALS~1\Temp\TeamViewer\Version7\tv_w32.exe
    C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar =
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
    BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_Plugin.exe -update plugin
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe"
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    StartupFolder: c:\docume~1\os\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: mswsock.dll
    DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} - hxxps://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262676841203
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262676836453
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{37F52497-B5D4-4FFF-8FA0-43DE8A52246C} : DhcpNameServer = 192.168.0.1
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Notify: igfxcui - igfxdev.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\os\application data\mozilla\firefox\profiles\3qc9ow07.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol308.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== File Associations ===============
    .
    .txt=Word Reader-TXT
    .
    =============== Created Last 30 ================
    .
    2012-04-19 20:10:05 -------- d-----w- c:\documents and settings\os\application data\TeamViewer
    2012-04-03 0548 -------- d-----w- C:\HakkasanApr2
    2012-03-30 21:20:14 -------- d-----w- C:\kaspseria
    2012-03-29 16:42:22 -------- d-----w- c:\program files\iPod
    2012-03-29 16:42:16 -------- d-----w- c:\program files\iTunes
    2012-03-29 16:22:10 -------- d-----w- C:\simon
    2012-03-22 20:50:49 -------- d-----w- c:\program files\HitmanPro
    2012-03-22 20:44:36 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
    .
    ==================== Find3M ====================
    .
    2012-03-03 05:20:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-02-01 00:47:24 709968 ----a-w- c:\windows\isRS-000.tmp
    2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll
    .
    ============= FINISH: 17:15:28.49 ===============


    [HJT log removed by Broni]

    OTL logfile created on: 4/19/2012 6:04:32 PM - Run 1
    OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Os\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.33 Gb Available Physical Memory | 16.34% Memory free
    3.83 Gb Paging File | 1.64 Gb Available in Paging File | 42.84% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.96 Gb Total Space | 68.73 Gb Free Space | 46.14% Space Free | Partition Type: NTFS

    Computer Name: D9BH4YF1 | User Name: Os | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/19 17:59:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Os\Desktop\OTL.exe
    PRC - [2012/03/18 14:57:29 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2012/02/15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2009/12/10 12:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
    PRC - [2009/11/27 13:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    PRC - [2009/02/20 14:23:26 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
    PRC - [2008/10/20 00:54:44 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/18 14:57:28 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2012/01/31 19:55:56 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/06/19 17:22:42 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
    MOD - [2010/04/12 18:46:46 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2009/12/10 12:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
    MOD - [2009/11/27 13:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    MOD - [2009/11/20 15:22:28 | 000,212,992 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
    MOD - [2009/08/28 17:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
    MOD - [2009/02/27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
    MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2008/04/14 08:00:00 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
    MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 20:11:59 | 000,376,832 | ---- | M] () -- C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
    SRV - [2009/11/27 13:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
    SRV - [2009/11/05 17:08:36 | 000,360,529 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
    SRV - [2009/02/20 14:23:26 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
    SRV - [2009/01/07 19:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
    SRV - [2007/07/26 19:03:46 | 000,358,936 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
    SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2007/06/20 14:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
    SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\PROCEXP151.SYS -- (PROCEXP151)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Os\LOCALS~1\Temp\mbr.sys -- (mbr)
    DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Os\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
    DRV - [2011/07/15 22:40:16 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
    DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
    DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
    DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
    DRV - [2009/11/25 13:21:00 | 001,710,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
    DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
    DRV - [2009/01/30 18:13:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
    DRV - [2008/09/25 19:07:00 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
    DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2007/07/25 21:55:36 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
    DRV - [2006/11/29 01:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
    DRV - [2006/03/17 19:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
    DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32)
  2. flakeup

    flakeup Newcomer, in training Topic Starter

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080325
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080325
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
    IE - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
    IE - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
    FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.01
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
    FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9.3
    FF - prefs.js..extensions.enabledItems: {84417002-6445-49b4-9fd7-1ef48240fa41}:1.0.6
    FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
    FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/07/15 22:55:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2011/07/15 22:55:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 14:57:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/12 18:21:44 | 000,000,000 | ---D | M]

    [2008/08/28 15:30:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Os\Application Data\Mozilla\Extensions
    [2012/03/29 16:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Os\Application Data\Mozilla\Firefox\Profiles\3qc9ow07.default\extensions
    [2009/08/02 01:49:13 | 000,000,000 | ---D | M] (Tab History) -- C:\Documents and Settings\Os\Application Data\Mozilla\Firefox\Profiles\3qc9ow07.default\extensions\{84417002-6445-49b4-9fd7-1ef48240fa41}
    [2012/03/29 16:53:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Os\Application Data\Mozilla\Firefox\Profiles\3qc9ow07.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/03/03 02:26:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Os\Application Data\Mozilla\Firefox\Profiles\3qc9ow07.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2011/01/11 01:35:54 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Os\Application Data\Mozilla\Firefox\Profiles\3qc9ow07.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
    [2010/01/17 17:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Os\Application Data\Mozilla\Firefox\Profiles\3qc9ow07.default\extensions\fsonlinescanner@f-secure.com
    [2009/07/04 00:03:55 | 000,000,000 | ---D | M] (Tab buttons) -- C:\Documents and Settings\Os\Application Data\Mozilla\Firefox\Profiles\3qc9ow07.default\extensions\tabbuttons.ff@octopod.org
    [2012/02/18 18:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/07/15 22:42:32 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
    [2012/03/18 14:57:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2009/08/31 15:55:51 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol308.dll
    [2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/18 18:14:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/18 18:14:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========


    O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe" File not found
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-200287221-3165070041-3785318082-1006..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
    O4 - Startup: C:\Documents and Settings\Os\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-200287221-3165070041-3785318082-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\mswsock.dll File not found
    O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} https://install.home...ive/HS_live.cab (HS_live Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1262676841203 (WUWebControl Class)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1262676836453 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37F52497-B5D4-4FFF-8FA0-43DE8A52246C}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\kloehk.dll (Kaspersky Lab ZAO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (猀瀀爀攀猀琀爀琀)
    O34 - HKLM BootExecute: (猀瀀爀攀猀琀爀琀)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O36 - AppCertDlls: net1nsta - (C:\WINDOWS\system32\cmdlreg.dll) - File not found
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/19 17:59:18 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Os\Desktop\OTL.exe
    [2012/04/19 17:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Os\Start Menu\Programs\HiJackThis
    [2012/04/19 17:09:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Os\Desktop\dds.scr
    [2012/04/19 17:08:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Os\Start Menu\Programs\Administrative Tools
    [2012/04/19 16:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Os\Application Data\TeamViewer
    [2012/04/03 01:06:48 | 000,000,000 | ---D | C] -- C:\HakkasanApr2
    [2012/03/30 17:20:14 | 000,000,000 | ---D | C] -- C:\kaspseria
    [2012/03/29 12:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2012/03/29 12:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/03/29 12:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/03/29 12:22:10 | 000,000,000 | ---D | C] -- C:\simon
    [2012/03/22 16:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
    [2012/03/22 16:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/19 17:59:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Os\Desktop\OTL.exe
    [2012/04/19 17:27:51 | 000,001,978 | ---- | M] () -- C:\Documents and Settings\Os\Desktop\HiJackThis.lnk
    [2012/04/19 17:06:47 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Os\Desktop\dds.scr
    [2012/04/19 16:27:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/04/16 13:36:14 | 000,127,493 | ---- | M] () -- C:\apr21-22-green2.jpg
    [2012/04/16 13:35:33 | 000,127,493 | ---- | M] () -- C:\apr21-22-greentwo.jpg
    [2012/04/16 13:34:01 | 000,138,851 | ---- | M] () -- C:\apr21-22-green1.jpg
    [2012/04/14 12:08:16 | 000,127,713 | ---- | M] () -- C:\Apr14-15-Kochcomic.jpg
    [2012/04/14 12:05:28 | 000,131,961 | ---- | M] () -- C:\apr20-Resonance.jpg
    [2012/04/14 11:45:22 | 000,092,303 | ---- | M] () -- C:\apr14-bar.jpg
    [2012/04/13 10:42:20 | 000,092,793 | ---- | M] () -- C:\apr14-seams.jpg
    [2012/04/12 18:45:43 | 000,073,793 | ---- | M] () -- C:\larrycard2.jpg
    [2012/04/12 17:36:33 | 000,088,668 | ---- | M] () -- C:\Apr15-openh.jpg
    [2012/04/12 17:36:06 | 000,130,445 | ---- | M] () -- C:\Apr15.png
    [2012/04/12 17:32:29 | 000,105,997 | ---- | M] () -- C:\Apr14-chimp1.jpg
    [2012/04/12 17:23:11 | 000,121,705 | ---- | M] () -- C:\Apr14-carshowNJ.jpg
    [2012/04/11 10:32:25 | 000,072,501 | ---- | M] () -- C:\apr16-turk.jpg
    [2012/04/10 22:30:17 | 000,093,887 | ---- | M] () -- C:\Apr11-sherrywines.jpg
    [2012/04/10 22:30:07 | 000,077,000 | ---- | M] () -- C:\Apr11-sherrywines2.jpg
    [2012/04/10 15:51:38 | 001,409,473 | ---- | M] () -- C:\Documents and Settings\Os\Desktop\Origamizer043.zip
    [2012/04/10 15:31:14 | 000,136,947 | ---- | M] () -- C:\Apr11-cabin.jpg
    [2012/04/09 18:54:06 | 000,216,060 | ---- | M] () -- C:\Apr8-ronwoodgallery2.sJPG
    [2012/04/09 18:53:56 | 000,300,643 | ---- | M] () -- C:\Apr8-ronwoodgallery.sJPG
    [2012/04/08 18:21:02 | 000,112,255 | ---- | M] () -- C:\Apr12-Metamorph.jpg
    [2012/04/08 18:09:59 | 000,036,117 | ---- | M] () -- C:\Apr14-ShirHash.jpg
    [2012/04/08 18:09:41 | 000,036,117 | ---- | M] () -- C:\Shir-Hashirim.jpg
    [2012/04/08 02:50:34 | 000,035,189 | ---- | M] () -- C:\Bsmith-coupon2011.jpg
    [2012/04/07 18:17:33 | 000,272,021 | ---- | M] () -- C:\mar14-havana.jpg
    [2012/04/07 13:49:53 | 000,085,541 | ---- | M] () -- C:\Apr13-Sohofest.jpg
    [2012/04/06 19:30:20 | 000,161,310 | ---- | M] () -- C:\May8-storyville.jpg
    [2012/04/06 19:28:31 | 000,070,938 | ---- | M] () -- C:\Apr12-Alessi.jpg
    [2012/04/06 19:02:14 | 000,095,469 | ---- | M] () -- C:\Apr22-bronxhealth.jpg
    [2012/04/06 18:59:28 | 000,033,568 | ---- | M] () -- C:\Apr17-cinnabon.jpg
    [2012/04/06 18:49:26 | 000,086,715 | ---- | M] () -- C:\apr7-milk.jpg
    [2012/04/06 00:06:55 | 000,042,151 | ---- | M] () -- C:\Guessprev.jpg
    [2012/04/05 18:43:52 | 000,086,514 | ---- | M] () -- C:\apr12-carnival.jpg
    [2012/04/05 18:03:32 | 000,058,127 | ---- | M] () -- C:\apr5-politics.jpg
    [2012/04/05 18:00:08 | 000,187,471 | ---- | M] () -- C:\apr5-rica2.png
    [2012/04/05 17:59:52 | 000,606,565 | ---- | M] () -- C:\apr5-rica.png
    [2012/04/05 15:01:15 | 000,070,833 | ---- | M] () -- C:\Apr5-sluteverparty-westway.jpg
    [2012/04/05 14:05:34 | 000,164,911 | ---- | M] () -- C:\apr14-chimpw.jpg
    [2012/04/05 14:02:34 | 000,264,396 | ---- | M] () -- C:\apr14-chimp.jpg
    [2012/04/05 13:57:22 | 000,096,211 | ---- | M] () -- C:\apr5-hennesy.jpg
    [2012/04/05 13:30:22 | 000,192,333 | ---- | M] () -- C:\apr5-korean.jpg
    [2012/04/05 11:00:12 | 000,056,964 | ---- | M] () -- C:\Apr7-Women.jpg
    [2012/04/04 17:10:21 | 000,082,524 | ---- | M] () -- C:\Apr4-mlbfancave.jpg
    [2012/04/04 10:24:57 | 000,116,432 | ---- | M] () -- C:\Zagatcard.jpg
    [2012/04/03 14:49:06 | 000,059,372 | ---- | M] () -- C:\Apr4-reunion.jpg
    [2012/04/03 14:40:02 | 000,047,633 | ---- | M] () -- C:\simonpp4.jpg
    [2012/04/03 01:00:04 | 000,134,463 | ---- | M] () -- C:\Hakasan.jpg
    [2012/04/02 17:35:51 | 000,125,018 | ---- | M] () -- C:\Apr4-politics.jpg
    [2012/04/02 17:35:17 | 000,113,338 | ---- | M] () -- C:\Apr4-buffet.jpg
    [2012/04/02 17:13:17 | 000,073,019 | ---- | M] () -- C:\apr2-realpranna.jpg
    [2012/04/02 01:32:46 | 000,071,027 | ---- | M] () -- C:\Apr-adweek.jpg
    [2012/04/01 19:30:13 | 000,042,493 | ---- | M] () -- C:\Apr26-gallery.jpg
    [2012/04/01 18:19:16 | 000,080,715 | ---- | M] () -- C:\Apr4-Areunion.jpg
    [2012/04/01 18:07:33 | 000,127,806 | ---- | M] () -- C:\2012Bway-prev.jpg
    [2012/04/01 18:04:19 | 000,049,489 | ---- | M] () -- C:\Apr6-15-Autoshow.jpg
    [2012/04/01 14:25:01 | 000,110,540 | ---- | M] () -- C:\Apr7-Hippop2.jpg
    [2012/04/01 14:24:59 | 000,109,724 | ---- | M] () -- C:\Apr7-Hippop1.jpg
    [2012/04/01 14:22:59 | 000,117,805 | ---- | M] () -- C:\Hippop2.jpg
    [2012/04/01 14:20:24 | 000,123,914 | ---- | M] () -- C:\Apr4-brooklynbohem.jpg
    [2012/04/01 14:11:45 | 000,093,824 | ---- | M] () -- C:\Apr14-Escapetravel.jpg
    [2012/04/01 14:01:21 | 000,066,299 | ---- | M] () -- C:\Apr13-15-AVaudio.jpg
    [2012/04/01 13:40:50 | 000,093,590 | ---- | M] () -- C:\Apr10-PizzaAC2.jpg
    [2012/04/01 13:37:55 | 000,093,749 | ---- | M] () -- C:\Apr10-PizzaAC1.jpg
    [2012/04/01 13:19:39 | 000,082,706 | ---- | M] () -- C:\Apr1-HermeexpoAC.jpg
    [2012/03/31 02:26:51 | 000,023,265 | ---- | M] () -- C:\may11-2012-carbon.jpg
    [2012/03/30 00:54:09 | 000,053,394 | ---- | M] () -- C:\mar30-Pinkolive.jpg
    [2012/03/29 16:49:26 | 000,064,634 | ---- | M] () -- C:\mar29-coloroutside.jpg
    [2012/03/29 16:39:39 | 000,036,968 | ---- | M] () -- C:\Apr5-johnlastcall.jpg
    [2012/03/29 16:39:08 | 000,059,903 | ---- | M] () -- C:\mar5-johnlastcall.gif
    [2012/03/29 14:57:34 | 000,050,508 | ---- | M] () -- C:\apr19-bootcamp.jpg
    [2012/03/29 14:56:43 | 000,030,935 | ---- | M] () -- C:\Apr19-wedding.jpg
    [2012/03/29 14:27:15 | 000,149,321 | ---- | M] () -- C:\mar29-carisa.jpg
    [2012/03/29 14:06:59 | 000,076,871 | ---- | M] () -- C:\Apr5-lexus-.jpg
    [2012/03/29 14:01:30 | 000,031,281 | ---- | M] () -- C:\Apr8-Sword.jpg
    [2012/03/29 13:54:21 | 000,052,669 | ---- | M] () -- C:\Apr2-Fooddrink.jpg
    [2012/03/29 13:29:33 | 000,034,802 | ---- | M] () -- C:\Mar31-Apr1.jpg
    [2012/03/29 13:22:14 | 000,047,131 | ---- | M] () -- C:\Mar-Apr-Flyer.jpg
    [2012/03/29 13:18:04 | 000,086,979 | ---- | M] () -- C:\mar29-BAM.jpg
    [2012/03/29 12:43:54 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2012/03/29 12:27:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/03/29 01:05:43 | 000,244,701 | ---- | M] () -- C:\apr5-lexus.JPG
    [2012/03/29 01:05:25 | 000,244,701 | ---- | M] () -- C:\Documents and Settings\Os\Desktop\apr5-lexus.JPG
    [2012/03/29 01:04:24 | 000,388,344 | ---- | M] () -- C:\Documents and Settings\Os\Desktop\3909lexus.png
    [2012/03/28 19:03:14 | 000,388,344 | ---- | M] () -- C:\Mar5-lexus.jpg
    [2012/03/27 16:39:38 | 000,201,599 | ---- | M] () -- C:\mar29-peryotel.jpg
    [2012/03/27 16:19:05 | 000,077,525 | ---- | M] () -- C:\mar27-ital.jpg
    [2012/03/27 15:59:17 | 000,163,322 | ---- | M] () -- C:\Page1-.jpg
    [2012/03/27 15:59:10 | 000,167,083 | ---- | M] () -- C:\Page2-.jpg
    [2012/03/27 01:37:49 | 000,077,275 | ---- | M] () -- C:\Mar27-Calimedia.jpg
    [2012/03/26 19:15:46 | 000,022,748 | ---- | M] () -- C:\Mar28-newbalance.jpg
    [2012/03/25 23:57:26 | 000,049,631 | ---- | M] () -- C:\mar27-postal.jpg
    [2012/03/25 23:37:12 | 000,077,680 | ---- | M] () -- C:\Mar28-NYMagwed.jpg
    [2012/03/25 23:27:10 | 000,054,248 | ---- | M] () -- C:\Mar28-Jazzmixer.jpg
    [2012/03/25 23:15:27 | 000,038,837 | ---- | M] () -- C:\beard-4.jpg
    [2012/03/25 23:10:40 | 000,041,679 | ---- | M] () -- C:\beard-3.jpg
    [2012/03/25 23:09:05 | 000,025,000 | ---- | M] () -- C:\beard-2.jpg
    [2012/03/25 23:06:13 | 000,071,218 | ---- | M] () -- C:\Beard-1.jpg
    [2012/03/23 23:18:26 | 000,117,150 | ---- | M] () -- C:\Mar29-31-opengall.jpg
    [2012/03/22 12:58:38 | 000,121,605 | ---- | M] () -- C:\mar28-denim.jpg
    [2012/03/22 12:52:49 | 000,052,421 | ---- | M] () -- C:\Mar22-zen.jpg
    [2012/03/22 01:12:57 | 000,022,848 | ---- | M] () -- C:\o-fpot.jpg
    [2012/03/22 00:53:23 | 000,057,073 | ---- | M] () -- C:\mar23-alibi.jpg
    [2012/03/21 17:04:55 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/04/16 13:36:13 | 000,127,493 | ---- | C] () -- C:\apr21-22-green2.jpg
    [2012/04/16 13:34:07 | 000,127,493 | ---- | C] () -- C:\apr21-22-greentwo.jpg
    [2012/04/16 13:34:00 | 000,138,851 | ---- | C] () -- C:\apr21-22-green1.jpg
    [2012/04/14 12:08:15 | 000,127,713 | ---- | C] () -- C:\Apr14-15-Kochcomic.jpg
    [2012/04/14 12:05:27 | 000,131,961 | ---- | C] () -- C:\apr20-Resonance.jpg
    [2012/04/14 11:45:18 | 000,092,303 | ---- | C] () -- C:\apr14-bar.jpg
    [2012/04/13 10:42:19 | 000,092,793 | ---- | C] () -- C:\apr14-seams.jpg
    [2012/04/12 18:45:42 | 000,073,793 | ---- | C] () -- C:\larrycard2.jpg
    [2012/04/12 17:36:32 | 000,088,668 | ---- | C] () -- C:\Apr15-openh.jpg
    [2012/04/12 17:36:06 | 000,130,445 | ---- | C] () -- C:\Apr15.png
    [2012/04/12 17:32:28 | 000,105,997 | ---- | C] () -- C:\Apr14-chimp1.jpg
    [2012/04/12 17:23:09 | 000,121,705 | ---- | C] () -- C:\Apr14-carshowNJ.jpg
    [2012/04/11 10:32:25 | 000,072,501 | ---- | C] () -- C:\apr16-turk.jpg
    [2012/04/10 22:26:54 | 000,077,000 | ---- | C] () -- C:\Apr11-sherrywines2.jpg
    [2012/04/10 22:26:14 | 000,093,887 | ---- | C] () -- C:\Apr11-sherrywines.jpg
    [2012/04/10 15:31:13 | 000,136,947 | ---- | C] () -- C:\Apr11-cabin.jpg
    [2012/04/09 18:54:06 | 000,216,060 | ---- | C] () -- C:\Apr8-ronwoodgallery2.sJPG
    [2012/04/09 18:53:56 | 000,300,643 | ---- | C] () -- C:\Apr8-ronwoodgallery.sJPG
    [2012/04/08 18:21:01 | 000,112,255 | ---- | C] () -- C:\Apr12-Metamorph.jpg
    [2012/04/08 18:09:58 | 000,036,117 | ---- | C] () -- C:\Apr14-ShirHash.jpg
    [2012/04/08 18:09:16 | 000,036,117 | ---- | C] () -- C:\Shir-Hashirim.jpg
    [2012/04/08 02:50:33 | 000,035,189 | ---- | C] () -- C:\Bsmith-coupon2011.jpg
    [2012/04/07 18:17:33 | 000,272,021 | ---- | C] () -- C:\mar14-havana.jpg
    [2012/04/07 13:49:52 | 000,085,541 | ---- | C] () -- C:\Apr13-Sohofest.jpg
    [2012/04/06 19:30:19 | 000,161,310 | ---- | C] () -- C:\May8-storyville.jpg
    [2012/04/06 19:21:39 | 000,070,938 | ---- | C] () -- C:\Apr12-Alessi.jpg
    [2012/04/06 19:00:13 | 000,095,469 | ---- | C] () -- C:\Apr22-bronxhealth.jpg
    [2012/04/06 18:59:28 | 000,033,568 | ---- | C] () -- C:\Apr17-cinnabon.jpg
    [2012/04/06 18:48:34 | 000,086,715 | ---- | C] () -- C:\apr7-milk.jpg
    [2012/04/06 00:06:54 | 000,042,151 | ---- | C] () -- C:\Guessprev.jpg
    [2012/04/05 18:43:51 | 000,086,514 | ---- | C] () -- C:\apr12-carnival.jpg
    [2012/04/05 18:03:32 | 000,058,127 | ---- | C] () -- C:\apr5-politics.jpg
    [2012/04/05 18:00:08 | 000,187,471 | ---- | C] () -- C:\apr5-rica2.png
    [2012/04/05 17:59:52 | 000,606,565 | ---- | C] () -- C:\apr5-rica.png
    [2012/04/05 15:01:15 | 000,070,833 | ---- | C] () -- C:\Apr5-sluteverparty-westway.jpg
    [2012/04/05 14:04:22 | 000,164,911 | ---- | C] () -- C:\apr14-chimpw.jpg
    [2012/04/05 14:02:34 | 000,264,396 | ---- | C] () -- C:\apr14-chimp.jpg
    [2012/04/05 13:55:41 | 000,096,211 | ---- | C] () -- C:\apr5-hennesy.jpg
    [2012/04/05 13:30:21 | 000,192,333 | ---- | C] () -- C:\apr5-korean.jpg
    [2012/04/05 11:00:11 | 000,056,964 | ---- | C] () -- C:\Apr7-Women.jpg
    [2012/04/04 17:10:21 | 000,082,524 | ---- | C] () -- C:\Apr4-mlbfancave.jpg
    [2012/04/04 10:24:54 | 000,116,432 | ---- | C] () -- C:\Zagatcard.jpg
    [2012/04/03 14:45:55 | 000,059,372 | ---- | C] () -- C:\Apr4-reunion.jpg
    [2012/04/03 14:40:01 | 000,047,633 | ---- | C] () -- C:\simonpp4.jpg
    [2012/04/03 00:56:26 | 000,134,463 | ---- | C] () -- C:\Hakasan.jpg
    [2012/04/02 17:35:50 | 000,125,018 | ---- | C] () -- C:\Apr4-politics.jpg
    [2012/04/02 17:35:17 | 000,113,338 | ---- | C] () -- C:\Apr4-buffet.jpg
    [2012/04/02 17:11:26 | 000,073,019 | ---- | C] () -- C:\apr2-realpranna.jpg
    [2012/04/02 01:32:45 | 000,071,027 | ---- | C] () -- C:\Apr-adweek.jpg
    [2012/04/01 19:30:11 | 000,042,493 | ---- | C] () -- C:\Apr26-gallery.jpg
    [2012/04/01 18:19:10 | 000,080,715 | ---- | C] () -- C:\Apr4-Areunion.jpg
    [2012/04/01 18:06:07 | 000,127,806 | ---- | C] () -- C:\2012Bway-prev.jpg
    [2012/04/01 18:04:18 | 000,049,489 | ---- | C] () -- C:\Apr6-15-Autoshow.jpg
    [2012/04/01 14:23:06 | 000,110,540 | ---- | C] () -- C:\Apr7-Hippop2.jpg
    [2012/04/01 14:22:58 | 000,117,805 | ---- | C] () -- C:\Hippop2.jpg
    [2012/04/01 14:22:34 | 000,109,724 | ---- | C] () -- C:\Apr7-Hippop1.jpg
    [2012/04/01 14:18:43 | 000,123,914 | ---- | C] () -- C:\Apr4-brooklynbohem.jpg
    [2012/04/01 14:11:44 | 000,093,824 | ---- | C] () -- C:\Apr14-Escapetravel.jpg
    [2012/04/01 14:01:20 | 000,066,299 | ---- | C] () -- C:\Apr13-15-AVaudio.jpg
    [2012/04/01 13:36:54 | 000,093,590 | ---- | C] () -- C:\Apr10-PizzaAC2.jpg
    [2012/04/01 13:36:46 | 000,093,749 | ---- | C] () -- C:\Apr10-PizzaAC1.jpg
    [2012/04/01 13:19:36 | 000,082,706 | ---- | C] () -- C:\Apr1-HermeexpoAC.jpg
    [2012/03/31 02:26:49 | 000,023,265 | ---- | C] () -- C:\may11-2012-carbon.jpg
    [2012/03/30 00:54:06 | 000,053,394 | ---- | C] () -- C:\mar30-Pinkolive.jpg
    [2012/03/29 16:49:09 | 000,064,634 | ---- | C] () -- C:\mar29-coloroutside.jpg
    [2012/03/29 16:39:39 | 000,036,968 | ---- | C] () -- C:\Apr5-johnlastcall.jpg
    [2012/03/29 16:39:08 | 000,059,903 | ---- | C] () -- C:\mar5-johnlastcall.gif
    [2012/03/29 14:57:31 | 000,050,508 | ---- | C] () -- C:\apr19-bootcamp.jpg
    [2012/03/29 14:56:42 | 000,030,935 | ---- | C] () -- C:\Apr19-wedding.jpg
    [2012/03/29 14:19:16 | 000,149,321 | ---- | C] () -- C:\mar29-carisa.jpg
    [2012/03/29 14:06:58 | 000,076,871 | ---- | C] () -- C:\Apr5-lexus-.jpg
    [2012/03/29 14:01:29 | 000,031,281 | ---- | C] () -- C:\Apr8-Sword.jpg
    [2012/03/29 13:54:20 | 000,052,669 | ---- | C] () -- C:\Apr2-Fooddrink.jpg
    [2012/03/29 13:29:31 | 000,034,802 | ---- | C] () -- C:\Mar31-Apr1.jpg
    [2012/03/29 13:22:13 | 000,047,131 | ---- | C] () -- C:\Mar-Apr-Flyer.jpg
    [2012/03/29 13:18:02 | 000,086,979 | ---- | C] () -- C:\mar29-BAM.jpg
    [2012/03/29 12:43:54 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2012/03/29 01:05:43 | 000,244,701 | ---- | C] () -- C:\apr5-lexus.JPG
    [2012/03/29 01:05:25 | 000,244,701 | ---- | C] () -- C:\Documents and Settings\Os\Desktop\apr5-lexus.JPG
    [2012/03/29 01:04:24 | 000,388,344 | ---- | C] () -- C:\Documents and Settings\Os\Desktop\3909lexus.png
    [2012/03/28 19:03:13 | 000,388,344 | ---- | C] () -- C:\Mar5-lexus.jpg
    [2012/03/27 16:37:43 | 000,201,599 | ---- | C] () -- C:\mar29-peryotel.jpg
    [2012/03/27 16:18:47 | 000,077,525 | ---- | C] () -- C:\mar27-ital.jpg
    [2012/03/27 15:59:16 | 000,163,322 | ---- | C] () -- C:\Page1-.jpg
    [2012/03/27 15:59:09 | 000,167,083 | ---- | C] () -- C:\Page2-.jpg
    [2012/03/27 01:37:24 | 000,077,275 | ---- | C] () -- C:\Mar27-Calimedia.jpg
    [2012/03/26 19:14:29 | 000,022,748 | ---- | C] () -- C:\Mar28-newbalance.jpg
    [2012/03/25 23:56:00 | 000,049,631 | ---- | C] () -- C:\mar27-postal.jpg
    [2012/03/25 23:37:10 | 000,077,680 | ---- | C] () -- C:\Mar28-NYMagwed.jpg
    [2012/03/25 23:27:09 | 000,054,248 | ---- | C] () -- C:\Mar28-Jazzmixer.jpg
    [2012/03/25 23:15:26 | 000,038,837 | ---- | C] () -- C:\beard-4.jpg
    [2012/03/25 23:10:40 | 000,041,679 | ---- | C] () -- C:\beard-3.jpg
    [2012/03/25 23:09:05 | 000,025,000 | ---- | C] () -- C:\beard-2.jpg
    [2012/03/25 23:06:11 | 000,071,218 | ---- | C] () -- C:\Beard-1.jpg
    [2012/03/23 23:18:25 | 000,117,150 | ---- | C] () -- C:\Mar29-31-opengall.jpg
    [2012/03/22 12:57:39 | 000,121,605 | ---- | C] () -- C:\mar28-denim.jpg
    [2012/03/22 12:52:49 | 000,052,421 | ---- | C] () -- C:\Mar22-zen.jpg
    [2012/03/22 01:12:56 | 000,022,848 | ---- | C] () -- C:\o-fpot.jpg
    [2012/03/22 00:52:52 | 000,057,073 | ---- | C] () -- C:\mar23-alibi.jpg
    [2012/03/03 00:52:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/04 13:38:22 | 000,000,023 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2012/02/03 22:18:42 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
    [2012/01/03 17:18:39 | 000,000,370 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2011/12/23 22:07:27 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
    [2011/12/07 11:57:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/07/15 22:42:20 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
    [2011/07/15 22:42:20 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat

    ========== LOP Check ==========

    [2008/05/30 19:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2010/01/17 17:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
    [2012/03/22 16:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2012/01/31 19:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
    [2009/12/29 18:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeRecovery
    [2011/05/24 14:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2008/10/15 13:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}
    [2008/09/05 10:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\aAvgApi
    [2008/10/04 15:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\Acoustica
    [2009/12/29 18:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/12/05 01:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\mjusbsp
    [2010/12/28 15:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\ntr
    [2009/12/29 18:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\OfficeRecovery
    [2010/09/28 16:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\OpenOffice.org
    [2011/05/12 15:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\OrgPlus9
    [2009/07/13 13:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\Scalabium
    [2012/04/19 16:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Os\Application Data\TeamViewer
    [2012/01/31 03:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
    [2012/01/31 09:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
    [2012/01/31 15:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
    [2012/01/30 21:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
    [2012/01/30 03:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2012/01/31 20:55:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0BB28F5F-6E80-458F-8B51-086F0450C44C}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >
    [2010/01/08 03:06:07 | 091,338,304 | ---- | M] (Lavasoft ) -- C:\Ad-AwareInstallation.exe
    [2009/04/20 13:46:52 | 063,752,952 | ---- | M] (AVG Technologies) -- C:\avg_free_stf_en_85_287a1483.exe
    [2008/10/15 04:37:55 | 003,514,567 | ---- | M] (Goldzsoft Inc. ) -- C:\avijoiner.exe
    [2009/05/06 15:50:34 | 001,277,680 | ---- | M] () -- C:\couponprinter.exe
    [2009/04/08 13:48:51 | 005,977,684 | ---- | M] (DVDVideoSoft Limited. ) -- C:\freeyoutubedownload.exe
    [2010/01/08 20:29:27 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
    [2011/01/18 12:32:12 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.1.1100.exe
    [2010/01/08 20:52:06 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
    [2010/10/10 12:52:28 | 000,615,144 | ---- | M] (June Fabrics Technology Inc. ) -- C:\PdaNetW20.exe
    [2003/07/04 09:20:00 | 000,229,376 | ---- | M] () -- C:\ReferenceFinder 3.1.exe
    [2008/10/08 20:11:00 | 007,647,053 | ---- | M] (EffectMatrix Inc. ) -- C:\tvcnew.exe
    [2009/08/31 15:54:29 | 018,015,723 | ---- | M] () -- C:\vlc-1.0.1-win32.exe
    [2009/03/24 16:09:15 | 015,484,083 | ---- | M] (NETGEAR ) -- C:\wg311v3_3_1_setup.exe

    < MD5 for: EXPLORER.EXE >
    [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
    [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
    [2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
    [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
    [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
    [2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
    [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
    [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
    [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
    [2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
    [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
    [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    < C:\Windows\assembly\tmp\U\*.* /s >

    < %Temp%\smtmp\1\*.* >

    < %Temp%\smtmp\2\*.* >

    < %Temp%\smtmp\3\*.* >

    < %Temp%\smtmp\4\*.* >

    < type c:\diskreport.txt /c >
    Microsoft DiskPart version 5.1.3565
    Copyright © 1999-2003 Microsoft Corporation.
    On computer: D9BH4YF1
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    Volume 0 D DVD-ROM 0 B
    Volume 1 C NTFS Partition 149 GB Healthy System

    < >

    ========== Files - Unicode (All) ==========
    [2009/12/29 05:05:05 | 000,160,211 | ---- | M] ()(C:\Tu?nPh?m-Saberlord-2008-2009.jpg) -- C:\TuấnPhạm-Saberlord-2008-2009.jpg
    [2009/12/29 05:05:01 | 000,160,211 | ---- | C] ()(C:\Tu?nPh?m-Saberlord-2008-2009.jpg) -- C:\TuấnPhạm-Saberlord-2008-2009.jpg

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\WINDOWS\$NtUninstallKB32285$] -> Error: Cannot create file handle -> Unknown point type

    < End of report >

    ___________

    aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
    Run date: 2012-04-19 18:22:40
    -----------------------------
    18:22:40.858 OS Version: Windows 5.1.2600 Service Pack 3
    18:22:40.858 Number of processors: 2 586 0xF0D
    18:22:40.858 ComputerName: D9BH4YF1 UserName: Os
    18:22:41.811 Initialize success
    18:24:03.967 AVAST engine defs: 12041901
    18:24:31.670 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    18:24:31.670 Disk 0 Vendor: Intel___ 1.0. Size: 152585MB BusType: 8
    18:24:31.686 Disk 0 MBR read successfully
    18:24:31.686 Disk 0 MBR scan
    18:24:31.733 Disk 0 Windows XP default MBR code
    18:24:31.733 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
    18:24:31.764 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152531 MB offset 96390
    18:24:31.764 Disk 0 scanning sectors +312480315
    18:24:31.858 Disk 0 scanning C:\WINDOWS\system32\drivers
    18:24:45.108 Service scanning
    18:24:52.873 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
    18:24:52.920 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
    18:24:53.389 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
    18:24:53.451 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
    18:25:03.264 Modules scanning
    18:25:11.451 Disk 0 trace - called modules:
    18:25:11.467
    18:25:12.201 AVAST engine scan C:\WINDOWS
    18:25:28.623 AVAST engine scan C:\WINDOWS\system32
    18:27:39.404 AVAST engine scan C:\WINDOWS\system32\drivers
    18:27:57.764 AVAST engine scan C:\Documents and Settings\Os
    18:29:04.014 File: C:\Documents and Settings\Os\Application Data\Sun\Java\Deployment\cache\6.0\2\8a4cec2-66aced2c **INFECTED** Win32:Karagany-EW [Trj]
    18:30:37.904 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Os\Desktop\MBR.dat"
    18:30:37.904 The log file has been saved successfully to "C:\Documents and Settings\Os\Desktop\aswMBR.txt"
  3. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
    I still need Attach.txt part of DDS, MBAM and GMER logs
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.