[Closed] Kaspersky blocked malicious URL -- Windows Explorer shuts down

Status
Not open for further replies.
Peter Jordan

Peter Jordan

Posts: 13   +0
Just recently I have started receiving messages from Kaspersky indicating they have blocked a malicious URL from loading.

The message reads:

C:\\Windows\Explorer.Exe (PID:5084): Loading Object http:/...?worker.php?action=get%5Fscript%5Fhash...containing malicious URL
hXXp://76.191.112.2/scripts/worker.php?action=get %5F scrips %5hash&ver=1.1


Shortly afterwards, Windows Explorer shuts down and they restarts. This cycle repeats itself continuously.

I have conducted full scans using Kaspersky, Malewyrebytes, and Super-Antispyware, none of which detected anything.

A recent scan using Combofix did find and delete a dll called devil and the problem was remedied until the computer was rebooted at which point the issues returned.

Your help would be greatly appreciated.
 
Welcome to TechSpot! You shouldn't have run Combofix unless instructed to do so. Since you did anyway, I'd like you to run our preliminary scans first, then include the Combofix log you just got with the other logs. Don't run Combofix again- I kust want to see that log.

Please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
===========================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
 
ComboFix 12-05-28.01 - Peter 05/28/2012 6:16.10.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1698 [GMT -4:00]
Running from: c:\users\Peter\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\1229858041.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 10:27 . 2012-05-28 10:27 -------- d-----w- c:\users\Peter\AppData\Local\temp
2012-05-28 10:27 . 2012-05-28 10:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-28 10:27 . 2012-05-28 10:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-26 23:36 . 2012-05-26 23:36 -------- d-----w- c:\program files\Trend Micro
2012-05-26 22:31 . 2012-05-26 22:31 -------- d-----w- c:\program files\Common Files\Java
2012-05-26 22:29 . 2012-05-26 22:29 -------- d-----w- c:\program files\Oracle
2012-05-26 22:28 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-26 12:30 . 2012-05-26 12:30 -------- d-----w- c:\program files\ESET
2012-05-25 11:16 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A98B41E2-3CD0-436E-857D-6C3F85B85985}\mpengine.dll
2012-05-17 11:42 . 2012-05-26 18:58 -------- d-----w- c:\program files\RemoteAutomator
2012-05-17 11:42 . 2012-05-26 18:58 -------- d-----w- c:\programdata\RemoteAutomator
2012-05-09 21:01 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 21:01 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 21:01 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 21:01 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 21:01 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 21:01 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:39 . 2012-03-29 22:59 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:39 . 2011-05-13 13:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2010-08-16 11:32 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2010-12-03 22:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 14:00 . 2012-04-13 11:20 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2012-03-01 05:46 . 2012-04-13 01:17 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-13 01:17 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-13 01:17 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 01:17 5120 ----a-w- c:\windows\system32\wmi.dll
2011-02-27 00:14 . 2011-02-27 00:14 7808600 ----a-w- c:\program files\PowerPack3.exe
2011-02-27 00:13 . 2011-02-27 00:13 5404768 ----a-w- c:\program files\RegCleaner603.exe
2010-08-19 16:59 . 2010-08-19 16:59 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
2012-04-25 16:31 . 2011-03-24 10:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64d23501-5195-4224-9446-e2b0fb64e859}"= "c:\program files\HiGames\tbHiGa.dll" [2009-10-27 2325528]
.
[HKEY_CLASSES_ROOT\clsid\{64d23501-5195-4224-9446-e2b0fb64e859}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64d23501-5195-4224-9446-e2b0fb64e859}]
2009-10-27 15:45 2325528 ----a-w- c:\program files\HiGames\tbHiGa.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{64d23501-5195-4224-9446-e2b0fb64e859}"= "c:\program files\HiGames\tbHiGa.dll" [2009-10-27 2325528]
.
[HKEY_CLASSES_ROOT\clsid\{64d23501-5195-4224-9446-e2b0fb64e859}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-08-19 16:59 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-06 7703072]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-08-06 3575808]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 421888]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2011-03-21 340520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\NoMoreTime\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-06-26 17:05 568072 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=
backup=c:\windows\pss\CaptureWiz.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-07-28 13:10 1406824 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\NoMoreTime\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 19:56 981680 ----a-w- c:\program files\NoMoreTime\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-01-13 15:41 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2010-11-24 20:26 1233856 ----a-w- c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
2010-08-08 01:40 5324800 ----a-w- c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-19 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
R4 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-08-06 3453440]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMService;MBAMService;c:\program files\NoMoreTime\mbamservice.exe [2012-04-04 654408]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-07 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-07 42144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:39]
.
2012-05-28 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-06-29 17:37]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} - hxxp://www2.stlu.com/plugins/Plugin0501.0125/streetnoagent7.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://msx.mlxchange.com/5.5.07.24643/Control/IRCSharc.cab
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{583F8E79-0A89-4EBA-9DE2-479E57F64506} - c:\users\Peter\Documents\AP_Rewards_AutoEARN\aanpb.dll
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
MSConfigStartUp-aanpm - c:\users\Peter\Documents\AP_Rewards_AutoEARN\aanpt.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-28 06:30:57
ComboFix-quarantined-files.txt 2012-05-28 10:30
.
Pre-Run: 68,446,322,688 bytes free
Post-Run: 68,375,572,480 bytes free
.
- - End Of File - - 0D947D865D3211E9C046765084E55B9C
 
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.23.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Peter :: PETER-PC [administrator]

5/26/2012 10:52:40 AM
mbam-log-2012-05-26 (10-52-40).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 380996
Time elapsed: 3 hour(s), 58 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-27 11:24:15
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9A300 rev.FBEOC40C
Running: lvedk6e2.exe; Driver: C:\Users\Peter\AppData\Local\Temp\pwdoapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x9584FBD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x9585152C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x95851782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x958519FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x95850450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x95850B32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x95850F3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x958505F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x95850E14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x9584F7D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x95850CD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x9584F992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x9585106E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x95852CB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x958500EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x958501EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x95850D72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x958526A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x95853672]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x95850752]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x95852734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x95852D64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x95850FDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x958504D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x95850EAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x9584FDD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x95852CDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x95851110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x9584FCFA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x95851C3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x9585307C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x958529CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x9585149A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x95851360]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x95852442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x95853554]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x9585086C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x9585030C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x95851CF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x9585282E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x958531BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x958532A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x958533C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x958525CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x9584FF4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x9584FEA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x95852F32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x9585002E]
 
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 75850860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 758508D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 75850940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 758509B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75850A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 75850A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 75850B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 75850B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 75850BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 75850C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77090940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 770909B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77090A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77090B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00780400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00780470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 007804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00780550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 007805C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00780630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 007806A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77090CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 00780710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00780780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 002006A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 007902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00790320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00790390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00200710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 002007F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00790400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00790470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 007904E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00790550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 007905C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00790630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 007906A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00790710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00790780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00200860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 002008D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00200940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00790B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00790BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 77090080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 77090010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 77090080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 77090010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 77090080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 77090010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 770902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77090320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 758504E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 758501D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 75850390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 75850320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 758502B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 75850240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 758500F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] 75850320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 758500F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 75850240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 758504E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 770902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 75850400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 758504E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 75850390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 75850240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 758502B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 758500F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 758501D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 75850160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 770901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\netapi32.dll [ntdll.dll!RtlAllocateHeap] 77090010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\netapi32.dll [ntdll.dll!RtlFreeHeap] 77090080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 003B0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 003B0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 003B0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 003B0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003B0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 75850860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 758508D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 75850940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 758509B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75850A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 75850A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 75850B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 75850B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 75850BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 75850C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77090940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 770909B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77090A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77090B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 003C0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 003C0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 003C04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 003C0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 003C05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 003C0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 003C06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77090CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 003C0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003C0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 002006A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 003D02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 003D0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 003D0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00200710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 002007F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 003D0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 003D0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 003D04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 003D0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 003D05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 003D0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 003D06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 003D0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003D0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00200860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 002008D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00200940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 003D0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 003D0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 77090010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 77090080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 77090080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 77090010
IAT C:\Windows\Explorer.exe[4668] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [739924CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4668] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [7397562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4668] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [739756EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4668] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [73992546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4668] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [739885AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4668] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [73984D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4668] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [73985105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4668] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [739851DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4668] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73986707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4668] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73988301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4668] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73988850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4668] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [739890B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4668] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7398E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4668] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [73984C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
GMER (continued)


Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fb6d6d
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fb6d6d (not active ControlSet)
 
---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 830563C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8308FD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 83096D8C 4 Bytes [D0, FB, 84, 95]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83096DB4 8 Bytes [2C, 15, 85, 95, 82, 17, 85, ...] {SUB AL, 0x15; TEST [EBP-0x6a7ae87e], EDX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 83096DF8 4 Bytes [FC, 19, 85, 95]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 83096E24 4 Bytes [50, 04, 85, 95] {PUSH EAX; ADD AL, 0x85; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 83096E48 4 Bytes [32, 0B, 85, 95]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x96617000, 0x2D5046, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] USER32.dll!NotifyWinEvent + 6AE 76C2D66C 4 Bytes [70, 11, 33, 6D]
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3352] USER32.dll!NotifyWinEvent + 6AE 76C2D66C 4 Bytes [70, 11, 33, 6D]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5088] ntdll.dll!LdrLoadDll 76F9223E 5 Bytes JMP 5EC2C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5088] kernel32.dll!MapViewOfFile 757A93DB 5 Bytes JMP 5EE5E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5088] kernel32.dll!VirtualAlloc 757AC43A 5 Bytes JMP 5EE5E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5088] GDI32.dll!CreateDIBSection 76BC8850 5 Bytes JMP 5EE5E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5488] USER32.dll!SetWindowLongA 76C18BA3 5 Bytes JMP 5EFB5EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5488] USER32.dll!SetWindowLongW 76C24449 5 Bytes JMP 5EFB5E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5488] USER32.dll!GetWindowInfo 76C24B5E 5 Bytes JMP 5EDA4822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5488] USER32.dll!TrackPopupMenu 76C32228 5 Bytes JMP 5EDA4DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00770DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00770E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00770E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 00770EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00770F60
 
[FONT=Courier New]DDS (Ver_2011-08-26.01) - NTFSx86 [/FONT]
[FONT=Courier New]Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1[/FONT]
[FONT=Courier New]Run by Peter at 19:26:30 on 2012-05-26[/FONT]
[FONT=Courier New]Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1061 [GMT -4:00][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}[/FONT]
[FONT=Courier New]SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}[/FONT]
[FONT=Courier New]SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]============== Running Processes ===============[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]C:\Windows\system32\wininit.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\lsm.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k DcomLaunch[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k RPCSS[/FONT]
[FONT=Courier New]C:\Windows\system32\atiesrxx.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted[/FONT]
[FONT=Courier New]C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k netsvcs[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k LocalService[/FONT]
[FONT=Courier New]C:\Windows\system32\atieclxx.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k NetworkService[/FONT]
[FONT=Courier New]C:\Program Files\Common Files\SPBA\upeksvr.exe[/FONT]
[FONT=Courier New]c:\Program Files\Acer Bio Protection\CompPtcVUI.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\spoolsv.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork[/FONT]
[FONT=Courier New]C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[/FONT]
[FONT=Courier New]C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[/FONT]
[FONT=Courier New]C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k HsfXAudioService[/FONT]
[FONT=Courier New]C:\Windows\System32\svchost.exe -k HPZ12[/FONT]
[FONT=Courier New]C:\Windows\System32\svchost.exe -k HPZ12[/FONT]
[FONT=Courier New]c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[/FONT]
[FONT=Courier New]c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k imgsvc[/FONT]
[FONT=Courier New]C:\Windows\system32\taskhost.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\Dwm.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\svchost.exe -k secsvcs[/FONT]
[FONT=Courier New]C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[/FONT]
[FONT=Courier New]C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[/FONT]
[FONT=Courier New]C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[/FONT]
[FONT=Courier New]C:\Program Files\Acer Bio Protection\PdtWzd.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\SearchIndexer.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\alg.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted[/FONT]
[FONT=Courier New]C:\Program Files\Launch Manager\LManager.exe[/FONT]
[FONT=Courier New]C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[/FONT]
[FONT=Courier New]C:\Program Files\Windows Media Player\wmpnetwk.exe[/FONT]
[FONT=Courier New]C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[/FONT]
[FONT=Courier New]C:\Program Files\TechSmith\Jing\Jing.exe[/FONT]
[FONT=Courier New]C:\Users\Peter\Documents\AP_Rewards_AutoEARN\aanpt.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\svchost.exe -k LocalServicePeerNet[/FONT]
[FONT=Courier New]C:\Users\Peter\Documents\AP_Rewards_AutoEARN\aanpp.exe[/FONT]
[FONT=Courier New]C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[/FONT]
[FONT=Courier New]C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\DllHost.exe[/FONT]
[FONT=Courier New]C:\Program Files\NoMoreTime\mbamservice.exe[/FONT]
[FONT=Courier New]C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[/FONT]
[FONT=Courier New]C:\Windows\Explorer.exe[/FONT]
[FONT=Courier New]C:\Program Files\Mozilla Firefox\firefox.exe[/FONT]
[FONT=Courier New]C:\Program Files\Mozilla Firefox\plugin-container.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\ctfmon.exe[/FONT]
[FONT=Courier New]C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[/FONT]
[FONT=Courier New]C:\Program Files\Java\jre6\bin\java.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\conhost.exe[/FONT]
[FONT=Courier New]C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[/FONT]
[FONT=Courier New]C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[/FONT]
[FONT=Courier New]C:\Program Files\Mozilla Firefox\plugin-container.exe[/FONT]
[FONT=Courier New]C:\PROGRA~1\IZArc\IZArc.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\SearchProtocolHost.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\SearchFilterHost.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\DllHost.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\conhost.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\wbem\wmiprvse.exe[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]============== Pseudo HJT Report ===============[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]uStart Page = hxxp://mls.gsmls.com/member/index.jsp[/FONT]
[FONT=Courier New]mStart Page = hxxp://www.comcast.net/[/FONT]
[FONT=Courier New]mWindow Title = Windows Internet Explorer provided by Comcast[/FONT]
[FONT=Courier New]uInternet Settings,ProxyOverride = *.local[/FONT]
[FONT=Courier New]uURLSearchHooks: HiGames Toolbar: {64d23501-5195-4224-9446-e2b0fb64e859} - c:\program files\higames\tbHiGa.dll[/FONT]
[FONT=Courier New]mURLSearchHooks: HiGames Toolbar: {64d23501-5195-4224-9446-e2b0fb64e859} - c:\program files\higames\tbHiGa.dll[/FONT]
[FONT=Courier New]BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File[/FONT]
[FONT=Courier New]BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll[/FONT]
[FONT=Courier New]BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll[/FONT]
[FONT=Courier New]BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll[/FONT]
[FONT=Courier New]BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll[/FONT]
[FONT=Courier New]BHO: HiGames Toolbar: {64d23501-5195-4224-9446-e2b0fb64e859} - c:\program files\higames\tbHiGa.dll[/FONT]
[FONT=Courier New]BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll[/FONT]
[FONT=Courier New]BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll[/FONT]
[FONT=Courier New]BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll[/FONT]
[FONT=Courier New]BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll[/FONT]
[FONT=Courier New]BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL[/FONT]
[FONT=Courier New]BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll[/FONT]
[FONT=Courier New]BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll[/FONT]
[FONT=Courier New]BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll[/FONT]
[FONT=Courier New]TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll[/FONT]
[FONT=Courier New]TB: HiGames Toolbar: {64d23501-5195-4224-9446-e2b0fb64e859} - c:\program files\higames\tbHiGa.dll[/FONT]
[FONT=Courier New]TB: A&P Rewards AutoEARN v1.0: {583f8e79-0a89-4eba-9de2-479e57f64506} - c:\users\peter\documents\ap_rewards_autoearn\aanpb.dll[/FONT]
[FONT=Courier New]uRun: [Jing] c:\program files\techsmith\jing\Jing.exe[/FONT]
[FONT=Courier New]uRun: [aanpm] "c:\users\peter\documents\ap_rewards_autoearn\aanpt.exe"[/FONT]
[FONT=Courier New]uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED[/FONT]
[FONT=Courier New]mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun[/FONT]
[FONT=Courier New]mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s[/FONT]
[FONT=Courier New]mRun: [VitaKeyPdtWzd] "c:\program files\acer bio protection\PdtWzd.exe"[/FONT]
[FONT=Courier New]mRun: [LManager] c:\program files\launch manager\LManager.exe[/FONT]
[FONT=Courier New]mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe[/FONT]
[FONT=Courier New]mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe[/FONT]
[FONT=Courier New]mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"[/FONT]
[FONT=Courier New]mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"[/FONT]
[FONT=Courier New]mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"[/FONT]
[FONT=Courier New]mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"[/FONT]
[FONT=Courier New]mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"[/FONT]
[FONT=Courier New]mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices[/FONT]
[FONT=Courier New]mRun: [Malwarebytes' Anti-Malware] "c:\program files\nomoretime\mbamgui.exe" /starttray[/FONT]
[FONT=Courier New]mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"[/FONT]
[FONT=Courier New]mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)[/FONT]
[FONT=Courier New]mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)[/FONT]
[FONT=Courier New]mPolicies-system: EnableUIADesktopToggle = 0 (0x0)[/FONT]
[FONT=Courier New]mPolicies-system: DisableCAD = 1 (0x1)[/FONT]
[FONT=Courier New]IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html[/FONT]
[FONT=Courier New]IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html[/FONT]
[FONT=Courier New]IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html[/FONT]
[FONT=Courier New]IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html[/FONT]
[FONT=Courier New]IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000[/FONT]
[FONT=Courier New]IE: Free YouTube to Mp3 Converter - c:\users\peter\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm[/FONT]
[FONT=Courier New]IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html[/FONT]
[FONT=Courier New]IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer bio protection\PwdBank.exe[/FONT]
[FONT=Courier New]IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm[/FONT]
[FONT=Courier New]IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll[/FONT]
[FONT=Courier New]IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll[/FONT]
[FONT=Courier New]IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll[/FONT]
[FONT=Courier New]IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL[/FONT]
[FONT=Courier New]IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll[/FONT]
[FONT=Courier New]IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll[/FONT]
[FONT=Courier New]Trusted Zone: realtytools.com[/FONT]
[FONT=Courier New]Trusted Zone: toolkitcma.com[/FONT]
[FONT=Courier New]Trusted Zone: toolkitcma2.com[/FONT]
[FONT=Courier New]DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} - hxxp://www2.stlu.com/plugins/Plugin0501.0125/streetnoagent7.cab[/FONT]
[FONT=Courier New]DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[/FONT]
[FONT=Courier New]DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://msx.mlxchange.com/5.5.07.24643/Control/IRCSharc.cab[/FONT]
[FONT=Courier New]DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab[/FONT]
[FONT=Courier New]DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab[/FONT]
[FONT=Courier New]DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx[/FONT]
[FONT=Courier New]DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab[/FONT]
[FONT=Courier New]DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab[/FONT]
[FONT=Courier New]DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab[/FONT]
[FONT=Courier New]DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://sirva.webex.com/client/wbs27-vzbprodcn/nbr/ieatgpc1.cab[/FONT]
[FONT=Courier New]TCP: DhcpNameServer = 75.75.75.75 75.75.76.76[/FONT]
[FONT=Courier New]TCP: Interfaces\{CA7B98B4-C4D7-4F55-B82D-B7BDC61C4E3F} : DhcpNameServer = 75.75.75.75 75.75.76.76[/FONT]
[FONT=Courier New]TCP: Interfaces\{CA7B98B4-C4D7-4F55-B82D-B7BDC61C4E3F}\05E4A405 : DhcpNameServer = 192.168.126.1[/FONT]
[FONT=Courier New]TCP: Interfaces\{CA7B98B4-C4D7-4F55-B82D-B7BDC61C4E3F}\07E6A607 : DhcpNameServer = 192.168.126.1[/FONT]
[FONT=Courier New]TCP: Interfaces\{CA7B98B4-C4D7-4F55-B82D-B7BDC61C4E3F}\876696E696479777966696 : DhcpNameServer = 75.75.75.75 75.75.76.76[/FONT]
[FONT=Courier New]TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9} : DhcpNameServer = 75.75.75.75 75.75.76.76[/FONT]
[FONT=Courier New]Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll[/FONT]
[FONT=Courier New]Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll[/FONT]
[FONT=Courier New]Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll[/FONT]
[FONT=Courier New]Notify: klogon - c:\windows\system32\klogon.dll[/FONT]
[FONT=Courier New]Notify: spba - c:\program files\common files\spba\homefus2.dll[/FONT]
[FONT=Courier New]AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll c:\windows\system32\acaptuser32.dll[/FONT]
[FONT=Courier New]SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]================= FIREFOX ===================[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]FF - ProfilePath - c:\users\peter\appdata\roaming\mozilla\firefox\profiles\m4fqy7os.default\[/FONT]
[FONT=Courier New]FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=[/FONT]
[FONT=Courier New]FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/[/FONT]
[FONT=Courier New]FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL[/FONT]
[FONT=Courier New]FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL[/FONT]
[FONT=Courier New]FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\program files\mozilla firefox\plugins\npstm32.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\users\peter\appdata\roaming\mozilla\plugins\npatgpc.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\windows\system32\npDeployJava1.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\windows\system32\npmproxy.dll[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]============= SERVICES / DRIVERS ===============[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880][/FONT]
[FONT=Courier New]R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520][/FONT]
[FONT=Courier New]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872][/FONT]
[FONT=Courier New]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656][/FONT]
[FONT=Courier New]R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128][/FONT]
[FONT=Courier New]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928][/FONT]
[FONT=Courier New]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-23 176128][/FONT]
[FONT=Courier New]R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340520][/FONT]
[FONT=Courier New]R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032][/FONT]
[FONT=Courier New]R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-5-31 260648][/FONT]
[FONT=Courier New]R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472][/FONT]
[FONT=Courier New]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-3 22344][/FONT]
[FONT=Courier New]R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-5-7 52128][/FONT]
[FONT=Courier New]R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-5-7 42144][/FONT]
[FONT=Courier New]R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-10-23 27320][/FONT]
[FONT=Courier New]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336][/FONT]
[FONT=Courier New]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384][/FONT]
[FONT=Courier New]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257696][/FONT]
[FONT=Courier New]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-10-23 29472][/FONT]
[FONT=Courier New]S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360][/FONT]
[FONT=Courier New]S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992][/FONT]
[FONT=Courier New]S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504][/FONT]
[FONT=Courier New]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-20 52224][/FONT]
[FONT=Courier New]S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920][/FONT]
[FONT=Courier New]S4 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-10-6 24576][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]=============== Created Last 30 ================[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]2012-05-26 22:29:48 -------- d-----w- c:\program files\Oracle[/FONT]
[FONT=Courier New]2012-05-26 22:28:28 772504 ----a-w- c:\windows\system32\npDeployJava1.dll[/FONT]
[FONT=Courier New]2012-05-26 19:04:09 56200----a-w- c:\programdata\microsoft\windows defender\definition updates\{a98b41e2-3cd0-436e-857d-6c3f85b85985}\offreg.dll[/FONT]
[FONT=Courier New]2012-05-26 14:21:59 -------- d-s---w- C:\ComboFix29460C[/FONT]
[FONT=Courier New]2012-05-26 12:30:46 -------- d-----w- c:\program files\ESET[/FONT]
[FONT=Courier New]2012-05-26 12:29:08 25276----a-w- c:\windows\system32\1229858041.dll[/FONT]
[FONT=Courier New]2012-05-26 11:58:18 -------- d-sh--w- C:\$RECYCLE.BIN[/FONT]
[FONT=Courier New]2012-05-26 11:58:12 -------- d-----w- c:\users\peter\appdata\local\temp[/FONT]
[FONT=Courier New]2012-05-26 11:40:37 -------- d-----w- C:\ComboFix29482C[/FONT]
[FONT=Courier New]2012-05-26 11:34:12 -------- d-----w- C:\ComboFix231802C[/FONT]
[FONT=Courier New]2012-05-26 10:47:26 -------- d-----w- C:\ComboFix21380C[/FONT]
[FONT=Courier New]2012-05-25 12:00:58 -------- d-----w- C:\ComboFix2[/FONT]
[FONT=Courier New]2012-05-25 11:16:01 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a98b41e2-3cd0-436e-857d-6c3f85b85985}\mpengine.dll[/FONT]
[FONT=Courier New]2012-05-17 11:42:16 -------- d-----w- c:\programdata\RemoteAutomator[/FONT]
[FONT=Courier New]2012-05-17 11:42:16 -------- d-----w- c:\program files\RemoteAutomator[/FONT]
[FONT=Courier New]2012-05-09 21:01:25 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys[/FONT]
[FONT=Courier New]2012-05-09 21:01:19 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll[/FONT]
[FONT=Courier New]2012-05-09 21:01:18 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL[/FONT]
[FONT=Courier New]2012-05-09 21:01:17 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll[/FONT]
[FONT=Courier New]2012-05-09 21:01:17 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll[/FONT]
[FONT=Courier New]2012-05-09 21:01:09 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe[/FONT]
[FONT=Courier New]2012-05-09 21:01:08 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe[/FONT]
[FONT=Courier New]2012-05-09 21:01:08 2343424 ----a-w- c:\windows\system32\win32k.sys[/FONT]
[FONT=Courier New]2012-05-09 21:01:00 56176----a-w- c:\windows\system32\drivers\partmgr.sys[/FONT]
[FONT=Courier New]2012-05-09 21:00:59 1077248 ----a-w- c:\windows\system32\DWrite.dll[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]==================== Find3M ====================[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]2012-05-05 10:39:09 70304----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl[/FONT]
[FONT=Courier New]2012-05-05 10:39:09 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe[/FONT]
[FONT=Courier New]2012-04-04 22:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll[/FONT]
[FONT=Courier New]2012-04-04 19:56:40 22344----a-w- c:\windows\system32\drivers\mbam.sys[/FONT]
[FONT=Courier New]2012-03-26 14:00:41 112056 ----a-w- c:\windows\system32\acaptuser32.dll[/FONT]
[FONT=Courier New]2012-03-01 05:46:57 19824----a-w- c:\windows\system32\drivers\fs_rec.sys[/FONT]
[FONT=Courier New]2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll[/FONT]
[FONT=Courier New]2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll[/FONT]
[FONT=Courier New]2012-03-01 05:29:16 5120----a-w- c:\windows\system32\wmi.dll[/FONT]
[FONT=Courier New]2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll[/FONT]
[FONT=Courier New]2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl[/FONT]
[FONT=Courier New]2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll[/FONT]
[FONT=Courier New]2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb[/FONT]
[FONT=Courier New]2011-02-27 00:14:39 7808600 ----a-w- c:\program files\PowerPack3.exe[/FONT]
[FONT=Courier New]2011-02-27 00:13:20 5404768 ----a-w- c:\program files\RegCleaner603.exe[/FONT]
[FONT=Courier New]2010-08-19 16:59:19 197632 ----a-w- c:\program files\common files\OnlineFilesManager.dll[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]============= FINISH: 19:28:23.83 ===============[/FONT]
[FONT=Courier New] [/FONT]
 
[FONT=Courier New].[/FONT]
[FONT=Courier New]DDS (Ver_2011-08-26.01)[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]Microsoft Windows 7 Professional [/FONT]
[FONT=Courier New]Boot Device: \Device\HarddiskVolume2[/FONT]
[FONT=Courier New]Install Date: 6/17/2010 9:06:52 PM[/FONT]
[FONT=Courier New]System Uptime: 5/26/2012 2:53:37 PM (5 hours ago)[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]Motherboard: Acer | | Olan [/FONT]
[FONT=Courier New]Processor: AMD Athlon(tm) X2 Dual-Core QL-65 | Socket S1G2 | 1050/200mhz[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]==== Disk Partitions =========================[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]C: is FIXED (NTFS) - 221 GiB total, 62.573 GiB free.[/FONT]
[FONT=Courier New]D: is CDROM ()[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]==== Disabled Device Manager Items =============[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}[/FONT]
[FONT=Courier New]Description: SABKUTIL[/FONT]
[FONT=Courier New]Device ID: ROOT\LEGACY_SABKUTIL\0000[/FONT]
[FONT=Courier New]Manufacturer: [/FONT]
[FONT=Courier New]Name: SABKUTIL[/FONT]
[FONT=Courier New]PNP Device ID: ROOT\LEGACY_SABKUTIL\0000[/FONT]
[FONT=Courier New]Service: SABKUTIL[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]==== System Restore Points ===================[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]RP513: 5/26/2012 10:22:08 AM - ComboFix created restore point[/FONT]
[FONT=Courier New]RP514: 5/26/2012 6:25:53 PM - Installed Java(TM) 7 Update 4[/FONT]
[FONT=Courier New]RP515: 5/26/2012 6:28:43 PM - Installed JavaFX 2.1.0[/FONT]
[FONT=Courier New]RP516: 5/26/2012 6:39:06 PM - Removed Java(TM) 6 Update 31[/FONT]
[FONT=Courier New]RP517: 5/26/2012 6:40:45 PM - Removed Java(TM) 6 Update 31[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]==== Installed Programs ======================[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New] Update for Microsoft Office 2007 (KB2508958)[/FONT]
[FONT=Courier New]µTorrent[/FONT]
[FONT=Courier New]2007 Microsoft Office system[/FONT]
[FONT=Courier New]32 Bit HP CIO Components Installer[/FONT]
[FONT=Courier New]7-Zip 9.20[/FONT]
[FONT=Courier New]A&P Rewards AutoEARN[/FONT]
[FONT=Courier New]Able2Extract Professional v5.0[/FONT]
[FONT=Courier New]AC3Filter ACM AC3/DTS codec (remove only)[/FONT]
[FONT=Courier New]Acer Assist[/FONT]
[FONT=Courier New]Acer Bio Protection[/FONT]
[FONT=Courier New]Acer Crystal Eye Webcam[/FONT]
[FONT=Courier New]Acer Empowering Technology[/FONT]
[FONT=Courier New]Acer ePower Management[/FONT]
[FONT=Courier New]Acer eRecovery Management[/FONT]
[FONT=Courier New]Acer GridVista[/FONT]
[FONT=Courier New]Acer Registration[/FONT]
[FONT=Courier New]Acer ScreenSaver[/FONT]
[FONT=Courier New]Acer Updater[/FONT]
[FONT=Courier New]Acer VCM[/FONT]
[FONT=Courier New]Acrobat.com[/FONT]
[FONT=Courier New]Adobe Acrobat 9 Pro Extended - English, Français, Deutsch[/FONT]
[FONT=Courier New]Adobe Acrobat 9.5.1 - CPSID_83708[/FONT]
[FONT=Courier New]Adobe AIR[/FONT]
[FONT=Courier New]Adobe Digital Editions[/FONT]
[FONT=Courier New]Adobe Flash Player 11 ActiveX[/FONT]
[FONT=Courier New]Adobe Flash Player 11 Plugin[/FONT]
[FONT=Courier New]Adobe Reader X (10.1.3)[/FONT]
[FONT=Courier New]Adobe Shockwave Player 11.6[/FONT]
[FONT=Courier New]Allok Video Joiner 4.0.1019[/FONT]
[FONT=Courier New]AMD USB Filter Driver[/FONT]
[FONT=Courier New]Apple Application Support[/FONT]
[FONT=Courier New]Apple Mobile Device Support[/FONT]
[FONT=Courier New]Apple Software Update[/FONT]
[FONT=Courier New]ATI Catalyst Install Manager[/FONT]
[FONT=Courier New]Bonjour[/FONT]
[FONT=Courier New]Broadcom Gigabit Integrated Controller[/FONT]
[FONT=Courier New]Business Contact Manager for Outlook 2007 SP2[/FONT]
[FONT=Courier New]CamStudio[/FONT]
[FONT=Courier New]Camtasia Studio 7[/FONT]
[FONT=Courier New]CaptureWizPro 4.30[/FONT]
[FONT=Courier New]Catalyst Control Center - Branding[/FONT]
[FONT=Courier New]Catalyst Control Center Core Implementation[/FONT]
[FONT=Courier New]Catalyst Control Center Graphics Full Existing[/FONT]
[FONT=Courier New]Catalyst Control Center Graphics Full New[/FONT]
[FONT=Courier New]Catalyst Control Center Graphics Light[/FONT]
[FONT=Courier New]Catalyst Control Center InstallProxy[/FONT]
[FONT=Courier New]Catalyst Control Center Localization All[/FONT]
[FONT=Courier New]ccc-core-static[/FONT]
[FONT=Courier New]ccc-utility[/FONT]
[FONT=Courier New]CCC Help Chinese Standard[/FONT]
[FONT=Courier New]CCC Help Chinese Traditional[/FONT]
[FONT=Courier New]CCC Help Czech[/FONT]
[FONT=Courier New]CCC Help Danish[/FONT]
[FONT=Courier New]CCC Help Dutch[/FONT]
[FONT=Courier New]CCC Help English[/FONT]
[FONT=Courier New]CCC Help Finnish[/FONT]
[FONT=Courier New]CCC Help French[/FONT]
[FONT=Courier New]CCC Help German[/FONT]
[FONT=Courier New]CCC Help Greek[/FONT]
[FONT=Courier New]CCC Help Hungarian[/FONT]
[FONT=Courier New]CCC Help Italian[/FONT]
[FONT=Courier New]CCC Help Japanese[/FONT]
[FONT=Courier New]CCC Help Korean[/FONT]
[FONT=Courier New]CCC Help Norwegian[/FONT]
[FONT=Courier New]CCC Help Polish[/FONT]
[FONT=Courier New]CCC Help Portuguese[/FONT]
[FONT=Courier New]CCC Help Russian[/FONT]
[FONT=Courier New]CCC Help Spanish[/FONT]
[FONT=Courier New]CCC Help Swedish[/FONT]
[FONT=Courier New]CCC Help Thai[/FONT]
[FONT=Courier New]CCC Help Turkish[/FONT]
[FONT=Courier New]CCleaner[/FONT]
[FONT=Courier New]CDex - Open Source Digital Audio CD Extractor[/FONT]
[FONT=Courier New]Coupon Printer for Windows[/FONT]
[FONT=Courier New]CuratorUtilities[/FONT]
[FONT=Courier New]D3DX10[/FONT]
[FONT=Courier New]Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition[/FONT]
[FONT=Courier New]DirectVobSub (remove only)[/FONT]
[FONT=Courier New]DivX Setup[/FONT]
[FONT=Courier New]Dropbox[/FONT]
[FONT=Courier New]DVD Flick 1.3.0.7[/FONT]
[FONT=Courier New]Easy Video Joiner 5.21[/FONT]
[FONT=Courier New]Elite Proxy Switcher 1.10[/FONT]
[FONT=Courier New]Email Verifier[/FONT]
[FONT=Courier New]Emoticons 1.0[/FONT]
[FONT=Courier New]Encoder[/FONT]
[FONT=Courier New]ESET Online Scanner v3[/FONT]
[FONT=Courier New]eSobi v2[/FONT]
[FONT=Courier New]EZ MPEG TO AVI Converter 3.00[/FONT]
[FONT=Courier New]FastStone Image Viewer 4.2[/FONT]
[FONT=Courier New]Final Media Player 2010[/FONT]
[FONT=Courier New]Fingerprint Solution[/FONT]
[FONT=Courier New]Free Mp3 Wma Converter V 1.9[/FONT]
[FONT=Courier New]Free Video to MP3 Converter version 4.0[/FONT]
[FONT=Courier New]Free YouTube to MP3 Converter version 3.10.15.1228[/FONT]
[FONT=Courier New]Garmin Lifetime Updater[/FONT]
[FONT=Courier New]GIMP 2.6.11[/FONT]
[FONT=Courier New]Google Update Helper[/FONT]
[FONT=Courier New]GoToMeeting 5.1.0.880[/FONT]
[FONT=Courier New]HandBrake 0.9.5[/FONT]
[FONT=Courier New]HDAUDIO Soft Data Fax Modem with SmartCP[/FONT]
[FONT=Courier New]HiGames Toolbar[/FONT]
[FONT=Courier New]Hot Article Spinner[/FONT]
[FONT=Courier New]HP Color LaserJet 3600 (02/27/2007 61.063.461.41)[/FONT]
[FONT=Courier New]iCloud[/FONT]
[FONT=Courier New]Identity Card[/FONT]
[FONT=Courier New]ImgBurn[/FONT]
[FONT=Courier New]InterVideo WinDVD 8[/FONT]
[FONT=Courier New]iTunes[/FONT]
[FONT=Courier New]IZArc 4.1.2[/FONT]
[FONT=Courier New]Java Auto Updater[/FONT]
[FONT=Courier New]Java(TM) 6 Update 31[/FONT]
[FONT=Courier New]Java(TM) 7 Update 4[/FONT]
[FONT=Courier New]JavaFX 2.1.0[/FONT]
[FONT=Courier New]Jing[/FONT]
[FONT=Courier New]Junk Mail filter update[/FONT]
[FONT=Courier New]K-Lite Codec Pack 6.3.0 (Basic)[/FONT]
[FONT=Courier New]Kaspersky Anti-Virus 2010[/FONT]
[FONT=Courier New]Keyword Blaze[/FONT]
[FONT=Courier New]Keyword SLAM DUNK[/FONT]
[FONT=Courier New]Kyocera Product Library[/FONT]
[FONT=Courier New]LameXP[/FONT]
[FONT=Courier New]Learn.com Player (Uninstall Only)[/FONT]
[FONT=Courier New]LockHunter version 1.0 beta 3, 32 bit edition[/FONT]
[FONT=Courier New]Malwarebytes Anti-Malware version 1.61.0.1400[/FONT]
[FONT=Courier New]Market Samurai[/FONT]
[FONT=Courier New]Microsoft .NET Framework 4 Client Profile[/FONT]
[FONT=Courier New]Microsoft .NET Framework 4 Extended[/FONT]
[FONT=Courier New]Microsoft Application Error Reporting[/FONT]
[FONT=Courier New]Microsoft Office 2003 Web Components[/FONT]
[FONT=Courier New]Microsoft Office 2007 Primary Interop Assemblies[/FONT]
[FONT=Courier New]Microsoft Office 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Courier New]Microsoft Office 2010 Service Pack 1 (SP1)[/FONT]
[FONT=Courier New]Microsoft Office Access MUI (English) 2007[/FONT]
[FONT=Courier New]Microsoft Office Access Setup Metadata MUI (English) 2007[/FONT]
[FONT=Courier New]Microsoft Office Enterprise 2007[/FONT]
[FONT=Courier New]Microsoft Office Excel MUI (English) 2007[/FONT]
[FONT=Courier New]Microsoft Office File Validation Add-In[/FONT]
[FONT=Courier New]Microsoft Office Groove MUI (English) 2007[/FONT]
[FONT=Courier New]Microsoft Office Groove Setup Metadata MUI (English) 2007[/FONT]
[FONT=Courier New]Microsoft Office InfoPath MUI (English) 2007[/FONT]
[FONT=Courier New]Microsoft Office OneNote MUI (English) 2007[/FONT]
[FONT=Courier New]Microsoft Office Outlook MUI (English) 2007[/FONT]
[FONT=Courier New]Microsoft Office PowerPoint 2010[/FONT]
[FONT=Courier New]Microsoft Office PowerPoint MUI (English) 2007[/FONT]
[FONT=Courier New]Microsoft Office PowerPoint MUI (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Professional Edition 2003[/FONT]
[FONT=Courier New]Microsoft Office Professional Hybrid 2007[/FONT]
[FONT=Courier New]Microsoft Office Proof (English) 2007[/FONT]
[FONT=Courier New]Microsoft Office Proof (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Proof (French) 2007[/FONT]
[FONT=Courier New]Microsoft Office Proof (French) 2010[/FONT]
[FONT=Courier New]Microsoft Office Proof (Spanish) 2007[/FONT]
[FONT=Courier New]Microsoft Office Proof (Spanish) 2010[/FONT]
[FONT=Courier New]Microsoft Office Proofing (English) 2007[/FONT]
[FONT=Courier New]Microsoft Office Proofing (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)[/FONT]
[FONT=Courier New]Microsoft Office Publisher MUI (English) 2007[/FONT]
[FONT=Courier New]Microsoft Office Shared MUI (English) 2007[/FONT]
[FONT=Courier New]Microsoft Office Shared MUI (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Shared Setup Metadata MUI (English) 2007[/FONT]
[FONT=Courier New]Microsoft Office Shared Setup Metadata MUI (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Small Business Connectivity Components[/FONT]
[FONT=Courier New]Microsoft Office Suite Activation Assistant[/FONT]
[FONT=Courier New]Microsoft Office Word MUI (English) 2007[/FONT]
[FONT=Courier New]Microsoft PowerPoint 2010[/FONT]
[FONT=Courier New]Microsoft Silverlight[/FONT]
[FONT=Courier New]Microsoft SQL Server 2005[/FONT]
[FONT=Courier New]Microsoft SQL Server 2005 Compact Edition [ENU][/FONT]
[FONT=Courier New]Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)[/FONT]
[FONT=Courier New]Microsoft SQL Server Native Client[/FONT]
[FONT=Courier New]Microsoft SQL Server Setup Support Files (English)[/FONT]
[FONT=Courier New]Microsoft SQL Server VSS Writer[/FONT]
[FONT=Courier New]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053[/FONT]
[FONT=Courier New]Microsoft Visual C++ 2005 Redistributable[/FONT]
[FONT=Courier New]Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570[/FONT]
[FONT=Courier New]Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022[/FONT]
[FONT=Courier New]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148[/FONT]
[FONT=Courier New]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161[/FONT]
[FONT=Courier New]Microsoft Visual C++ Run Time Lib Setup[/FONT]
[FONT=Courier New]mkv2vob[/FONT]
[FONT=Courier New]Mozilla Firefox 12.0 (x86 en-US)[/FONT]
[FONT=Courier New]Mozilla Maintenance Service[/FONT]
[FONT=Courier New]MSVCRT[/FONT]
[FONT=Courier New]MSXML 4.0 SP2 (KB954430)[/FONT]
[FONT=Courier New]MSXML 4.0 SP2 (KB973688)[/FONT]
[FONT=Courier New]MultiSpinner 1.191[/FONT]
[FONT=Courier New]NTI Backup Now 5[/FONT]
[FONT=Courier New]NTI Backup Now Standard[/FONT]
[FONT=Courier New]NTI Media Maker 8[/FONT]
[FONT=Courier New]NTI Shadow[/FONT]
[FONT=Courier New]O2Micro Flash Memory Card Reader Driver[/FONT]
[FONT=Courier New]OGA Notifier 2.0.0048.0[/FONT]
[FONT=Courier New]OJOsoft DVD AVI Converter Suite[/FONT]
[FONT=Courier New]OJOsoft MKV Converter[/FONT]
[FONT=Courier New]OJOsoft Total Video Converter[/FONT]
[FONT=Courier New]PageOne Curator[/FONT]
[FONT=Courier New]Photozig Albums 1.0[/FONT]
[FONT=Courier New]QuickTime[/FONT]
[FONT=Courier New]Real Alternative 2.0.2[/FONT]
[FONT=Courier New]Realtek High Definition Audio Driver[/FONT]
[FONT=Courier New]RER Video Converter[/FONT]
[FONT=Courier New]Safari[/FONT]
[FONT=Courier New]save2pc Light 4.14[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Extended (KB2416472)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Extended (KB2487367)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Extended (KB2656351)[/FONT]
[FONT=Courier New]Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition [/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition [/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition [/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2010 (KB2553091)[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2010 (KB2553096)[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition [/FONT]
[FONT=Courier New]Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition [/FONT]
[FONT=Courier New]Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition[/FONT]
[FONT=Courier New]SEO SpyGlass[/FONT]
[FONT=Courier New]SliQ Submitter Plus[/FONT]
[FONT=Courier New]SPBA 5.8[/FONT]
[FONT=Courier New]SpinChimp Basic[/FONT]
[FONT=Courier New]Spybot - Search & Destroy[/FONT]
[FONT=Courier New]SUPERAntiSpyware[/FONT]
[FONT=Courier New]swMSM[/FONT]
[FONT=Courier New]Synaptics Pointing Device Driver[/FONT]
[FONT=Courier New]TeamViewer 5[/FONT]
[FONT=Courier New]TextPad 5[/FONT]
[FONT=Courier New]The Ultimate Troubleshooter[/FONT]
[FONT=Courier New]ToolkitCMA[/FONT]
[FONT=Courier New]TOP YouTube Downloader V1.0.0[/FONT]
[FONT=Courier New]Trojan Remover 6.8.2[/FONT]
[FONT=Courier New]TweakNow PowerPack 2011[/FONT]
[FONT=Courier New]TweakNow RegCleaner[/FONT]
[FONT=Courier New]TweakNow RegCleaner 2011[/FONT]
[FONT=Courier New]Uninstall 1.0.0.1[/FONT]
[FONT=Courier New]Update for 2007 Microsoft Office System (KB967642)[/FONT]
[FONT=Courier New]Update for Microsoft .NET Framework 4 Client Profile (KB2468871)[/FONT]
[FONT=Courier New]Update for Microsoft .NET Framework 4 Client Profile (KB2473228)[/FONT]
[FONT=Courier New]Update for Microsoft .NET Framework 4 Client Profile (KB2533523)[/FONT]
[FONT=Courier New]Update for Microsoft .NET Framework 4 Client Profile (KB2600217)[/FONT]
[FONT=Courier New]Update for Microsoft .NET Framework 4 Extended (KB2468871)[/FONT]
[FONT=Courier New]Update for Microsoft .NET Framework 4 Extended (KB2533523)[/FONT]
[FONT=Courier New]Update for Microsoft .NET Framework 4 Extended (KB2600217)[/FONT]
[FONT=Courier New]Update for Microsoft Office 2007 Help for Common Features (KB963673)[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2494150)[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2553065)[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2566458)[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft Office Access 2007 Help (KB963663)[/FONT]
[FONT=Courier New]Update for Microsoft Office Excel 2007 Help (KB963678)[/FONT]
[FONT=Courier New]Update for Microsoft Office Infopath 2007 Help (KB963662)[/FONT]
[FONT=Courier New]Update for Microsoft Office OneNote 2007 Help (KB963670)[/FONT]
[FONT=Courier New]Update for Microsoft Office Outlook 2007 Help (KB963677)[/FONT]
[FONT=Courier New]Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft Office Powerpoint 2007 Help (KB963669)[/FONT]
[FONT=Courier New]Update for Microsoft Office Publisher 2007 Help (KB963667)[/FONT]
[FONT=Courier New]Update for Microsoft Office Script Editor Help (KB963671)[/FONT]
[FONT=Courier New]Update for Microsoft Office Word 2007 Help (KB963665)[/FONT]
[FONT=Courier New]VC80CRTRedist - 8.0.50727.6195[/FONT]
[FONT=Courier New]Video mp3 Extractor[/FONT]
[FONT=Courier New]VLC media player 1.1.4[/FONT]
[FONT=Courier New]Voxware Audio decoder 1.6[/FONT]
[FONT=Courier New]WebEx[/FONT]
[FONT=Courier New]Welcome Center[/FONT]
[FONT=Courier New]WIDCOMM Bluetooth Software[/FONT]
[FONT=Courier New]Win7codecs[/FONT]
[FONT=Courier New]Windows Live Communications Platform[/FONT]
[FONT=Courier New]Windows Live Essentials[/FONT]
[FONT=Courier New]Windows Live ID Sign-in Assistant[/FONT]
[FONT=Courier New]Windows Live Installer[/FONT]
[FONT=Courier New]Windows Live Mail[/FONT]
[FONT=Courier New]Windows Live MIME IFilter[/FONT]
[FONT=Courier New]Windows Live Movie Maker[/FONT]
[FONT=Courier New]Windows Live Photo Common[/FONT]
[FONT=Courier New]Windows Live Photo Gallery[/FONT]
[FONT=Courier New]Windows Live PIMT Platform[/FONT]
[FONT=Courier New]Windows Live SOXE[/FONT]
[FONT=Courier New]Windows Live SOXE Definitions[/FONT]
[FONT=Courier New]Windows Live Sync[/FONT]
[FONT=Courier New]Windows Live UX Platform[/FONT]
[FONT=Courier New]Windows Live UX Platform Language Pack[/FONT]
[FONT=Courier New]Windows Live Writer[/FONT]
[FONT=Courier New]Windows Live Writer Resources[/FONT]
[FONT=Courier New]WinRAR archiver[/FONT]
[FONT=Courier New]WinZip 14.5[/FONT]
[FONT=Courier New]Wisdom-soft Set up ScreenHunter 5.1 Free[/FONT]
[FONT=Courier New]Yahoo! Software Update[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]==== Event Viewer Messages From Past Week ========[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]5/26/2012 7:54:25 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.[/FONT]
[FONT=Courier New]5/26/2012 7:29:17 AM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).[/FONT]
[FONT=Courier New]5/26/2012 7:09:19 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-01D72DB4B8 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CA7B98B4-C4D7-4F55-B82D-B7. The master browser is stopping or an election is being forced.[/FONT]
[FONT=Courier New]5/26/2012 2:55:08 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.[/FONT]
[FONT=Courier New]5/26/2012 2:54:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL[/FONT]
[FONT=Courier New]5/26/2012 12:02:56 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]==== End Of File ===========================[/FONT]
[FONT=Courier New] [/FONT]
 
Questions:
A recent scan using Combofix did find and delete a dll called devil and the problem was remedied until the computer was rebooted at which point the issues returned.
Click to expand...

The Combofix log I requested was the one you ran on your own previously that you said found and removed an entry. The Combofix log you left is a new scan you ran AFTER the preliminary programs: ComboFix 12-05-28.01 - Peter 05/28/2012 6:16.10.2 - x86

Are you referring to this? ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\windows\system32\1229858041.dll


This is the only deletion I see and I can't identify it. This is also a new Combofix scan, not the one from 5/26

I see all of these entries:

2012-05-26 14:21:59 -------- d-s---w- C:\ComboFix29460C
2012-05-26 11:40:37 -------- d-----w- C:\ComboFix29482C
2012-05-26 11:34:12 -------- d-----w- C:\ComboFix231802C
2012-05-26 10:47:26 -------- d-----w- C:\ComboFix21380C
2012-05-25 12:00:58 -------- d-----w- C:\ComboFix2
============================================
Peter, I chased the IP you left around the internet. After passing through numerous domains on the way, it resolved at Beyond The Network America, Inc.>> BTNA>> Torrent site >> µTorrent

You did not tell me whether the block was for incoming or outgoing, but either way, since you hve uTorrent on the system, I suspect the attempt to access was from something related to the file sharing.
----------------
I am going to remove entries you have for the HiGames Toolbar. This is a Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality. You will also need to look in Add/Remove Programs and uninstall the entry for the Conduit Engine if there is one.
---------------
Advise uninstall registry cleaner. We don't recommends registry cleaners to anyone. The risk is greater than any small benefit you may get>
TweakNow PowerPack 2011
TweakNow RegCleaner
TweakNow RegCleaner 2011
2011-02-27 00:14:39 7808600 ----a-w- c:\program files\PowerPack3.exe
2011-02-27 00:13:20 5404768 ----a-w- c:\program files\RegCleaner603.exe
=============================================
You have a lot of security running in the background. That will make it difficult to get an accurate scan. In addition of having 2 of the following installed>
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
You also have:
Spybot - Search & Destroy
SUPERAntiSpyware
Trojan Remover 6.8.2
=========================================
Please run this Custom CFScript:
[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
DDS::
uURLSearchHooks: HiGames Toolbar: {64d23501-5195-4224-9446-e2b0fb64e859} - c:\program files\higames\tbHiGa.dll
mURLSearchHooks: HiGames Toolbar: {64d23501-5195-4224-9446-e2b0fb64e859} - c:\program files\higames\tbHiGa.dll
BHO: HiGames Toolbar: {64d23501-5195-4224-9446-e2b0fb64e859} - c:\program files\higames\tbHiGa.dll
TB: HiGames Toolbar: {64d23501-5195-4224-9446-e2b0fb64e859} - c:\program files\higames\tbHiGa.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64d23501-5195-4224-9446-e2b0fb64e859}"=-
[HKEY_CLASSES_ROOT\clsid\{64d23501-5195-4224-9446-e2b0fb64e859}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64d23501-5195-4224-9446-e2b0fb64e859}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{64d23501-5195-4224-9446-e2b0fb64e859}"=-
[HKEY_CLASSES_ROOT\clsid\{64d23501-5195-4224-9446-e2b0fb64e859}]
Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Do you know what either of these registry entries are for?

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\NoMoreTime\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 19:56 981680 ----a-w- c:\program files\NoMoreTime\mbam.exe
Click to expand...
===================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
========================================
You should look into this setting:
Possible cause of crash: 5/26/2012 12:02:56 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
=============================================
 
The ESET scan detected the following:

C:\Users\Peter\AppData\Local\temp\hdF7B7.tmp probably unknown NewHeur_PE virus

I unistalled the HiGames program -- upon doing so while I still receive the malicious URL loading message from Kaspersky Windows Explorer no longer closes and reopens any longer.

I created the wordpad txt file but when Comfix opens I receive the following message approximately half way through the loading process::

Error opening site for writing: c:\32788R22FWJFW\pev.3XE

I have also uninstalled all registry cleaners and AV programs other than Kaspersky.

Appears we are making some progress -- let me know what you would like me to do next.

Thanks,
Peter
 
This is the log for the CF scan I conducted on 5/25 and which I had enabled to remove any infections.

After this, for the nearly 12 hours I had the computer running there were no further warnings from Kaspersky or WE shutdowns. Upon rebooting, however, the intrusions recurred.

ComboFix 12-05-25.02 - Peter 05/25/2012 8:03.7.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1720 [GMT -4:00]
Running from: c:\users\Peter\Downloads\ComboFix2.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Peter\Documents\~WRL0001.tmp
c:\users\Peter\Documents\~WRL0003.tmp
c:\users\Peter\Documents\~WRL1669.tmp
c:\users\Peter\Documents\~WRL3057.tmp
c:\users\Peter\g2mdlhlpx.exe
c:\windows\system32\avisynth.dll
c:\windows\system32\devil.dll
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-25 12:16 . 2012-05-25 12:16 -------- d-----w- c:\users\Peter\AppData\Local\temp
2012-05-25 12:16 . 2012-05-25 12:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-25 12:16 . 2012-05-25 12:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-25 12:16 . 2012-05-25 12:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-25 12:09 . 2012-05-25 12:09 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A98B41E2-3CD0-436E-857D-6C3F85B85985}\offreg.dll
2012-05-25 11:16 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A98B41E2-3CD0-436E-857D-6C3F85B85985}\mpengine.dll
2012-05-17 11:42 . 2012-05-17 11:42 -------- d-----w- c:\programdata\RemoteAutomator
2012-05-17 11:42 . 2012-05-17 11:42 -------- d-----w- c:\program files\RemoteAutomator
2012-05-09 21:01 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 21:01 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 21:01 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 21:01 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 21:01 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 21:01 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-04-25 16:31 . 2012-04-25 16:31 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 16:31 . 2012-04-25 16:31 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 16:31 . 2012-04-25 16:31 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:39 . 2012-03-29 22:59 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:39 . 2011-05-13 13:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-09 00:21 . 2010-08-16 11:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2010-12-03 22:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 14:00 . 2012-04-13 11:20 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2012-03-01 05:46 . 2012-04-13 01:17 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-13 01:17 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-13 01:17 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 01:17 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-13 01:29 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-13 01:29 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 01:29 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-13 01:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-27 00:14 . 2011-02-27 00:14 7808600 ----a-w- c:\program files\PowerPack3.exe
2011-02-27 00:13 . 2011-02-27 00:13 5404768 ----a-w- c:\program files\RegCleaner603.exe
2010-08-19 16:59 . 2010-08-19 16:59 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
2012-04-25 16:31 . 2011-03-24 10:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64d23501-5195-4224-9446-e2b0fb64e859}"= "c:\program files\HiGames\tbHiGa.dll" [2009-10-27 2325528]
.
[HKEY_CLASSES_ROOT\clsid\{64d23501-5195-4224-9446-e2b0fb64e859}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64d23501-5195-4224-9446-e2b0fb64e859}]
2009-10-27 15:45 2325528 ----a-w- c:\program files\HiGames\tbHiGa.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{64d23501-5195-4224-9446-e2b0fb64e859}"= "c:\program files\HiGames\tbHiGa.dll" [2009-10-27 2325528]
"{583F8E79-0A89-4EBA-9DE2-479E57F64506}"= "c:\users\Peter\Documents\AP_Rewards_AutoEARN\aanpb.dll" [2010-04-26 333192]
.
[HKEY_CLASSES_ROOT\clsid\{64d23501-5195-4224-9446-e2b0fb64e859}]
.
[HKEY_CLASSES_ROOT\clsid\{583f8e79-0a89-4eba-9de2-479e57f64506}]
[HKEY_CLASSES_ROOT\Loader.MToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{E6BDE3C5-7B88-43b4-AB35-8EEEAB2CED76}]
[HKEY_CLASSES_ROOT\Loader.MToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-08-19 16:59 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"aanpm"="c:\users\Peter\Documents\AP_Rewards_AutoEARN\aanpt.exe" [2010-04-26 574856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-23 740216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-06 7703072]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-08-06 3575808]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 421888]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2011-03-21 340520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\NoMoreTime\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SYNND RemoteAutomator.lnk - c:\program files\RemoteAutomator\AppStart.exe [2012-5-17 28480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-06-26 17:05 568072 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=
backup=c:\windows\pss\CaptureWiz.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aanpm]
2010-04-26 23:10 574856 ----a-w- c:\users\Peter\Documents\AP_Rewards_AutoEARN\aanpt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-07-28 13:10 1406824 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\NoMoreTime\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 19:56 981680 ----a-w- c:\program files\NoMoreTime\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-01-13 15:41 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2010-11-24 20:26 1233856 ----a-w- c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-02-23 11:11 740216 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
2010-08-08 01:40 5324800 ----a-w- c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-19 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
R4 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-08-06 3453440]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMService;MBAMService;c:\program files\NoMoreTime\mbamservice.exe [2012-04-04 654408]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-07 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-07 42144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:39]
.
2012-05-25 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-06-29 17:37]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} - hxxp://www2.stlu.com/plugins/Plugin0501.0125/streetnoagent7.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://msx.mlxchange.com/5.5.07.24643/Control/IRCSharc.cab
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-25 08:20:04
ComboFix-quarantined-files.txt 2012-05-25 12:20
ComboFix2.txt 2011-08-05 13:31
ComboFix3.txt 2010-12-04 11:25
ComboFix4.txt 2010-11-28 18:34
ComboFix5.txt 2012-05-25 12:01
.
Pre-Run: 59,617,644,544 bytes free
Post-Run: 59,309,076,480 bytes free
.
- - End Of File - - 8B8C609852213C5232D40C2FB91DDCDB
 
These 2 files removed in the first Combofix appear to be related to Doom9, but since I don't know the download source for the files, I will respect their removal.

Tell me please whether Kaspersky is blocking a site coming from the internet and trying to access the system>>or the reverse<<<< it is blocking something on your system trying to access the site on the internet.

When you rebooted, it sounds like a driver or Service was restarted by whatever it is coming from.
=============================================
I created the wordpad txt file but when Comfix opens I receive the following message approximately half way through the loading process::
Click to expand...

CFFix Directions:
Please run this Custom CFScript:
[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
Click to expand...
Save this as CFScript.txt, in the same location as ComboFix.exe
Click to expand...

Please delete the Wordpad file and redo the script using Notepad.
 
These 2 files removed in the first Combofix appear to be related to Doom9, but since I don't know the download source for the files, I will respect their removal.

Tell me please whether Kaspersky is blocking a site coming from the internet and trying to access the system>>or the reverse<<<< it is blocking something on your system trying to access the site on the internet.

When you rebooted, it sounds like a driver or Service was restarted by whatever it is coming from.
=============================================
I created the wordpad txt file but when Comfix opens I receive the following message approximately half way through the loading process::
Click to expand...

CFFix Directions:
Please run this Custom CFScript:
[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
Click to expand...
Save this as CFScript.txt, in the same location as ComboFix.exe
Click to expand...

Please delete the Wordpad file and redo the script using Notepad.
 
Bobbye said:
These 2 files removed in the first Combofix appear to be related to Doom9, but since I don't know the download source for the files, I will respect their removal.

Tell me please whether Kaspersky is blocking a site coming from the internet and trying to access the system>>or the reverse<<<< it is blocking something on your system trying to access the site on the internet.

When you rebooted, it sounds like a driver or Service was restarted by whatever it is coming from.
=============================================


CFFix Directions:



Please delete the Wordpad file and redo the script using Notepad.
Click to expand...


I received the same error message as before using Notepad. Tried cutting and pasting the script and opening CF 3 different times but receive the error message each time.
 
<<Tell me please whether Kaspersky is blocking a site coming from the internet and trying to access the system>>or the reverse<<<< it is blocking something on your system trying to access the site on the internet.>>

I'm assuming Kaspersky is blocking a site coming from the internet -- but am unsure how to confirm this. Where would that information be?
 
One of the reasons we try to tell users not to run some scans on their own is simply because the basics aren't don't right:

Both of the Combofix logs you left show:
Running from: c:\users\Peter\Downloads\ComboFix2.exe
Running from: c:\users\Peter\Downloads\ComboFix.exe
Click to expand...

But the Combofix directions instruct you to:
Download Combofix from HERE or HERE and save to the desktop
Click to expand...


  • And the script directs you to:
    Save this as CFScript.txt, in the same location as ComboFix.exe
    Click to expand...

    The drag and drop script simply won't work unless you do this.
    ======================================================
    You can choose a location on your computer where downloads should be saved by default. This means that whenever you using Save As in the File> Save As or when you choose to Save a download, it will automatically default to the location you have set/

    You may find that setting the Default Download Location to your Desktop the most convenient. If you want to move the file later, you can. If you want to delete the file, it will be most handy on the Desktop. For the cleaning and scanning programs we use, almost all are directed to be saved to the desktop.


    Set Default Download Location in Browsers:

    Chrome:
    Open Chrome> Customize and control> Options> Under the Hood> Downloads> Change> Select Desktop> OK
    (Don't check 'ask where to save each time....')

    Firefox:
    Open Firefox> Tools> Options> Main/General> Downloads Section> Save Files to> Browse> Navigate to and select Desktop> OK

    IE9
    Open IE> Gear icon> View Downloads> Options> Browse to and select Desktop> OK

    There may be a slight difference in the path dependent on the browser version. There may also be a box to check to "Ask me the location each time". I do not asvise checking that box.
    ============================================
    After you have set the default download location: Uninstall Combofix>
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Manually delete the excess Combofix folders:
    2012-05-26 14:21:59 -------- d-s---w- C:\ComboFix29460C
    2012-05-26 11:40:37 -------- d-----w- C:\ComboFix29482C
    2012-05-26 11:34:12 -------- d-----w- C:\ComboFix231802C
    2012-05-26 10:47:26 -------- d-----w- C:\ComboFix21380C
    2012-05-25 12:00:58 -------- d-----w- C:\ComboFix2
    Click to expand...
    ============================================
    Reboot the computer.
    ============================================

    • Download Combofix from HERE or HEREand save to the desktop
      • Double click combofix.exe
        cf-icon.jpg
        & follow the prompts.
      • If prompted for Recovery Console, please allow.
      • Once installed, you should see a blue screen prompt that says:
        The Recovery Console was successfully installed.
        Click to expand...
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • Close any open browsers.
    • Before you run the Combofix scan, please disable any security software you have running.
      (If you need help with this, please see HERE)
    • Click on Yes, to continue scanning for malware
    • If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.

    Please leave this new log from the new download. I will write new script after I review it.
    ==================================================
    I'm assuming Kaspersky is blocking a site coming from the internet
    Click to expand...

    Never assume- especially when it comes to malware! From the Kaspersky PDF Manual:
    Kaspersky Safe Surf warns the user about a dangerous URL before following the link to that address. Subsequently it may block any connection to it.
    Click to expand...

    Please review the information HERE.

    And here: Link embedded. What is Kaspersky URL Advisor in Kaspersky Internet Security 2012?
 
NOTE: After running CF scan, windows began shutting down and restarting each time malicious URL message flashed.

ComboFix 12-05-30.04 - Peter 05/30/2012 16:05:38.11.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1687 [GMT -4:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
Command switches used :: c:\users\Peter\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\11153315241.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-30 20:16 . 2012-05-30 20:17 -------- d-----w- c:\users\Peter\AppData\Local\temp
2012-05-30 20:16 . 2012-05-30 20:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-30 20:16 . 2012-05-30 20:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-30 20:16 . 2012-05-30 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-29 14:24 . 2012-05-29 14:24 -------- d-----w- c:\users\Peter\AppData\Roaming\SUPERAntiSpyware.com
2012-05-29 14:23 . 2012-05-29 14:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-29 11:22 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BAE9A0A-5C89-43B5-BE19-958E7A4BC1DC}\mpengine.dll
2012-05-28 17:11 . 2012-05-29 11:45 -------- d-----w- C:\sh4ldr
2012-05-28 17:11 . 2012-05-28 17:11 -------- d-----w- c:\program files\Enigma Software Group
2012-05-28 17:09 . 2012-05-29 11:45 -------- d-----w- c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-05-26 23:36 . 2012-05-26 23:36 -------- d-----w- c:\program files\Trend Micro
2012-05-26 22:31 . 2012-05-26 22:31 -------- d-----w- c:\program files\Common Files\Java
2012-05-26 22:29 . 2012-05-26 22:29 -------- d-----w- c:\program files\Oracle
2012-05-26 22:28 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-26 12:30 . 2012-05-26 12:30 -------- d-----w- c:\program files\ESET
2012-05-17 11:42 . 2012-05-26 18:58 -------- d-----w- c:\program files\RemoteAutomator
2012-05-17 11:42 . 2012-05-26 18:58 -------- d-----w- c:\programdata\RemoteAutomator
2012-05-09 21:01 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 21:01 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 21:01 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 21:01 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 21:01 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 21:01 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:39 . 2012-03-29 22:59 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:39 . 2011-05-13 13:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2010-08-16 11:32 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-26 14:00 . 2012-04-13 11:20 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2011-02-27 00:14 . 2011-02-27 00:14 7808600 ----a-w- c:\program files\PowerPack3.exe
2011-02-27 00:13 . 2011-02-27 00:13 5404768 ----a-w- c:\program files\RegCleaner603.exe
2010-08-19 16:59 . 2010-08-19 16:59 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
2012-04-25 16:31 . 2011-03-24 10:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-08-19 16:59 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-06 7703072]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-08-06 3575808]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 421888]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2011-03-21 340520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-06-26 17:05 568072 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=
backup=c:\windows\pss\CaptureWiz.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-07-28 13:10 1406824 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 16:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
2010-08-08 01:40 5324800 ----a-w- c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-19 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
R4 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-08-06 3453440]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-07 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-07 42144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:39]
.
2012-05-30 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-06-29 17:37]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-05-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 60fc887a-e1bc-430b-8168-7cc7eb16481f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-05-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c06bd2ec-6f4c-4c57-9272-dde63d1a23fb.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} - hxxp://www2.stlu.com/plugins/Plugin0501.0125/streetnoagent7.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://msx.mlxchange.com/5.5.07.24643/Control/IRCSharc.cab
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\NoMoreTime\mbamgui.exe
MSConfigStartUp-Malwarebytes' Anti-Malware (reboot) - c:\program files\NoMoreTime\mbam.exe
MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-30 16:20:32
ComboFix-quarantined-files.txt 2012-05-30 20:20
ComboFix2.txt 2012-05-28 10:30
.
Pre-Run: 74,164,588,544 bytes free
Post-Run: 74,176,921,600 bytes free
.
- - End Of File - - 1C763FECA0E25602AE79F6ED6E921318
 
Peter, I'm spending more time going back over directions for scans with you:

Combofix clearly instructs you to shut down the security before you run the scan. But the current Combofix shows:
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

I also left 2 links for you to review regarding the Kaspersky blocking- you don't mention them. We have gotten to the point where Explorer doesn't crash when the link is blocked, but I still have no more informtion about what's is actually happening..

You're gone to a site for Enigma- all of their home sites are rated RED by site advisors. That means they are bad sites. You've gotten this:
2012-05-28 17:11 . 2012-05-29 11:45 -------- d-----w- C:\sh4ldr
2012-05-28 17:11 . 2012-05-28 17:11 -------- d-----w- c:\program files\Enigma Software Group
2012-05-28 17:09 . 2012-05-29 11:45 -------- d-----w- c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP

This is a sign of the rogue Windows Security 2011.

My guidelines clearly say:
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you.
Click to expand...

And you have added these to your scheduled tasks:
2012-05-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 60fc887a-e1bc-430b-8168-7cc7eb16481f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-05-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c06bd2ec-6f4c-4c57-9272-dde63d1a23fb.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
Click to expand...
==============================================
I'm going to close this thread as I don't think anything is being accomplished. Please review the links I left for Kaspersky to you will be able to determine more clearly what is being done.
============================================

Remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
    [o] Click START> then RUN
    [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
    [o] Double click OTCleanIt.exe.
    [o] Click the CleanUp! button.
    [o] If you are prompted to Reboot during the cleanup, select Yes.
    [o]The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  • Set a new, clean Restore Point
    [o] Click on Start> right click on Computer> Properties
    [o] Select System Protection
    [o] Click on the Create button (near bottom)
    [o] Type a name for the Restore Point
    [o] Click on Create again to save the restore point.
  • Deleting all but the most recent System Protection point in Windows 7
    [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
    [o] Click Disk Cleanup from there.
    image2.png

    [o] Click Clean up system files
    This restarts Disk Cleanup to run in elevated mode.
    [o] Click the More Options tab
    w7-srp2.png

    [o] Click the Clean up under System Restore and Shadow Copies.
    [o] Click OK.
    [o] You will get a confirmation screen> Just click Delete.
    [o] Click OK on the Disk Cleanup Screen.
    [o] Click Delete Files on the Confirmation screen.
image6.png

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin
 
Status
Not open for further replies.

Similar threads

B
Inactive Windows shuts down in 1 minute - Virus?
2 3 4
Replies
75
Views
11K
Broni
Broni
S
  • Locked
Inactive Viruses on Windows Vista PC
2 3
Replies
53
Views
9K
Broni
Broni
L
  • Locked
[Closed] System Check Malware / Windows Security Malware
Replies
1
Views
3K
Broni
Broni

Latest posts

Back