Hi Spybot team,


Since about a month ago, clicking on search results from Google redirects me to either a 'continue' button or some random search engine. Happens most (but not all) of the time and if I keep opening the link, it eventually gets through. I have performed full scans with Kaspersky as well as Spybot S&D. Kaspersky turned up clean while Spybot found some red items which I ran the 'fix it' option on. New scans on both are now clean, however the original problem persists. Further, I have been having problems connecting to the Spybot website today and only managed to reach this forum via other links.

My OS is Windows 7 and default browser is Firefox. I have ran ERUNT and below are DDS logs as per instructions in the 'Before you post' thread.

Your help in fixing this problem will be greatly appreciated.


Thanks in advance,



Edmond




DDS (Ver_10-11-01.01) - NTFSx86
Run by Edmond at 15:56:43.71 on 03/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.950.852.1033.18.2046.1157 [GMT 11:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Seagate Manager\Sync\FreeAgentService.exe
D:\Hamachi\hamachi-2.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nakido\nakido.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system\HsMgr.exe
D:\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\iTune\iTunesHelper.exe
C:\Program Files\ASUS Xonar D2 Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Program Files\Opera\opera.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Edmond\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.2345.com/?271011
uInternet Settings,ProxyOverride = *.local
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - d:\kaspersky internet security 2011\ievkbd.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - d:\megaupload manager\MegaIEMn.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\java\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - d:\kaspersky internet security 2011\klwtbbho.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON TX300F Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiejp.exe /fu "c:\windows\temp\E_SB9A.tmp" /EF "HKCU"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [msconfg] c:\program files\coopen\Coopen.exe
mRun: [UpdateLBPShortCut] "d:\cyberlink\labelprint\muitransfer\muistartmenu.exe" "d:\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "d:\cyberlink\power2go\muitransfer\muistartmenu.exe" "d:\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePPShortCut] "d:\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "d:\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "d:\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "d:\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
mRun: [Cmaudio8788GX] c:\windows\system\HsMgr.exe Envoke
mRun: [AVP] "d:\kaspersky internet security 2011\avp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "d:\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\itune\iTunesHelper.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
StartupFolder: c:\users\edmond\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - d:\kaspersky internet security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - d:\kaspersky internet security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - d:\kaspersky internet security 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {5AA3F36C-3FBB-4020-9E94-CA99044AEA85} = 198.142.0.51,93.188.166.72
TCP: {E1739C79-D875-4970-A773-8F4BD0A4B1A2} = 208.67.220.220,208.67.222.222
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: d:\kasper~2\mzvkbd3.dll,d:\kasper~2\kloehk.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\edmond\appdata\roaming\mozilla\firefox\profiles\s3j0eesw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\users\edmond\appdata\roaming\mozilla\firefox\profiles\s3j0eesw.default\extensions\glasser@sixxgate.com\components\dwmxpcom.dll
FF - component: d:\firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: d:\firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: d:\firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: d:\firefox\plugins\npwachk.dll
FF - plugin: d:\itune\mozilla plugins\npitunes.dll
FF - plugin: d:\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\java\bin\new_plugin\npjp2.dll
FF - plugin: d:\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
d:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
d:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
d:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
d:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
d:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
d:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
d:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-11-3 22104]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-9-8 176128]
R2 AVP;Kaspersky Anti-Virus Service;d:\kaspersky internet security 2011\avp.exe -r --> d:\kaspersky internet security 2011\avp.exe -r [?]
R2 FreeAgentGoNext Service;Seagate Service;d:\seagate manager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\hamachi\hamachi-2.exe -s --> d:\hamachi\hamachi-2.exe -s [?]
R2 Nakido;Nakido;c:\program files\nakido\nakido.exe [2010-5-23 333312]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-9-13 5120]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-9-8 6381056]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-9-8 221696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-8-16 101904]
R3 cmudaxp;ASUS Xonar D2 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2010-6-28 1497600]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-9-4 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;d:\spybot - search & destroy\spybot - search & destroy\SDWinSec.exe [2010-3-29 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 25112]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-9-4 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-9-4 120744]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-14 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2010-10-29 07:47:28 -------- d-----w- c:\progra~2\PPREGMSG
2010-10-29 07:43:41 -------- d-----w- c:\users\edmond\appdata\local\Penpower
2010-10-29 07:42:58 59920 ------w- c:\windows\system32\ppadapi.dll
2010-10-29 07:42:58 137744 ------w- c:\windows\system32\PPWORDW.DLL
2010-10-29 07:42:47 -------- d-----w- c:\progra~2\WINPENJR
2010-10-29 07:42:33 -------- d-----w- c:\program files\WINPENJR
2010-10-26 23:40:45 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-26 23:40:45 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-26 23:40:44 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-26 23:40:44 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-26 23:40:39 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-21 12:42:54 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-10-21 12:40:40 -------- d-----w- c:\users\edmond\appdata\local\Opera
2010-10-21 01:01:00 -------- d-----w- c:\windows\en
2010-10-21 01:00:39 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-21 01:00:08 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-21 00:57:28 -------- d-----w- c:\program files\MSN Toolbar
2010-10-21 00:57:09 -------- d-----w- c:\program files\Bing Bar Installer
2010-10-21 00:56:10 469256 ----a-w- c:\program files\common files\windows live\.cache\bf20315c1cb70ba14\InstallManager_WLE_WLE.exe
2010-10-21 00:56:07 15712 ----a-w- c:\program files\common files\windows live\.cache\be2747ae1cb70ba13\MeshBetaRemover.exe
2010-10-21 00:55:55 94040 ----a-w- c:\program files\common files\windows live\.cache\b65be2dd1cb70ba12\DSETUP.dll
2010-10-21 00:55:55 525656 ----a-w- c:\program files\common files\windows live\.cache\b65be2dd1cb70ba12\DXSETUP.exe
2010-10-21 00:55:55 1691480 ----a-w- c:\program files\common files\windows live\.cache\b65be2dd1cb70ba12\dsetup32.dll
2010-10-21 00:55:52 94040 ----a-w- c:\program files\common files\windows live\.cache\b509539c1cb70ba11\DSETUP.dll
2010-10-21 00:55:52 525656 ----a-w- c:\program files\common files\windows live\.cache\b509539c1cb70ba11\DXSETUP.exe
2010-10-21 00:55:52 1691480 ----a-w- c:\program files\common files\windows live\.cache\b509539c1cb70ba11\dsetup32.dll
2010-10-21 00:55:15 6260088 ----a-w- c:\program files\common files\windows live\.cache\9e63f6c11cb70ba0d\Silverlight.4.0.exe
2010-10-21 00:54:49 -------- d-----w- c:\users\edmond\appdata\local\Windows Live
2010-10-21 00:54:14 3181568 ----a-w- c:\windows\system32\mf.dll
2010-10-21 00:54:14 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-21 00:54:13 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-10 07:14:01 -------- d-----w- c:\program files\Microsoft XNA
2010-10-09 08:27:11 -------- d-----w- c:\program files\common files\ATI Technologies
2010-10-09 08:25:22 -------- d-----w- c:\program files\ATI Technologies
2010-10-09 08:25:20 -------- d-----w- c:\program files\ATI
2010-10-09 08:15:50 -------- d-----w- C:\AMD

==================== Find3M ====================

2010-09-22 13:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 13:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 03:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-08 01:55:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-09-08 01:55:10 528384 ----a-w- c:\windows\system32\aticfx32.dll
2010-09-08 01:52:04 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-09-08 01:51:32 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-09-08 01:51:02 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-09-08 01:50:30 15830016 ----a-w- c:\windows\system32\atioglxx.dll
2010-09-08 01:49:52 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-09-08 01:49:36 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-09-08 01:49:24 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-09-08 01:49:18 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-09-08 01:49:10 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-09-08 01:46:10 3914240 ----a-w- c:\windows\system32\atidxx32.dll
2010-09-08 01:28:28 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-09-08 01:28:18 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-09-08 01:28:06 4057088 ----a-w- c:\windows\system32\atiumdag.dll
2010-09-08 01:27:02 4375552 ----a-w- c:\windows\system32\aticaldd.dll
2010-09-08 01:24:52 65536 ----a-w- c:\windows\system32\coinst.dll
2010-09-08 01:21:16 3392512 ----a-w- c:\windows\system32\atiumdva.dll
2010-09-08 01:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 01:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 01:15:26 241664 ----a-w- c:\windows\system32\atiadlxx.dll
2010-09-08 01:15:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-09-08 01:15:08 19968 ----a-w- c:\windows\system32\atigktxx.dll
2010-09-08 01:14:16 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-09-08 01:14:02 28160 ----a-w- c:\windows\system32\atiu9pag.dll
2010-09-08 01:08:28 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-09-08 01:08:28 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 16:00:16.00 ===============

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Sorry for the delay but the forums are real busy.


c:\program files\nakido <--File Sharing, not a good idea, this may be why you got infected, your downloading that file from an unknown source and some contain malware. I am going to ask you to read before you post and there is info about file sharing and would like you to uninstall this program.


Lets take a deeper look into your system

Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.





Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Hi Ken,


Appreciate your reply during a busy time.

As per instructions, Nakido has been uninstalled. It was initially installed to download a file and has never been used since. Now that I know it is a source of infection, I will not be using it in the future either.

GMER Rootkit scan was performed. Results from the third scan is attached below. The first scan resulted in a blue screen crash with the following information:

Technical Information:

STOP: 0X00000050 (0X99316320, 0X00000000, 0X9F103ADI, 0X00000002)
xDva344.sys - Address 9F103AD1 basechat 9F102000, Datestamp 4bb195e3

After the second attempt, the computer stopped responding (mouse was working but no response to clicks for over 10 minutes) when I tried to copy the scan results.

After restarting, the third scan was set up to run overnight.

_____________________________________

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-12 10:58:45
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAKS-75L9A0 rev.01.03E01
Running: gmer.exe; Driver: C:\Users\Edmond\AppData\Local\Temp\awryypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8FE37D50]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8FE39F8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8FE3A208]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8FE3A47E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8FE38664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8FE39498]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8FE399E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8FE38940]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8FE398C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8FE3793E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8FE3979C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8FE37AE6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8FE39B02]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8FE382EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8FE383E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x8FE3A6C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8FE39832]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8FE3B1F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x8FE38DC2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8FE3C3FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8FE38BD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8FE3B2E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8FE3BA4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8FE39A78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8FE386E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8FE39958]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8FE37F8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8FE3B7E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8FE39B98]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8FE37E7E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8FE3A782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8FE3BD84]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8FE3B676]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x8FE365F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8FE39EFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8FE39DC2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8FE3AF8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x8FE36970]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8FE3C2A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x8FE36590]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8FE391DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8FE38506]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8FE3A824]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8FE3B480]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8FE3BED4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8FE3BFC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8FE3C100]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8FE3B114]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8FE38134]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8FE3808A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8FE3BC28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8FE38220]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E58599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 220 82E84730 4 Bytes [50, 7D, E3, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82E84758 8 Bytes [8E, 9F, E3, 8F, 08, A2, E3, ...] {MOV DS, [EDI-0x5df7701d]; JECXZ 0xffffffffffffff97}
.text ntkrnlpa.exe!RtlSidHashLookup + 28C 82E8479C 4 Bytes [7E, A4, E3, 8F] {JLE 0xffffffffffffffa6; JECXZ 0xffffffffffffff93}
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82E847C8 4 Bytes [64, 86, E3, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82E847EC 4 Bytes [98, 94, E3, 8F] {CWDE ; XCHG ESP, EAX; JECXZ 0xffffffffffffff93}
.text ...
? System32\Drivers\spag.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90C03000, 0x34203C, 0xE8000020]
.text USBPORT.SYS!DllUnload 903A3CA0 5 Bytes JMP 86C5B1D8
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 DA41E000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 DA41E123 629 Bytes [95, 41, DA, FE, 05, 34, 95, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 DA41E399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F DA41E3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B DA41E4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

? D:\Kaspersky Internet Security 2011\avp.exe[1844] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? D:\Kaspersky Internet Security 2011\avp.exe[1844] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text D:\Kaspersky Internet Security 2011\avp.exe[1844] USER32.dll!NotifyWinEvent + 48B 7711F724 4 Bytes [E0, 13, 46, 6C] {LOOPNZ 0x15; INC ESI; INSB }
.text C:\Users\Edmond\Desktop\gmer.exe[2524] ole32.dll!CoCreateInstance 76CB590C 5 Bytes JMP 1000A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Users\Edmond\Desktop\gmer.exe[2524] ole32.dll!CoCreateInstanceEx 76CB594F 5 Bytes JMP 1000A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text D:\iTune\iTunesHelper.exe[2572] ole32.dll!CoCreateInstance 76CB590C 5 Bytes JMP 002EA390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text D:\iTune\iTunesHelper.exe[2572] ole32.dll!CoCreateInstanceEx 76CB594F 5 Bytes JMP 002EA4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3392] ole32.dll!CoCreateInstance 76CB590C 5 Bytes JMP 1000A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3392] ole32.dll!CoCreateInstanceEx 76CB594F 5 Bytes JMP 1000A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3424] ole32.dll!CoCreateInstance 76CB590C 5 Bytes JMP 1000A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3424] ole32.dll!CoCreateInstanceEx 76CB594F 5 Bytes JMP 1000A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Windows\system\HsMgr.exe[3432] ole32.dll!CoCreateInstance 76CB590C 5 Bytes JMP 1000A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Windows\system\HsMgr.exe[3432] ole32.dll!CoCreateInstanceEx 76CB594F 5 Bytes JMP 1000A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
? D:\Kaspersky Internet Security 2011\avp.exe[3568] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? D:\Kaspersky Internet Security 2011\avp.exe[3568] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text D:\Kaspersky Internet Security 2011\avp.exe[3568] USER32.dll!NotifyWinEvent + 48B 7711F724 4 Bytes [E0, 13, 46, 6C] {LOOPNZ 0x15; INC ESI; INSB }

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85A531F8
Device \Driver\sptd \Device\1734620778 spag.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{5AA3F36C-3FBB-4020-9E94-CA99044AEA85} 86AF7500
Device \Driver\volmgr \Device\VolMgrControl 85A4F1F8
Device \Driver\usbuhci \Device\USBPDO-0 86C5E1F8
Device \Driver\usbuhci \Device\USBPDO-1 86C5E1F8
Device \Driver\usbuhci \Device\USBPDO-2 86C5E1F8
Device \Driver\usbehci \Device\USBPDO-3 86C5D500
Device \Driver\usbuhci \Device\USBPDO-4 86C5E1F8

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device \Driver\usbuhci \Device\USBPDO-5 86C5E1F8
Device \Driver\usbuhci \Device\USBPDO-6 86C5E1F8
Device \Driver\PCI_PNP0777 \Device\00000057 spag.sys
Device \Driver\volmgr \Device\HarddiskVolume1 85A4F1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 86C5D500
Device \Driver\volmgr \Device\HarddiskVolume2 85A4F1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 86AB51F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85A511F8
Device \Driver\atapi \Device\Ide\IdePort0 85A511F8
Device \Driver\atapi \Device\Ide\IdePort1 85A511F8
Device \Driver\atapi \Device\Ide\IdePort2 85A511F8
Device \Driver\atapi \Device\Ide\IdePort3 85A511F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85A511F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-4 85A511F8
Device \Driver\cdrom \Device\CdRom1 86AB51F8
Device \Driver\volmgr \Device\HarddiskVolume3 85A4F1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 86AF7500
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device \Driver\usbuhci \Device\USBFDO-0 86C5E1F8
Device \Driver\usbuhci \Device\USBFDO-1 86C5E1F8
Device \Driver\usbuhci \Device\USBFDO-2 86C5E1F8
Device \Driver\usbehci \Device\USBFDO-3 86C5D500
Device \Driver\usbuhci \Device\USBFDO-4 86C5E1F8
Device \Driver\usbuhci \Device\USBFDO-5 86C5E1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E1739C79-D875-4970-A773-8F4BD0A4B1A2} 86AF7500
Device \Driver\usbuhci \Device\USBFDO-6 86C5E1F8
Device \Driver\usbehci \Device\USBFDO-7 86C5D500
Device \Driver\a2jr8kfg \Device\Scsi\a2jr8kfg1 86D091F8
Device \Driver\a2jr8kfg \Device\Scsi\a2jr8kfg1Port4Path0Target0Lun0 86D091F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Daemon Tools\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5D 0x7B 0x91 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0x4E 0xFC 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD4 0x66 0x35 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Daemon Tools\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5D 0x7B 0x91 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0x4E 0xFC 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD4 0x66 0x35 0x7D ...

---- EOF - GMER 1.0.15 ----

_______________________________________

OTL scan is attached below

_______________________________

OTL logfile created on: 12/11/2010 2:41:32 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Edmond\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63.72 Gb Total Space | 7.53 Gb Free Space | 11.82% Space Free | Partition Type: NTFS
Drive D: | 234.37 Gb Total Space | 39.00 Gb Free Space | 16.64% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 906.30 Gb Free Space | 64.86% Space Free | Partition Type: NTFS

Computer Name: EDMOND-PC | User Name: Edmond | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Edmond\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\iTune\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - D:\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - D:\Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\ASUS Xonar D2 Audio\Customapp\AsusAudioCenter.exe (CMedia)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - D:\Seagate Manager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - D:\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\system\HsMgr.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Edmond\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\system\HsSrv.dll (C-Media Electronics Inc.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dsound.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AVP) -- D:\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Hamachi2Svc) -- D:\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (FreeAgentGoNext Service) -- D:\Seagate Manager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- D:\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (XDva365) -- C:\Windows\System32\XDva365.sys File not found
DRV - (XDva344) -- C:\Windows\System32\XDva344.sys File not found
DRV - (DgiVecp) -- C:\Windows\System32\Drivers\DgiVecp.sys File not found
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation)
DRV - (atapi) -- C:\Windows\system32\DRIVERS\atapi.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys ()
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (cmudaxp) -- C:\Windows\System32\drivers\cmudaxp.sys (C-Media Inc)
DRV - (LVUVC) Logitech QuickCam Pro 9000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (s116mdm) -- C:\Windows\System32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\Windows\System32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\Windows\System32\drivers\s116bus.sys (MCCI Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 00 BD F4 64 AF CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: glasser@sixxgate.com:3.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.4
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12
FF - prefs.js..extensions.enabledItems: springshine@yogurttree.com:0.2.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/28 03:17:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Firefox\components [2010/10/28 19:00:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Firefox\plugins [2010/10/28 19:00:44 | 000,000,000 | ---D | M]

[2010/01/28 03:21:23 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Mozilla\Extensions
[2009/04/03 18:36:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edmond\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/11/11 17:06:16 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\extensions
[2010/10/29 18:48:03 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/03 22:25:42 | 000,000,000 | ---D | M] (GA?) -- C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\extensions\{7c6d11c6-41b5-11dc-8314-0800200c9a66}
[2010/01/28 03:21:24 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/05 01:37:56 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\extensions\glasser@sixxgate.com
[2010/04/05 01:36:34 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\extensions\springshine@yogurttree.com
[2010/08/15 02:08:08 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\extensions\tineye@ideeinc.com

O1 HOSTS File: ([2010/11/11 23:00:32 | 000,425,536 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14663 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\MegaUpload Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [AVP] D:\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Cmaudio8788] File not found
O4 - HKLM..\Run: [Cmaudio8788GX] C:\Windows\system\HsMgr.exe ()
O4 - HKLM..\Run: [iTunesHelper] D:\iTune\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [msconfg] C:\Program Files\Coopen\Coopen.exe File not found
O4 - HKLM..\Run: [QuickTime Task] D:\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] D:\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] D:\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] D:\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] D:\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON TX300F Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJP.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - D:\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.152.116 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (D:\KASPER~2\mzvkbd3.dll) - D:\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (D:\KASPER~2\kloehk.dll) - D:\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Edmond\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Edmond\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/26 00:46:15 | 000,199,988 | ---- | M] () - D:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010/05/26 00:46:15 | 000,007,320 | ---- | M] () - D:\AUTO.pst -- [ NTFS ]
O33 - MountPoints2\{8e7849df-1bd5-11df-b45e-001aa09cb6f0}\Shell - "" = AutoRun
O33 - MountPoints2\{8e7849df-1bd5-11df-b45e-001aa09cb6f0}\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/12 10:59:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Edmond\Desktop\OTL.exe
[2010/11/03 22:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Outspark
[2010/11/03 22:01:22 | 000,000,000 | ---D | C] -- C:\Users\Edmond\AppData\Local\PMB Files
[2010/11/03 22:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/11/03 22:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/11/03 21:18:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/03 21:18:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/03 21:18:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/02 22:23:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/02 22:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/29 18:47:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PPREGMSG
[2010/10/29 18:43:41 | 000,000,000 | ---D | C] -- C:\Users\Edmond\AppData\Local\Penpower
[2010/10/29 18:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WINPENJR
[2010/10/29 18:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\WINPENJR
[2010/10/27 10:40:45 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/10/27 10:40:45 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/10/27 10:40:44 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/10/27 10:40:44 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/10/27 10:40:39 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/10/21 23:42:54 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/10/21 23:40:40 | 000,000,000 | ---D | C] -- C:\Users\Edmond\AppData\Roaming\Opera
[2010/10/21 23:40:40 | 000,000,000 | ---D | C] -- C:\Users\Edmond\AppData\Local\Opera
[2010/10/21 23:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/10/21 12:01:00 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/21 12:00:39 | 000,039,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2010/10/21 12:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/10/21 11:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/10/21 11:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/10/21 11:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/21 11:54:49 | 000,000,000 | ---D | C] -- C:\Users\Edmond\AppData\Local\Windows Live
[2010/10/21 11:54:14 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/10/21 11:54:14 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2010/10/21 11:54:13 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2010/10/14 15:54:50 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/14 15:54:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/14 15:54:50 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/14 15:54:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/14 15:54:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/14 15:54:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/14 15:54:49 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/14 15:54:49 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/14 15:54:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/14 15:54:49 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/14 15:54:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/14 15:54:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/14 15:54:38 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/14 15:54:38 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/14 15:54:31 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/14 15:54:28 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/14 15:54:27 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/14 15:54:26 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/12 14:42:34 | 000,010,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/12 14:42:34 | 000,010,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/12 14:39:00 | 000,642,300 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/12 14:39:00 | 000,117,008 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/12 14:34:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/12 14:34:35 | 1609,175,040 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/12 10:59:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Edmond\Desktop\OTL.exe
[2010/11/11 23:00:32 | 000,425,536 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/11 22:55:14 | 000,288,107 | ---- | M] () -- C:\Users\Edmond\Desktop\gmer.zip
[2010/11/10 00:45:05 | 000,085,897 | ---- | M] () -- C:\Users\Edmond\Documents\1289284561529.jpg
[2010/11/09 20:27:10 | 000,000,064 | ---- | M] () -- C:\ProgramData\SWAPPINFO.ini
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\Edmond\Desktop\gmer.exe
[2010/11/03 22:54:39 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\Fiesta.lnk
[2010/11/02 22:25:30 | 000,623,616 | ---- | M] () -- C:\Users\Edmond\Desktop\dds.scr
[2010/11/02 22:23:14 | 000,001,078 | ---- | M] () -- C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/02 12:25:47 | 000,424,330 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101111-230032.backup
[2010/10/31 02:42:38 | 000,133,744 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010/10/30 18:39:52 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2010/10/29 22:33:33 | 000,318,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/21 23:40:32 | 000,000,827 | ---- | M] () -- C:\Users\Edmond\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/11 22:57:16 | 000,296,448 | ---- | C] () -- C:\Users\Edmond\Desktop\gmer.exe
[2010/11/11 22:55:12 | 000,288,107 | ---- | C] () -- C:\Users\Edmond\Desktop\gmer.zip
[2010/11/10 00:45:04 | 000,085,897 | ---- | C] () -- C:\Users\Edmond\Documents\1289284561529.jpg
[2010/11/03 23:00:33 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/11/03 23:00:32 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/11/03 22:54:39 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\Fiesta.lnk
[2010/11/02 22:25:27 | 000,623,616 | ---- | C] () -- C:\Users\Edmond\Desktop\dds.scr
[2010/11/02 22:23:14 | 000,001,078 | ---- | C] () -- C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/29 18:54:08 | 000,000,064 | ---- | C] () -- C:\ProgramData\SWAPPINFO.ini
[2010/10/29 18:42:58 | 000,137,744 | ---- | C] () -- C:\Windows\System32\PPWORDW.DLL
[2010/10/29 18:42:58 | 000,059,920 | ---- | C] () -- C:\Windows\System32\ppadapi.dll
[2010/10/29 18:42:55 | 004,795,092 | ---- | C] () -- C:\Windows\DFSCSK5U.TTE
[2010/10/29 18:42:55 | 003,639,720 | ---- | C] () -- C:\Windows\DFSCSM3U.TTE
[2010/10/21 23:40:32 | 000,000,827 | ---- | C] () -- C:\Users\Edmond\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/09/13 17:47:18 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp7ml3.dll
[2010/08/03 19:32:23 | 000,003,584 | ---- | C] () -- C:\Users\Edmond\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/16 02:35:41 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/06/28 18:08:13 | 000,000,053 | ---- | C] () -- C:\Windows\System32\cmasiop.ini
[2010/06/28 18:07:43 | 000,045,212 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2010/06/28 18:06:28 | 000,000,934 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2010/06/28 18:06:24 | 000,004,965 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2010/06/28 18:06:19 | 000,000,592 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2010/06/28 16:49:25 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/06/25 17:08:25 | 000,000,326 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010/06/15 15:28:21 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll
[2010/02/04 01:52:53 | 000,007,597 | ---- | C] () -- C:\Users\Edmond\AppData\Local\Resmon.ResmonCfg
[2009/12/15 14:41:30 | 000,268,912 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2009/10/21 10:49:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/07 08:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 10:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 10:11:15 | 000,021,584 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2009/07/08 18:02:41 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/07/08 17:58:24 | 000,000,025 | ---- | C] () -- C:\Windows\CDETX300F.ini
[2009/05/05 13:09:15 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/04/30 14:26:29 | 000,000,314 | ---- | C] () -- C:\Windows\wininit.ini
[2009/04/07 14:43:10 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/05 12:51:13 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/07 10:22:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/06/28 18:08:26 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\ASUS
[2010/01/28 03:21:12 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\DAEMON Tools Lite
[2010/04/09 23:29:15 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Digiarty
[2010/01/28 03:21:12 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\DivoGames
[2010/08/05 00:36:24 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\DNA
[2010/03/02 16:15:22 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\EPSON
[2010/01/28 03:21:13 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Folding@home-gpu
[2010/01/28 03:21:13 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Foxit
[2010/03/02 16:52:39 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Foxit Software
[2010/06/29 18:16:11 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Geniesoft
[2010/03/02 12:29:45 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\GetRight Pro
[2010/01/28 03:21:13 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\GOL_byHasbro
[2010/01/28 03:21:13 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Leadertech
[2010/10/21 23:40:40 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Opera
[2010/01/28 03:21:24 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\PlayFirst
[2010/06/09 02:06:49 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Pogo
[2010/01/28 01:54:14 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Sony
[2010/01/28 03:21:25 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Sony Setup
[2010/09/13 02:16:59 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\The Creative Assembly
[2010/01/28 03:21:25 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Thinstall
[2010/01/28 03:21:25 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Tropico 3
[2010/01/28 03:21:25 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\Ubisoft
[2010/01/28 03:21:25 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\UClick
[2010/09/02 03:49:11 | 000,000,000 | ---D | M] -- C:\Users\Edmond\AppData\Roaming\YoudaGames
[2010/10/15 18:45:25 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 40 bytes -> C:\Windows\System32:197ebf26.zreglib
@Alternate Data Stream - 24 bytes -> C:\Windows:3EBFF52930BFCEC3
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D0757AAB

< End of report >

_______________________________


Thanks again for your ongoing efforts in my case.



Regards,


Edmond

Hello Edmund,

Nothing really slapping me in the face. Lets do this.


Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean







Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Hello Ken,

TFC was downloaded and installed as instructed. However, Malwarebytes' Antimalware (MA) crashes during quick scan (Windows force closed the program as it experienced problem).

When the next 2 tries also failed, I uninstalled and reinstalled MA and rebooted. That did not make a difference as the following 2 tries after that gave the same results.

For the brief period that it did run for, 2 infected items were detected. I cleaned those as per instructions by aborting a new scan before it crashes. Report from the incomplete scan is attached below:


_____________________________________


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5110

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14/11/2010 12:23:01 PM
mbam-log-2010-11-14 (12-23-01).txt

Scan type: Quick scan
Objects scanned: 10326
Time elapsed: 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\jinyong.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\jyall.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_____________________________________



Note also that each time MA is run, my screen resolution reverts to 640X480 for the duration that the program runs. Is that normal?

Further, I wish to draw your attention to this section of the previous OLT log:



_______________________________

O1 HOSTS File: ([2010/11/11 23:00:32 | 000,425,536 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
__________________________

When viewed in my browser, these websites are flagged with a dot by Kaspersky as 'phishing' websites. The websites are unknown to me. Does that make a difference?


Regards,


Edmond

Hello Edmund,

First off with Win 7, try right clicking on the Malwarebytes program and select RUN AS ADMINISTRATOR. Give MA another shot


As far as the 01 entries, it looks like you had Spybot Search and Destroy enable there hosts files. The sites listed are bad but O1 - Hosts: 127.0.0.1 is your own computer, if you should access one of those sites, they will try to download and install malicious software...BUT...instead of going to there own server to look for it, its going to 127.0.0.1 ( your own computer ) and when they cant find the junk to download they go away, its more protection for you , not to worry. I hope this makes sense to you .

Hello Ken,


I gave Malwarebyte's another shot as per instructions. The same problem occured half way through scanning with the following generic error message:

_______________________


Malwarebytes' Anti-Malware has stopped working

A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.

_______________________

Previous attempts were made using the 'Run as Administrator' setting. To ensure that is the case, I have also checked the box under properties --> compatibility tab --> 'Run this program as an administrator'. This also applies to the running of the installation file at the beginning.

Any other ideas on how to get this program working?



Regards,


Edmond

Lets try this one Edmund

Please download SuperAntiSpyware Free (http://www.superantispyware.com/superantispyware.html)
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your next reply

Hello Ken,

No problems with running this program. Log is posted below. Thanks!


Regards,

Edmond

________________________________


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/16/2010 at 02:32 PM

Application Version : 4.45.1000

Core Rules Database Version : 5865
Trace Rules Database Version: 3677

Scan type : Complete Scan
Total Scan Time : 00:36:27

Memory items scanned : 761
Memory threats detected : 0
Registry items scanned : 10772
Registry threats detected : 41
File items scanned : 37978
File threats detected : 157

Trojan.Agent/Gen
HKLM\Software\Classes\CLSID\{3571969E-C383-C239-1526-065215260652}
HKCR\CLSID\{3571969E-C383-C239-1526-065215260652}
HKCR\CLSID\{3571969E-C383-C239-1526-065215260652}
HKCR\CLSID\{3571969E-C383-C239-1526-065215260652}\DefaultIcon
HKCR\CLSID\{3571969E-C383-C239-1526-065215260652}\LocalServer32
HKCR\CLSID\{3571969E-C383-C239-1526-065215260652}\ProgID
HKCR\Excel.SheetBinaryMacroEnabled.12
HKCR\Excel.SheetBinaryMacroEnabled.12#EditFlags
HKCR\Excel.SheetBinaryMacroEnabled.12\CLSID
HKCR\Excel.SheetBinaryMacroEnabled.12\DefaultIcon
HKCR\Excel.SheetBinaryMacroEnabled.12\shell
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\New
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\New\command
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\New\ddeexec
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\New\ddeexec\application
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\New\ddeexec\topic
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\Open
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\Open\command
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\Open\ddeexec
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\Open\ddeexec\application
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\Open\ddeexec\topic
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\OpenAsReadOnly
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\OpenAsReadOnly#Extended
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\OpenAsReadOnly\command
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\OpenAsReadOnly\ddeexec
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\OpenAsReadOnly\ddeexec\application
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\OpenAsReadOnly\ddeexec\topic
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\Print
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\Print\command
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\Print\ddeexec
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\Print\ddeexec\application
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\Print\ddeexec\ifexec
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\Print\ddeexec\topic
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\printto
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\printto\command
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\printto\ddeexec
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\printto\ddeexec\application
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\printto\ddeexec\ifexec
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\printto\ddeexec\topic
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\Save As
HKCR\Excel.SheetBinaryMacroEnabled.12\shell\Save As\command
"C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE"

Adware.Tracking Cookie
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@imrworldwide[2].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@www.mediasoftwareapps[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@atdmt[2].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@bs.serving-sys[3].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@kontera[2].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@media6degrees[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@tacoda[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@2o7[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@adtech[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@eaeacom.112.2o7[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@at.atwola[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@insightexpressai[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@msnportal.112.2o7[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@atwola[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@perf.overture[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@ad.yieldmanager[2].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@serving-sys[3].txt
media.mtvnservices.com [ C:\Users\Edmond\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AW52YQVQ ]
secure-us.imrworldwide.com [ C:\Users\Edmond\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AW52YQVQ ]
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@ads.outspark[2].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@bs.serving-sys[2].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\edmond@serving-sys[2].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\Low\edmond@mediaplex[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\Low\edmond@iacas.adbureau[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\Low\edmond@serving-sys[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\Low\edmond@doubleclick[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\Low\edmond@tacoda[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\Low\edmond@atwola[2].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\Low\edmond@atdmt[2].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\Low\edmond@adtech[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\Low\edmond@at.atwola[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\Low\edmond@msnportal.112.2o7[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\Low\edmond@imrworldwide[2].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\Low\edmond@bs.serving-sys[1].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\Low\edmond@ad.wsod[2].txt
C:\Users\Edmond\AppData\Roaming\Microsoft\Windows\Cookies\Low\edmond@ad.yieldmanager[2].txt
.dmtracker.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.2o7.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.mtvn.112.2o7.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.quark.122.2o7.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.xiti.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.112.2o7.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.f2network.112.2o7.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.2o7.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.nrma.122.2o7.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.112.2o7.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.kaspersky.122.2o7.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.legolas-media.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.legolas-media.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.legolas-media.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.cnetaustralia.122.2o7.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.2o7.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.ru4.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.ru4.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.e-2dj6wfloqkdjgdo.stats.esomniture.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
www.gladteen.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.pro-market.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.pro-market.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.richmedia.yahoo.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.2o7.net [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.pointroll.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.pointroll.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
imobsters.rockydogmedia.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
imobsters.rockydogmedia.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
imobsters.rockydogmedia.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Edmond\AppData\Roaming\Mozilla\Firefox\Profiles\s3j0eesw.default\cookies.sqlite ]
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ad.yieldmanager[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ad.wsod[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@doubleclick[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@smartmedia.allyes[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@microsoftmachinetranslation.112.2o7[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@imrworldwide[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@fastclick[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@interclick[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ad-plus[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@microsoftwindows.112.2o7[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@atdmt[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@msnportal.112.2o7[1].txt
.bs.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.mediaonenetwork.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.2o7.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.overture.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.overture.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.overture.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.tourismtas.122.2o7.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]
.mediav.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\d8s13i9e.default\cookies.sqlite ]

Trojan.Agent/Gen-HackPatch
D:\GAMES\?HAO?§3￥±A13\信?之野望13?本介??化?丁.V1.01.BY.HANKPPP-PATCH.EXE
D:\GETRIGHT PRO\GETRIGHT\PATCH.EXE

Hi,

Are you still being redirected ?

Hi Ken,


Now that you mention it, I have not been redirected since yesterday before the scan.

As the problem before was intermittent, it is not certain yet whether that is because it has not been playing up or that you have solved the problem. I am really hoping it is the latter! :laugh: Either way, thank you very much for your efforts up till now.

Would you mind giving me another day or two to test out the issue before closing case? I will give you an update either way tomorrow.



Thanks again,

Edmond

Hello Edmund,

Why don't use take a few days and see how things are running, I will keep this open for you. If the redirects start again we can dig deeper

Hi Ken,

I have not experienced any redirects since our scan. Looks like it is gone for good. Please consider this case closed.


Many thanks,

Edmond

Your very welcome Edmund



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)





Safe Surfn
Ken

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.