spybob
2011-12-03, 21:15
Over the past 3 days I've done far too much to recount with various programs. Bottom line is none of the other programs I've used make this detection but Spybot consistantly shows:
--- Search result list ---
Win32.Delf.uc: [SBI $88B8013A] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
Win32.Delf.uc: [SBI $14B30E85] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
/--- Search result list ---
As requested, DDS follows in hope of help to resolve this.
TIA
-Bob
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Run by Bob at 13:06:09 on 2011-12-03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.263 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PCMAGA~1\COOKIE~1\COOKIE~1.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Volumouse\volumouse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
D:\keyexp\KEYEXP.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
E:\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\Bob\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Bob\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = cookiecop:8100
uInternet Settings,ProxyOverride = 192.168;<local>
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
BHO: {69D72956-317C-44bd-B369-8E44D4EF9801} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [$Volumouse$] "c:\program files\volumouse\volumouse.exe" /nodlg
uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [CookieCop] c:\progra~1\pcmaga~1\cookie~1\COOKIE~1.EXE
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [adm_tray.exe] c:\program files\acronis\drivemonitor\adm_tray.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\keyexp~1.lnk - d:\keyexp\KEYEXP.EXE
StartupFolder: c:\documents and settings\bob\start menu\programs\startup\Today.pif
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet g series\bin\hpoavn07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\kirbya~1.lnk - c:\program files\kirby alarm\kirbyalarm.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Convert link target to Adobe PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: gamehouse.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: macys.com\www
Trusted Zone: mycheckfree.com
Trusted Zone: onlinesearches.com\publicrecords
Trusted Zone: pointspot.com\www
Trusted Zone: thdathomeservices.com\webmail
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java
DPF: ppctlcab - hxxp://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - hxxp://ppupdates.ca.com/downloads/scanner/axscanner.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105290237593
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147109959609
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://www.imgag.com/cp/install/AxCtp2.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DC70D44C-CFA4-4CFB-AA8F-23E25AF64531} : NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{DC70D44C-CFA4-4CFB-AA8F-23E25AF64531} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxsrvc.dll
Notify: klartew - c:\documents and settings\networkservice\local settings\application data\klartew.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\12nouic8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - cookiecop
FF - prefs.js: network.proxy.ftp_port - 8100
FF - prefs.js: network.proxy.gopher - cookiecop
FF - prefs.js: network.proxy.gopher_port - 8100
FF - prefs.js: network.proxy.http - cookiecop
FF - prefs.js: network.proxy.http_port - 8100
FF - prefs.js: network.proxy.socks - cookiecop
FF - prefs.js: network.proxy.socks_port - 8100
FF - prefs.js: network.proxy.ssl - cookiecop
FF - prefs.js: network.proxy.ssl_port - 8100
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\bob\application data\mozilla\firefox\profiles\12nouic8.default\extensions\{7e7165e2-0767-448c-852f-5fa8714f2c37}\components\PlainOldFavorites.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\bob\application data\mozilla\firefox\profiles\12nouic8.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: e:\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: PlainOldFavorites: {7E7165E2-0767-448c-852F-5FA8714F2C37} - %profile%\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-11-15 28552]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-9-28 15328]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-12-2 565552]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe [2011-4-24 202296]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-9-28 220128]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
S1 MpKsl05b8ec11;MpKsl05b8ec11;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cf9c8df2-582e-4a0b-a51f-7e845e1cd6fd}\mpksl05b8ec11.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cf9c8df2-582e-4a0b-a51f-7e845e1cd6fd}\MpKsl05b8ec11.sys [?]
S1 MpKsl2c04e557;MpKsl2c04e557;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0bc45769-a94d-4949-a210-4e7dd42e8b5a}\mpksl2c04e557.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0bc45769-a94d-4949-a210-4e7dd42e8b5a}\MpKsl2c04e557.sys [?]
S1 MpKsl30221af3;MpKsl30221af3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc380205-6e12-4e7d-93e7-85f54d3db76c}\mpksl30221af3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc380205-6e12-4e7d-93e7-85f54d3db76c}\MpKsl30221af3.sys [?]
S1 MpKsl3bbc9cb7;MpKsl3bbc9cb7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b65b421e-520c-4dc3-bb0b-e0b13ccacb29}\mpksl3bbc9cb7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b65b421e-520c-4dc3-bb0b-e0b13ccacb29}\MpKsl3bbc9cb7.sys [?]
S1 MpKsl50c6aa21;MpKsl50c6aa21;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fbced0e-c906-4526-8ac0-a3e173bd644c}\mpksl50c6aa21.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fbced0e-c906-4526-8ac0-a3e173bd644c}\MpKsl50c6aa21.sys [?]
S1 MpKsl63115aff;MpKsl63115aff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f268287-023a-4ef1-8111-eed0d192dfae}\mpksl63115aff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f268287-023a-4ef1-8111-eed0d192dfae}\MpKsl63115aff.sys [?]
S1 MpKsl6992bf7e;MpKsl6992bf7e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00dd543a-485e-4f5c-805e-5cccba25d24d}\mpksl6992bf7e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00dd543a-485e-4f5c-805e-5cccba25d24d}\MpKsl6992bf7e.sys [?]
S1 MpKsl6f4364a6;MpKsl6f4364a6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49f1789d-f463-4ae6-9a66-747134266b78}\mpksl6f4364a6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49f1789d-f463-4ae6-9a66-747134266b78}\MpKsl6f4364a6.sys [?]
S1 MpKsl91e50612;MpKsl91e50612;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7afa9519-2dc2-4f4a-bc6a-67db575ad69f}\mpksl91e50612.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7afa9519-2dc2-4f4a-bc6a-67db575ad69f}\MpKsl91e50612.sys [?]
S1 MpKsl957cbe81;MpKsl957cbe81;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d7adc2b-9e7c-499b-8b4b-970056c021c5}\mpksl957cbe81.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d7adc2b-9e7c-499b-8b4b-970056c021c5}\MpKsl957cbe81.sys [?]
S1 MpKsla44f2d84;MpKsla44f2d84;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc380205-6e12-4e7d-93e7-85f54d3db76c}\mpksla44f2d84.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc380205-6e12-4e7d-93e7-85f54d3db76c}\MpKsla44f2d84.sys [?]
S1 MpKslb1eef83e;MpKslb1eef83e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec47350a-2863-4f9a-90e4-6aab11dc7f96}\mpkslb1eef83e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec47350a-2863-4f9a-90e4-6aab11dc7f96}\MpKslb1eef83e.sys [?]
S1 MpKslbb72fb26;MpKslbb72fb26;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d02b31d1-047a-4a74-b222-564f57750561}\mpkslbb72fb26.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d02b31d1-047a-4a74-b222-564f57750561}\MpKslbb72fb26.sys [?]
S1 MpKslc6a20e02;MpKslc6a20e02;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{22038661-62e7-42f4-a3bd-bd6d7ea26198}\mpkslc6a20e02.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{22038661-62e7-42f4-a3bd-bd6d7ea26198}\MpKslc6a20e02.sys [?]
S1 MpKslc86a0644;MpKslc86a0644;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f951e807-42b7-42a5-8e28-f10b74bca579}\mpkslc86a0644.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f951e807-42b7-42a5-8e28-f10b74bca579}\MpKslc86a0644.sys [?]
S1 MpKslcfc4f3af;MpKslcfc4f3af;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c9f5f717-de2b-42a3-ad96-b15b8b26858b}\mpkslcfc4f3af.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c9f5f717-de2b-42a3-ad96-b15b8b26858b}\MpKslcfc4f3af.sys [?]
S1 MpKsldfa7710c;MpKsldfa7710c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5d66a504-67fe-4fc0-b704-9aff011607f5}\mpksldfa7710c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5d66a504-67fe-4fc0-b704-9aff011607f5}\MpKsldfa7710c.sys [?]
S1 MpKslf156ae64;MpKslf156ae64;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{021de105-dc76-4d6e-beb8-b9d47dd524a3}\mpkslf156ae64.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{021de105-dc76-4d6e-beb8-b9d47dd524a3}\MpKslf156ae64.sys [?]
S1 MpKslf9cc0160;MpKslf9cc0160;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e84c3ea2-141b-4581-a47d-ca48b2e8c486}\mpkslf9cc0160.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e84c3ea2-141b-4581-a47d-ca48b2e8c486}\MpKslf9cc0160.sys [?]
S1 MpKslfd8e6181;MpKslfd8e6181;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{71e3c987-72e8-40b3-a256-da415b7829b5}\mpkslfd8e6181.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{71e3c987-72e8-40b3-a256-da415b7829b5}\MpKslfd8e6181.sys [?]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys --> c:\windows\system32\drivers\pxrts.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 KirbyAlarmPro;Kirby Alarm Pro;c:\program files\kirby alarm pro\kirbyalarmpro.exe [2009-2-3 3579904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2010-9-28 44512]
S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [2010-9-28 12256]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys --> c:\windows\system32\drivers\pxkbf.sys [?]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2006-2-3 37632]
.
=============== File Associations ===============
.
txtfile="c:\program files\jgsoft\editpadlite\EditPad.exe" "%1"
.
=============== Created Last 30 ================
.
2011-12-02 23:32:30 97961 -c--a-w- c:\windows\system32\drivers\klick.dat
2011-12-02 23:32:30 115369 -c--a-w- c:\windows\system32\drivers\klin.dat
2011-12-02 23:29:57 -------- dc----w- c:\program files\Kaspersky Lab
2011-12-02 23:29:56 -------- dc----w- c:\documents and settings\all users\application data\Kaspersky Lab
2011-12-01 19:29:31 -------- dc----w- C:\SDFix
2011-12-01 16:37:25 -------- dc----w- c:\documents and settings\bob\local settings\application data\fxnetlib
2011-11-30 23:07:51 23624 -c--a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-30 23:06:29 -------- dc----w- c:\documents and settings\all users\application data\Hitman Pro
2011-11-30 17:10:41 71880 -c--a-w- c:\windows\system32\PxSecure.dll-19202703
2011-11-15 22:34:40 28552 -c--a-w- c:\windows\system32\drivers\pavboot.sys
.
==================== Find3M ====================
.
2011-12-01 00:08:09 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-15 22:22:09 100 -c--a-w- c:\windows\system32\prsgrc.dll
2011-11-15 13:17:59 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 13:07:44.75 ===============
--- Search result list ---
Win32.Delf.uc: [SBI $88B8013A] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
Win32.Delf.uc: [SBI $14B30E85] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
/--- Search result list ---
As requested, DDS follows in hope of help to resolve this.
TIA
-Bob
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Run by Bob at 13:06:09 on 2011-12-03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.263 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PCMAGA~1\COOKIE~1\COOKIE~1.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Volumouse\volumouse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
D:\keyexp\KEYEXP.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
E:\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\Bob\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Bob\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = cookiecop:8100
uInternet Settings,ProxyOverride = 192.168;<local>
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
BHO: {69D72956-317C-44bd-B369-8E44D4EF9801} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [$Volumouse$] "c:\program files\volumouse\volumouse.exe" /nodlg
uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [CookieCop] c:\progra~1\pcmaga~1\cookie~1\COOKIE~1.EXE
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [adm_tray.exe] c:\program files\acronis\drivemonitor\adm_tray.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\keyexp~1.lnk - d:\keyexp\KEYEXP.EXE
StartupFolder: c:\documents and settings\bob\start menu\programs\startup\Today.pif
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet g series\bin\hpoavn07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\kirbya~1.lnk - c:\program files\kirby alarm\kirbyalarm.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Convert link target to Adobe PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: gamehouse.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: macys.com\www
Trusted Zone: mycheckfree.com
Trusted Zone: onlinesearches.com\publicrecords
Trusted Zone: pointspot.com\www
Trusted Zone: thdathomeservices.com\webmail
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java
DPF: ppctlcab - hxxp://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - hxxp://ppupdates.ca.com/downloads/scanner/axscanner.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105290237593
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147109959609
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://www.imgag.com/cp/install/AxCtp2.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DC70D44C-CFA4-4CFB-AA8F-23E25AF64531} : NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{DC70D44C-CFA4-4CFB-AA8F-23E25AF64531} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxsrvc.dll
Notify: klartew - c:\documents and settings\networkservice\local settings\application data\klartew.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\12nouic8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - cookiecop
FF - prefs.js: network.proxy.ftp_port - 8100
FF - prefs.js: network.proxy.gopher - cookiecop
FF - prefs.js: network.proxy.gopher_port - 8100
FF - prefs.js: network.proxy.http - cookiecop
FF - prefs.js: network.proxy.http_port - 8100
FF - prefs.js: network.proxy.socks - cookiecop
FF - prefs.js: network.proxy.socks_port - 8100
FF - prefs.js: network.proxy.ssl - cookiecop
FF - prefs.js: network.proxy.ssl_port - 8100
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\bob\application data\mozilla\firefox\profiles\12nouic8.default\extensions\{7e7165e2-0767-448c-852f-5fa8714f2c37}\components\PlainOldFavorites.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\bob\application data\mozilla\firefox\profiles\12nouic8.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: e:\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: PlainOldFavorites: {7E7165E2-0767-448c-852F-5FA8714F2C37} - %profile%\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-11-15 28552]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-9-28 15328]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-12-2 565552]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe [2011-4-24 202296]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-9-28 220128]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
S1 MpKsl05b8ec11;MpKsl05b8ec11;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cf9c8df2-582e-4a0b-a51f-7e845e1cd6fd}\mpksl05b8ec11.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cf9c8df2-582e-4a0b-a51f-7e845e1cd6fd}\MpKsl05b8ec11.sys [?]
S1 MpKsl2c04e557;MpKsl2c04e557;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0bc45769-a94d-4949-a210-4e7dd42e8b5a}\mpksl2c04e557.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0bc45769-a94d-4949-a210-4e7dd42e8b5a}\MpKsl2c04e557.sys [?]
S1 MpKsl30221af3;MpKsl30221af3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc380205-6e12-4e7d-93e7-85f54d3db76c}\mpksl30221af3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc380205-6e12-4e7d-93e7-85f54d3db76c}\MpKsl30221af3.sys [?]
S1 MpKsl3bbc9cb7;MpKsl3bbc9cb7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b65b421e-520c-4dc3-bb0b-e0b13ccacb29}\mpksl3bbc9cb7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b65b421e-520c-4dc3-bb0b-e0b13ccacb29}\MpKsl3bbc9cb7.sys [?]
S1 MpKsl50c6aa21;MpKsl50c6aa21;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fbced0e-c906-4526-8ac0-a3e173bd644c}\mpksl50c6aa21.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fbced0e-c906-4526-8ac0-a3e173bd644c}\MpKsl50c6aa21.sys [?]
S1 MpKsl63115aff;MpKsl63115aff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f268287-023a-4ef1-8111-eed0d192dfae}\mpksl63115aff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f268287-023a-4ef1-8111-eed0d192dfae}\MpKsl63115aff.sys [?]
S1 MpKsl6992bf7e;MpKsl6992bf7e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00dd543a-485e-4f5c-805e-5cccba25d24d}\mpksl6992bf7e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00dd543a-485e-4f5c-805e-5cccba25d24d}\MpKsl6992bf7e.sys [?]
S1 MpKsl6f4364a6;MpKsl6f4364a6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49f1789d-f463-4ae6-9a66-747134266b78}\mpksl6f4364a6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49f1789d-f463-4ae6-9a66-747134266b78}\MpKsl6f4364a6.sys [?]
S1 MpKsl91e50612;MpKsl91e50612;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7afa9519-2dc2-4f4a-bc6a-67db575ad69f}\mpksl91e50612.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7afa9519-2dc2-4f4a-bc6a-67db575ad69f}\MpKsl91e50612.sys [?]
S1 MpKsl957cbe81;MpKsl957cbe81;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d7adc2b-9e7c-499b-8b4b-970056c021c5}\mpksl957cbe81.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d7adc2b-9e7c-499b-8b4b-970056c021c5}\MpKsl957cbe81.sys [?]
S1 MpKsla44f2d84;MpKsla44f2d84;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc380205-6e12-4e7d-93e7-85f54d3db76c}\mpksla44f2d84.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc380205-6e12-4e7d-93e7-85f54d3db76c}\MpKsla44f2d84.sys [?]
S1 MpKslb1eef83e;MpKslb1eef83e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec47350a-2863-4f9a-90e4-6aab11dc7f96}\mpkslb1eef83e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec47350a-2863-4f9a-90e4-6aab11dc7f96}\MpKslb1eef83e.sys [?]
S1 MpKslbb72fb26;MpKslbb72fb26;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d02b31d1-047a-4a74-b222-564f57750561}\mpkslbb72fb26.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d02b31d1-047a-4a74-b222-564f57750561}\MpKslbb72fb26.sys [?]
S1 MpKslc6a20e02;MpKslc6a20e02;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{22038661-62e7-42f4-a3bd-bd6d7ea26198}\mpkslc6a20e02.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{22038661-62e7-42f4-a3bd-bd6d7ea26198}\MpKslc6a20e02.sys [?]
S1 MpKslc86a0644;MpKslc86a0644;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f951e807-42b7-42a5-8e28-f10b74bca579}\mpkslc86a0644.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f951e807-42b7-42a5-8e28-f10b74bca579}\MpKslc86a0644.sys [?]
S1 MpKslcfc4f3af;MpKslcfc4f3af;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c9f5f717-de2b-42a3-ad96-b15b8b26858b}\mpkslcfc4f3af.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c9f5f717-de2b-42a3-ad96-b15b8b26858b}\MpKslcfc4f3af.sys [?]
S1 MpKsldfa7710c;MpKsldfa7710c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5d66a504-67fe-4fc0-b704-9aff011607f5}\mpksldfa7710c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5d66a504-67fe-4fc0-b704-9aff011607f5}\MpKsldfa7710c.sys [?]
S1 MpKslf156ae64;MpKslf156ae64;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{021de105-dc76-4d6e-beb8-b9d47dd524a3}\mpkslf156ae64.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{021de105-dc76-4d6e-beb8-b9d47dd524a3}\MpKslf156ae64.sys [?]
S1 MpKslf9cc0160;MpKslf9cc0160;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e84c3ea2-141b-4581-a47d-ca48b2e8c486}\mpkslf9cc0160.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e84c3ea2-141b-4581-a47d-ca48b2e8c486}\MpKslf9cc0160.sys [?]
S1 MpKslfd8e6181;MpKslfd8e6181;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{71e3c987-72e8-40b3-a256-da415b7829b5}\mpkslfd8e6181.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{71e3c987-72e8-40b3-a256-da415b7829b5}\MpKslfd8e6181.sys [?]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys --> c:\windows\system32\drivers\pxrts.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 KirbyAlarmPro;Kirby Alarm Pro;c:\program files\kirby alarm pro\kirbyalarmpro.exe [2009-2-3 3579904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2010-9-28 44512]
S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [2010-9-28 12256]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys --> c:\windows\system32\drivers\pxkbf.sys [?]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2006-2-3 37632]
.
=============== File Associations ===============
.
txtfile="c:\program files\jgsoft\editpadlite\EditPad.exe" "%1"
.
=============== Created Last 30 ================
.
2011-12-02 23:32:30 97961 -c--a-w- c:\windows\system32\drivers\klick.dat
2011-12-02 23:32:30 115369 -c--a-w- c:\windows\system32\drivers\klin.dat
2011-12-02 23:29:57 -------- dc----w- c:\program files\Kaspersky Lab
2011-12-02 23:29:56 -------- dc----w- c:\documents and settings\all users\application data\Kaspersky Lab
2011-12-01 19:29:31 -------- dc----w- C:\SDFix
2011-12-01 16:37:25 -------- dc----w- c:\documents and settings\bob\local settings\application data\fxnetlib
2011-11-30 23:07:51 23624 -c--a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-30 23:06:29 -------- dc----w- c:\documents and settings\all users\application data\Hitman Pro
2011-11-30 17:10:41 71880 -c--a-w- c:\windows\system32\PxSecure.dll-19202703
2011-11-15 22:34:40 28552 -c--a-w- c:\windows\system32\drivers\pavboot.sys
.
==================== Find3M ====================
.
2011-12-01 00:08:09 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-15 22:22:09 100 -c--a-w- c:\windows\system32\prsgrc.dll
2011-11-15 13:17:59 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 13:07:44.75 ===============