MS Removal Tool changed proxy setting

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

MS Removal Tool changed proxy setting

Post by Mkl on Fri 15 Apr 2011, 12:06 pm

MS removal tool had changed my proxy settings to
Http proxy: 127.0.0.1
Port: 50808

I had followed the steps in removing ms removal tool in [You must be registered and logged in to see this link.]
and it had worked well, just that my proxy setting is set as default as "manual proxy configuration"
so every time i restart firefox, it goes back to the manual proxy configuration with the above settings.
to go onto the internet, i have to set it back to no proxy,
i am using mozilla firefox 4
help please

Mkl

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-04-15
Operating System : Windows XP

View user profile

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by DragonMaster Jay on Fri 15 Apr 2011, 3:12 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by Mkl on Fri 15 Apr 2011, 4:20 pm

Okay, I've done as it said and
Spoiler:
ComboFix 11-04-14.01 - Owner 15/04/2011 15:00:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1534.983 [GMT 10:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\Adobe\plugs
c:\documents and settings\Owner\Application Data\Adobe\plugs\mmc866781.txt
c:\documents and settings\Owner\Application Data\Adobe\shed
c:\documents and settings\Owner\Application Data\Adobe\shed\thr1.chm
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Owner\Local Settings\Application Data\{C059C642-D092-4771-8B64-29F6E265D17B}
c:\documents and settings\Owner\Local Settings\Application Data\{C059C642-D092-4771-8B64-29F6E265D17B}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{C059C642-D092-4771-8B64-29F6E265D17B}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{C059C642-D092-4771-8B64-29F6E265D17B}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{C059C642-D092-4771-8B64-29F6E265D17B}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-13 06:45 . 2011-04-13 06:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-04-13 06:45 . 2011-04-13 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-13 06:45 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-13 06:45 . 2011-04-13 06:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-13 06:45 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-12 11:10 . 2011-04-12 11:33 -------- d-----w- c:\documents and settings\Administrator
2011-04-12 10:37 . 2011-04-13 05:50 0 ----a-w- c:\windows\Spepozidohugil.bin
2011-04-12 10:36 . 2011-04-13 07:08 -------- d-----w- c:\documents and settings\All Users\Application Data\nJg28258bAfHl28258
2011-04-12 08:23 . 2011-04-12 08:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Axialis
2011-04-12 08:23 . 2011-04-13 08:42 -------- d-----w- c:\program files\Axialis
2011-04-12 08:22 . 2011-04-13 08:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Axialis
2011-04-12 07:42 . 2011-04-12 08:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FileServe Manager
2011-04-12 07:41 . 2011-04-12 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\FileServe Limited
2011-04-10 08:37 . 2011-04-10 08:37 -------- d-----w- c:\documents and settings\Owner\Application Data\BabylonToolbar
2011-04-09 11:59 . 2011-04-09 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2011-04-09 11:58 . 2011-04-09 11:58 -------- d-----w- c:\program files\BabylonToolbar
2011-04-09 11:57 . 2011-04-09 11:57 -------- d-----w- c:\program files\Yuna Software
2011-04-07 09:20 . 2011-04-07 09:20 -------- d-----w- c:\program files\Microsoft
2011-04-07 09:19 . 2011-04-07 09:20 -------- d-----w- c:\program files\Windows Live
2011-04-02 10:02 . 2011-04-02 10:02 -------- d-----w- c:\program files\Apple Software Update
2011-03-31 12:01 . 2004-01-28 05:03 21456 ----a-w- c:\windows\system32\drivers\SilvrLnk.sys
2011-03-31 12:01 . 2011-03-31 12:01 -------- d-----w- c:\program files\TI Education
2011-03-31 11:53 . 2011-03-31 11:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-03-25 10:56 . 2011-03-25 10:56 -------- d-----w- c:\documents and settings\Owner\Application Data\NJStar
2011-03-25 10:56 . 2011-03-25 10:57 -------- d-----w- c:\program files\NJStar Chinese WP
2011-03-25 10:27 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-25 10:27 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-25 10:27 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-25 10:27 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-25 10:27 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-25 10:27 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-25 10:27 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-25 10:27 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-18 10:41 . 2011-03-18 10:41 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2011-03-18 10:40 . 2011-03-18 10:40 -------- d-----w- c:\program files\Common Files\Skype
2011-03-18 10:40 . 2011-03-18 10:40 -------- d-----r- c:\program files\Skype
2011-03-18 10:40 . 2011-03-18 12:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2011-03-18 10:39 . 2011-03-18 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 17:53 . 2011-03-25 10:27 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 02:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 02:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-06 114688]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-10-30 352976]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1039:TCP"= 1039:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [9/06/2010 5:43 PM 11352]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [17/07/2003 6:47 AM 14336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [7/05/2010 12:06 PM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/11/2009 8:27 PM 19472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q9rv5dbh.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50808
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-15 15:08
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1980)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-04-15 15:14:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-15 05:14
.
Pre-Run: 19,082,629,120 bytes free
Post-Run: 19,102,494,720 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - F333A2AB9D694B2DAE17A10B33D17F8E

and that's what i get, if you want the actually log file then er... I'll try post it

Mkl

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-04-15
Operating System : Windows XP

View user profile

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by DragonMaster Jay on Fri 15 Apr 2011, 8:41 pm

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    Link 1
    Link 2
    Link 3

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by Mkl on Fri 15 Apr 2011, 9:34 pm

okay got that, what's next?
name of the .txt file is MBRCheck_04.15.11_20.32.28

Spoiler:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 123):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xBA2DE000 kl1.sys
0xBA2B0000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xBA29F000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xBA1E0000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xBA1C8000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xBA1A9000 fltmgr.sys
0xBA197000 sr.sys
0xBA180000 KSecDD.sys
0xBA169000 WudfPf.sys
0xBA0DC000 Ntfs.sys
0xBA0AF000 NDIS.sys
0xBA094000 Mup.sys
0xF76C7000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB9544000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB9530000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77F7000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB950D000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF77FF000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF7807000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF76E7000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA070000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB94F9000 \SystemRoot\System32\DRIVERS\parport.sys
0xF76F7000 \SystemRoot\System32\DRIVERS\imapi.sys
0xBA28F000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA27F000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB94D6000 \SystemRoot\System32\DRIVERS\ks.sys
0xF780F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB9450000 \SystemRoot\system32\drivers\smwdm.sys
0xB942C000 \SystemRoot\system32\drivers\portcls.sys
0xBA26F000 \SystemRoot\system32\drivers\drmk.sys
0xF79BF000 \SystemRoot\system32\drivers\aeaudio.sys
0xB93FC000 \SystemRoot\system32\drivers\windrvr6.sys
0xF79C1000 \SystemRoot\system32\drivers\USBD.SYS
0xBA24F000 \SystemRoot\system32\DRIVERS\klim5.sys
0xF7A8B000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA23F000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA068000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB939E000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA22F000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA21F000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7817000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB938D000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA20F000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF781F000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7727000 \SystemRoot\System32\DRIVERS\raspti.sys
0xBA1FF000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF772F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7737000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF79C3000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB92B9000 \SystemRoot\System32\DRIVERS\update.sys
0xBA050000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7657000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB1225000 \SystemRoot\system32\drivers\ialmkchw.sys
0xB1209000 \SystemRoot\system32\drivers\ialmsbw.sys
0xB9D5A000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xB1162000 \SystemRoot\system32\DRIVERS\klif.sys
0xF79C7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A90000 \SystemRoot\System32\Drivers\Null.SYS
0xF79C9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF774F000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF7757000 \SystemRoot\System32\drivers\vga.sys
0xF79CB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79CD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF775F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7767000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7913000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF776F000 \SystemRoot\system32\DRIVERS\kl2.sys
0xB10B7000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB105F000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB1037000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB1015000 \SystemRoot\System32\drivers\afd.sys
0xB9D2A000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB0FE9000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF7927000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xB0F7A000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB9CFA000 \SystemRoot\System32\Drivers\Fips.SYS
0xB0F59000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF777F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF792F000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xB9CEA000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF7933000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xF7937000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB9CDA000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0xF7677000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF76B7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAF4A5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79D3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB11E5000 \SystemRoot\System32\drivers\Dxapi.sys
0xF778F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB0828000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF06F000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAF379000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xAF120000 \SystemRoot\system32\drivers\wdmaud.sys
0xB934D000 \SystemRoot\system32\drivers\sysaudio.sys
0xAEF0E000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF79DB000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAED27000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE71E000 \SystemRoot\System32\Drivers\HTTP.sys
0xF773F000 \??\C:\ComboFix\catchme.sys
0xF79FD000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xAE463000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAE399000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
868 C:\WINDOWS\system32\smss.exe
916 csrss.exe
940 C:\WINDOWS\system32\winlogon.exe
984 C:\WINDOWS\system32\services.exe
996 C:\WINDOWS\system32\lsass.exe
1152 C:\WINDOWS\system32\svchost.exe
1252 svchost.exe
1376 C:\WINDOWS\system32\svchost.exe
1420 C:\WINDOWS\system32\svchost.exe
1600 svchost.exe
1724 svchost.exe
1872 C:\WINDOWS\system32\spoolsv.exe
380 svchost.exe
416 C:\WINDOWS\system32\svchost.exe
428 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
612 C:\Program Files\Bonjour\mDNSResponder.exe
720 C:\Program Files\Java\jre6\bin\jqs.exe
1364 C:\WINDOWS\system32\svchost.exe
488 C:\WINDOWS\system32\hkcmd.exe
884 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
904 C:\Program Files\Common Files\Java\Java Update\jusched.exe
920 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
1204 C:\Program Files\iTunes\iTunesHelper.exe
2568 C:\WINDOWS\system32\ctfmon.exe
3052 C:\Program Files\iPod\bin\iPodService.exe
3144 alg.exe
4020 C:\WINDOWS\system32\wuauclt.exe
3688 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
476 C:\WINDOWS\system32\wscntfy.exe
1980 C:\WINDOWS\explorer.exe
3972 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: IC35L060AVV207-0, Rev: V22OA66A
PhysicalDrive1 Model Number: WDCWD2000JB-55GVA0, Rev: 08.02D08

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
186 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Mkl

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-04-15
Operating System : Windows XP

View user profile

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by DragonMaster Jay on Fri 15 Apr 2011, 10:24 pm

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by Mkl on Fri 15 Apr 2011, 11:58 pm

Spoiler:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=2b547dbdb34b324f98c7ee670f6557f5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-15 12:48:27
# local_time=2011-04-15 10:48:27 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1280 16777191 100 0 13625984 13625984 0 0
# compatibility_mode=8192 67108863 100 0 338 338 0 0
# scanned=61243
# found=4
# cleaned=4
# scan_time=2806
C:\System Volume Information\_restore{0AAA15E0-9ACA-4A91-826D-5A109F7C125D}\RP163\A0022507.dll a variant of Win32/Cimag.GY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0AAA15E0-9ACA-4A91-826D-5A109F7C125D}\RP163\A0022508.dll a variant of Win32/Kryptik.MOD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0AAA15E0-9ACA-4A91-826D-5A109F7C125D}\RP163\A0022509.exe a variant of Win32/Kryptik.MNR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\Warcraft III\w3l.exe a variant of Win32/Injector.ECJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

hmmm... looks like no more warcraft for me lol

Mkl

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-04-15
Operating System : Windows XP

View user profile

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by DragonMaster Jay on Sat 16 Apr 2011, 9:25 am

How did you obtain that version of Warcraft in the first place?

It should have not been deleted if that was a legit version...

Please download CKScanner by askey127 from here

Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by Mkl on Sat 16 Apr 2011, 11:04 am

Oh that's for playing on bored aussies server

Spoiler:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\jasc software inc\paint shop pro 9\bump maps\cracked desert.pspimage
c:\program files\jasc software inc\paint shop pro 9\patterns\cracked paint.pspimage
scanner sequence 3.AA.11
----- EOF -----

Mkl

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-04-15
Operating System : Windows XP

View user profile

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by DragonMaster Jay on Sat 16 Apr 2011, 7:42 pm

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by Mkl on Sat 16 Apr 2011, 10:09 pm

again? lol

Spoiler:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=2b547dbdb34b324f98c7ee670f6557f5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-15 12:48:27
# local_time=2011-04-15 10:48:27 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1280 16777191 100 0 13625984 13625984 0 0
# compatibility_mode=8192 67108863 100 0 338 338 0 0
# scanned=61243
# found=4
# cleaned=4
# scan_time=2806
C:\System Volume Information\_restore{0AAA15E0-9ACA-4A91-826D-5A109F7C125D}\RP163\A0022507.dll a variant of Win32/Cimag.GY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0AAA15E0-9ACA-4A91-826D-5A109F7C125D}\RP163\A0022508.dll a variant of Win32/Kryptik.MOD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0AAA15E0-9ACA-4A91-826D-5A109F7C125D}\RP163\A0022509.exe a variant of Win32/Kryptik.MNR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\Warcraft III\w3l.exe a variant of Win32/Injector.ECJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=2b547dbdb34b324f98c7ee670f6557f5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-16 10:37:26
# local_time=2011-04-16 08:37:26 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=3081
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1280 16777191 100 0 13704355 13704355 0 0
# compatibility_mode=8192 67108863 100 0 78709 78709 0 0
# scanned=62163
# found=0
# cleaned=0
# scan_time=2974

looks same as before except after 3 quarters of the way down

Mkl

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-04-15
Operating System : Windows XP

View user profile

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by DragonMaster Jay on Sun 17 Apr 2011, 4:08 am

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by Mkl on Sun 17 Apr 2011, 11:41 am

This is the OTL.txt
Spoiler:
OTL logfile created on: 17/04/2011 10:11:29 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop\otl
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.02 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
Drive E: | 186.30 Gb Total Space | 161.85 Gb Free Space | 86.88% Space Free | Partition Type: NTFS

Computer Name: KON | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/15 11:00:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\otl\OTL.com
PRC - [2010/07/20 11:45:24 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/15 11:00:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\otl\OTL.com
MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/03/30 17:13:19 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2010/10/30 15:08:41 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/04/27 09:44:00 | 003,735,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)


========== Driver Services (SafeList) ==========

DRV - [2010/10/30 15:08:41 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/03 10:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50808
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/10/26 20:25:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/14 18:33:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/02 20:03:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/10/26 20:25:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/10/30 13:03:08 | 000,000,000 | ---D | M]

[2010/07/27 14:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/04/15 17:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q9rv5dbh.default\extensions
[2011/03/12 16:04:41 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q9rv5dbh.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/03/19 20:18:53 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q9rv5dbh.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2011/04/15 17:44:09 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q9rv5dbh.default\extensions\ALone-live@ya.ru
[2011/04/14 18:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/30 13:16:29 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Q9RV5DBH.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Q9RV5DBH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Q9RV5DBH.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2010/07/27 14:35:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/19 03:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/27 14:23:55 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2011/04/09 21:58:27 | 000,002,423 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/15 15:07:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [You must be registered and logged in to see this link.] (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/27 08:22:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/17 10:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\otl
[2011/04/15 21:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/15 18:21:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/15 14:59:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/15 14:57:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/15 14:57:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/15 14:57:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/15 14:57:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/15 14:57:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/15 14:57:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/14 16:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PSX2PSPv1.4.2FULL
[2011/04/14 16:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ImpalerPSX
[2011/04/13 16:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/04/13 16:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/13 16:45:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/13 16:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/13 16:45:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/13 16:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/12 21:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Anti-Virus 2011
[2011/04/12 20:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nJg28258bAfHl28258
[2011/04/12 18:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Axialis
[2011/04/12 18:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Axialis
[2011/04/12 18:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Axialis
[2011/04/12 17:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\FileServe Manager
[2011/04/12 17:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileServe Limited
[2011/04/10 18:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BabylonToolbar
[2011/04/09 21:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/04/09 21:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011/04/09 21:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Yuna Software
[2011/04/07 19:20:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/04/07 19:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/04/07 19:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/04/02 20:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/02 20:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/02 20:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/02 20:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/04/02 20:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/04/02 20:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/03/31 22:01:40 | 000,021,456 | ---- | C] (Texas Instruments Incorporated) -- C:\WINDOWS\System32\drivers\SilvrLnk.sys
[2011/03/31 22:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TI Tools
[2011/03/31 22:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\TI Education
[2011/03/31 21:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/03/25 20:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\NJStar Chinese WP
[2011/03/25 20:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NJStar Chinese WP
[2011/03/25 20:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\NJStar
[2011/03/25 20:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\NJStar Chinese WP
[2011/03/18 20:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\skypePM
[2011/03/18 20:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/03/18 20:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/03/18 20:40:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/03/18 20:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Skype
[2011/03/18 20:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/17 10:07:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/16 10:01:26 | 000,453,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2011/04/15 15:07:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/15 14:59:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/15 14:56:23 | 004,321,202 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/15 12:19:54 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/13 16:45:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 16:41:08 | 000,007,071 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\8702.175
[2011/04/13 15:50:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Spepozidohugil.bin
[2011/04/12 20:37:22 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Omawexexiv.dat
[2011/04/09 14:53:02 | 000,115,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/04/09 14:53:02 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/04/07 20:13:50 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
[2011/04/01 15:24:56 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/31 22:01:22 | 000,001,102 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TI Connect.lnk
[2011/03/25 20:56:59 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NJStar Chinese WP.lnk
[2011/03/25 20:27:57 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/20 19:39:57 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/18 20:41:06 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/18 18:14:09 | 000,495,958 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/18 18:14:09 | 000,084,442 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/16 10:01:25 | 000,453,632 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2011/04/15 14:59:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/15 14:59:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/15 14:57:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/15 14:57:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/15 14:57:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/15 14:57:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/15 14:57:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/15 14:56:06 | 004,321,202 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/13 16:45:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/12 20:37:22 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Omawexexiv.dat
[2011/04/12 20:37:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Spepozidohugil.bin
[2011/04/12 20:35:49 | 000,007,071 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\8702.175
[2011/03/31 22:01:22 | 000,001,102 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TI Connect.lnk
[2011/03/25 20:56:59 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NJStar Chinese WP.lnk
[2011/03/25 20:27:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/18 20:41:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/18 20:40:09 | 000,002,415 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/10/30 13:04:35 | 000,115,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/10/30 13:04:35 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/08/07 22:18:48 | 000,168,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/28 21:06:10 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 18:11:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/27 18:10:40 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/27 14:18:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/27 08:32:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/27 08:19:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/07/17 06:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/17 06:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/17 06:44:08 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/07/17 06:41:25 | 000,495,958 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/17 06:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/17 06:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/17 06:41:21 | 000,084,442 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/17 06:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/17 06:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/17 06:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/17 06:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/17 06:26:37 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/07/27 08:21:58 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 22:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 20:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/07/27 12:44:38 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/27 13:33:07 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/07/27 08:37:10 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/04/16 10:01:26 | 000,453,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2011/04/15 14:56:23 | 004,321,202 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/03/19 03:53:03 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/03/19 03:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/03/19 03:53:19 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/03/19 03:53:21 | 000,261,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/07/27 13:33:07 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/07/01 21:35:12 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\klogon.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kl1.sys
[2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kl2.sys
[2010/10/30 15:08:41 | 000,475,736 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klif.sys
[2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klim5.sys
[2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klmouflt.sys

< %systemroot%\System32\config\*.sav >
[2010/07/27 18:10:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/07/27 18:10:04 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/07/27 18:10:04 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2003/07/17 06:24:13 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2003/07/17 06:25:52 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2003/07/17 06:29:25 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2003/07/17 06:31:42 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2003/07/17 06:31:44 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2005/01/04 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys
[2003/07/17 06:39:32 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2003/07/17 06:39:33 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2003/07/17 06:39:33 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2003/07/17 06:39:37 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2003/07/17 06:39:38 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 22:45:10 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 22:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 22:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 22:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 22:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2004/08/03 23:07:34 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 15:56:34 | 001,850,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2004/08/04 00:56:42 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2004/08/04 00:56:42 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2004/08/04 00:56:42 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2004/08/04 00:56:42 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2004/08/04 00:56:42 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2004/08/04 00:56:42 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2004/08/04 00:56:42 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2004/08/04 00:56:42 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2004/08/04 00:56:42 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2004/08/04 00:56:42 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2004/08/04 00:56:42 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2004/08/04 00:56:42 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2004/08/04 00:56:42 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004/08/04 00:56:46 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2004/08/04 00:56:48 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 22:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %SYSTEMDRIVE%\*.* >
[2010/07/27 08:22:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/27 12:45:03 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/15 14:59:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/04/15 15:14:56 | 000,014,701 | ---- | M] () -- C:\ComboFix.txt
[2010/07/27 08:22:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/27 08:22:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/27 08:22:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/27 12:41:17 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/27 12:41:17 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/04/17 10:07:46 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/04/13 16:44:19 | 000,000,785 | ---- | M] () -- C:\rkill.log

< %PROGRAMFILES%\*. >
[2010/07/27 13:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2011/04/02 20:02:30 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/10/31 12:13:39 | 000,000,000 | ---D | M] -- C:\Program Files\AutoHotkey
[2011/04/13 18:42:58 | 000,000,000 | ---D | M] -- C:\Program Files\Axialis
[2011/04/09 21:58:25 | 000,000,000 | ---D | M] -- C:\Program Files\BabylonToolbar
[2010/10/07 20:52:09 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/07/27 13:38:46 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2011/02/14 13:02:54 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/07/27 20:52:08 | 000,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
[2011/04/15 15:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/07/27 08:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/01/28 16:06:59 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2011/01/28 16:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\ConduitEngine
[2010/10/26 20:25:43 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2011/04/15 21:56:06 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/07/27 14:24:08 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2010/07/27 13:39:20 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/07/27 13:36:44 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/07/27 18:12:57 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/04/02 20:03:58 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/04/02 20:04:53 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/08/19 20:57:59 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2010/11/07 13:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/30 13:02:00 | 000,000,000 | ---D | M] -- C:\Program Files\Kaspersky Lab
[2010/10/30 13:00:06 | 000,000,000 | ---D | M] -- C:\Program Files\kis2011_au
[2011/04/13 16:45:20 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/27 18:18:49 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2011/04/07 19:20:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/07/27 08:31:38 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/07/27 13:53:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/07/27 13:53:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/07/27 13:53:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/01/11 15:31:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/07/27 18:16:28 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/04/14 18:33:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/07/27 13:53:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/07/27 08:19:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/07/27 08:19:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/08/07 22:15:15 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/07/27 12:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/03/25 20:57:02 | 000,000,000 | ---D | M] -- C:\Program Files\NJStar Chinese WP
[2010/10/26 20:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2010/07/27 08:19:22 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/07/27 18:14:22 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/09/20 20:53:46 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2010/10/26 20:25:38 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2011/04/02 20:03:23 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/09/25 22:10:39 | 000,000,000 | ---D | M] -- C:\Program Files\Real Alternative
[2010/08/07 22:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/03/18 20:40:27 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2011/03/31 22:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\TI Education
[2010/07/27 08:36:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/01/29 10:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2011/01/28 16:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrentBar
[2011/04/07 19:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/07/27 20:55:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/07/27 20:50:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/07/27 20:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/07/27 12:42:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/07/27 08:19:22 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/07/27 21:46:27 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/07/27 08:31:38 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2011/04/09 21:57:59 | 000,000,000 | ---D | M] -- C:\Program Files\Yuna Software

< %appdata%\*.* >
[2011/04/13 16:41:08 | 000,007,071 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\8702.175
[2010/07/27 18:11:13 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/17 06:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2003/07/17 06:24:25 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2003/07/17 06:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/14 04:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\disk.sys
[2003/07/17 06:26:55 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=D1B16340CEACEECBF52340A0CBDF43E1 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 10:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2003/07/17 06:28:04 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 10:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2003/07/17 06:38:12 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/07 04:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/07 04:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2003/07/17 06:43:57 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 10:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2003/07/17 06:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS
[2008/04/14 04:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-27 08:19:11

< End of report >

Mkl

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-04-15
Operating System : Windows XP

View user profile

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by Mkl on Sun 17 Apr 2011, 11:42 am

and this is the extras.txt
Spoiler:
OTL Extras logfile created on: 17/04/2011 10:11:29 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop\otl
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.02 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
Drive E: | 186.30 Gb Total Space | 161.85 Gb Free Space | 86.88% Space Free | Partition Type: NTFS

Computer Name: KON | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1090:TCP" = 1090:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Warcraft III\war3.exe" = E:\Warcraft III\war3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AutoHotkey" = AutoHotkey 1.0.48.05
"BabylonToolbar" = Babylon toolbar
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"conduitEngine" = Conduit Engine
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader" = Foxit Reader
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NJStar Chinese WP" = NJStar Chinese WP
"Nokia Ovi Suite" = Nokia Ovi Suite
"RealAlt_is1" = Real Alternative 2.0.2
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/04/2011 2:19:37 AM | Computer Name = KON | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/04/2011 2:19:37 AM | Computer Name = KON | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/04/2011 4:31:55 AM | Computer Name = KON | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.0.4094, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 13/04/2011 2:43:54 AM | Computer Name = KON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008cb40.

Error - 14/04/2011 7:26:21 AM | Computer Name = KON | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 14/04/2011 7:26:21 AM | Computer Name = KON | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 14/04/2011 7:26:21 AM | Computer Name = KON | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 14/04/2011 7:26:21 AM | Computer Name = KON | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 14/04/2011 7:26:21 AM | Computer Name = KON | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 14/04/2011 10:27:21 PM | Computer Name = KON | Source = Application Error | ID = 1000
Description = Faulting application paint shop pro 9.exe, version 9.0.0.0, faulting
module paint shop pro 9.exe, version 9.0.0.0, fault address 0x0002fe6f.

[ System Events ]
Error - 14/04/2011 7:20:56 AM | Computer Name = KON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 14/04/2011 8:21:14 PM | Computer Name = KON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 14/04/2011 8:23:25 PM | Computer Name = KON | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 15/04/2011 1:08:05 AM | Computer Name = KON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 15/04/2011 7:57:00 PM | Computer Name = KON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 15/04/2011 11:09:47 PM | Computer Name = KON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 16/04/2011 3:05:26 AM | Computer Name = KON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 16/04/2011 5:40:04 AM | Computer Name = KON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 16/04/2011 5:42:05 AM | Computer Name = KON | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Windows Live\Messenger\msnmsgr.exe.
Reference
error message: The operation completed successfully. .

Error - 16/04/2011 8:08:09 PM | Computer Name = KON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde


< End of report >

its in 2 posts because they are over the word limit

Mkl

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-04-15
Operating System : Windows XP

View user profile

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by DragonMaster Jay on Sun 17 Apr 2011, 8:58 pm

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    Code:
    :otl
    [2011/04/12 20:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nJg28258bAfHl28258
    [2011/04/13 16:41:08 | 000,007,071 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\8702.175
    [2011/04/13 15:50:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Spepozidohugil.bin
    [2011/04/12 20:37:22 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Omawexexiv.dat

    :commands
    [emptytemp]
    [reboot]

  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by Mkl on Sun 17 Apr 2011, 11:38 pm

okay got that done
Spoiler:
All processes killed
========== OTL ==========
Folder C:\Documents and Settings\All Users\Application Data\nJg28258bAfHl28258\ not found.
C:\Documents and Settings\Owner\Application Data\8702.175 moved successfully.
C:\WINDOWS\Spepozidohugil.bin moved successfully.
C:\WINDOWS\Omawexexiv.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 3394600 bytes
->Temporary Internet Files folder emptied: 2005540 bytes
->Java cache emptied: 1702687 bytes
->FireFox cache emptied: 482790604 bytes
->Flash cache emptied: 8956 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1126364 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 468.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04172011_215531

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_268.dat not found!

Registry entries deleted on Reboot...
btw am i supposed to have some thumbs.db file on my desktop?

Mkl

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-04-15
Operating System : Windows XP

View user profile

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by DragonMaster Jay on Mon 18 Apr 2011, 1:50 pm

It's a safe file.

Please download OTS by OldTimer and save it to your Desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS to start the program (if you are running on Vista then right-click the program and
    choose Run as Administrator).
  • At the top, tick on Scan All Users section and Include MD5.
  • At File Age set it to 90 Days
  • In the Processes, Modules, Services, Drivers, and Registry
    section, please set on Safe List.
  • In the Files Created Within and Files Modified Within section, set it to File Age
  • At the bottom, tick on all Safe List and Use Company Name WhiteList option
  • Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
      Reg - Disabled MS Config Items
      Reg - Drivers32
      Reg - Ext
      Reg - IE
      Explorer Bar
      Reg - NetSvcs
      Reg - Safeboot Minimal
      Reg - Safeboot Network
      File - Lop Check
      File - Purity Scan
  • Do NOT change any other settings.
  • Then, in the Custom Scans box, place this in:

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\System32\*.sys
    %systemroot%\System32\drivers\*.dll
    %systemroot%\System32\drivers\*.ini
    %systemroot%\System32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*


  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by Mkl on Mon 18 Apr 2011, 5:23 pm

ummm... breaking the notepad into 2 parts, doesn't fit into 1 post, goes over by 14500letters or so

Spoiler:
[code]
OTS logfile created on: 18/04/2011 3:57:13 PM - Run 1
OTS by OldTimer - Version 3.1.42.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 22.47 Gb Free Space | 60.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 186.30 Gb Total Space | 163.54 Gb Free Space | 87.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KON
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 90 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2011/04/18 15:50:15 | 000,645,632 | ---- | M | MD5 = AF5A3E59558352FF5867CFA60A096A5E] (OldTimer Tools)
nokiamserver.exe -> C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe -> [2010/07/20 11:45:24 | 001,531,904 | ---- | M | MD5 = ACC5596B15EB0351261A483DA06F3EB3] (Nokia)
jucheck.exe -> C:\Program Files\Common Files\Java\Java Update\jucheck.exe -> [2010/05/14 11:44:46 | 000,501,480 | ---- | M | MD5 = DB1A23EE7DD2E5E04E7DE071A6BEF699] (Sun Microsystems, Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2004/08/04 00:56:50 | 001,032,192 | ---- | M | MD5 = A0732187050030AE399B241436565E64] (Microsoft Corporation)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2011/04/18 15:50:15 | 000,645,632 | ---- | M | MD5 = AF5A3E59558352FF5867CFA60A096A5E] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll -> [2004/08/04 00:57:02 | 001,050,624 | ---- | M | MD5 = 5AF68A5E44734A082442668E9C787743] (Microsoft Corporation)

[Win32 Services - Safe List]
(AppMgmt) Application Management [Disabled | Stopped] -> -> File not found
(Akamai) Akamai NetSession Interface [Auto | Running] -> c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -> [2011/03/30 17:13:19 | 003,229,784 | ---- | M | MD5 = A35E6B91CA1FBA354B198969946DE07D] ()
(AVP) Kaspersky Anti-Virus Service [Auto | Stopped] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -> [2010/10/30 15:08:41 | 000,352,976 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
(ServiceLayer) ServiceLayer [On_Demand | Stopped] -> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -> [2010/06/14 15:07:14 | 000,615,936 | ---- | M | MD5 = 2D841B7B7F6DEC32162EDFCC69D61F42] (Nokia)
(npggsvc) nProtect GameGuard Service [On_Demand | Stopped] -> C:\WINDOWS\System32\GameMon.des -> [2010/04/27 09:44:00 | 003,735,920 | ---- | M | MD5 = 529701597F19B8359606F28E43C121FA] (INCA Internet Co., Ltd.)

[Driver Services - Safe List]
(KLIF) Kaspersky Lab Driver [File_System | System | Running] -> C:\WINDOWS\system32\drivers\klif.sys -> [2010/10/30 15:08:41 | 000,475,736 | ---- | M | Unable to obtain MD5] (Kaspersky Lab)
(kl2) kl2 [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\kl2.sys -> [2010/06/09 17:43:52 | 000,011,352 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
(KL1) KL1 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\kl1.sys -> [2010/06/09 17:43:50 | 000,132,184 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
(klim5) Kaspersky Anti-Virus NDIS Filter [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\klim5.sys -> [2010/05/07 12:06:26 | 000,032,856 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
(UsbserFilt) UsbserFilt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -> [2010/02/26 14:32:58 | 000,008,192 | ---- | M | MD5 = 68B4F83CCCF70A2FF32EE142C234332A] (Nokia)
(upperdev) upperdev [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -> [2010/02/26 14:32:46 | 000,008,192 | ---- | M | MD5 = 0CCADC7391021376EDBB8AA649D04E68] (Nokia)
(nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ccdcmbo.sys -> [2010/02/26 14:32:44 | 000,022,528 | ---- | M | MD5 = 3859C69A77793180548802DAC9F34A38] (Nokia)
(nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ccdcmb.sys -> [2010/02/26 14:32:44 | 000,018,176 | ---- | M | MD5 = C3963D85B721A7F80D8A55F4E2867A3A] (Nokia)
(klmouflt) Kaspersky Lab KLMOUFLT [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\klmouflt.sys -> [2009/11/02 20:27:24 | 000,019,472 | ---- | M | Unable to obtain MD5] (Kaspersky Lab)
(pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\pccsmcfd.sys -> [2008/08/26 10:26:12 | 000,018,816 | ---- | M | MD5 = FD2041E9BA03DB7764B2248F02475079] (Nokia)
(WinDriver6) WinDriver6 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\windrvr6.sys -> [2008/07/03 10:59:54 | 000,193,696 | ---- | M | MD5 = 451F905BC7BFF9E1CFF2E7AE76196B2C] (Jungo)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\bcm4sbxp.sys -> [2003/06/30 18:11:52 | 000,043,136 | R--- | M | MD5 = B60F57B4D9CDBC663CC03EB8AF7EC34E] (Broadcom Corporation)
(OMCI) OMCI [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -> [2001/08/22 08:42:58 | 000,013,632 | ---- | M | MD5 = CEC7E2C6C1FA00C7AB2F5434F848AE51] (Dell Computer Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\] > -> ->
HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\: Main\\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\: SearchURL\\"provider" -> ->
HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\: URLSearchHooks\\"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" [HKLM] -> C:\Program Files\uTorrentBar\tbuTor.dll [uTorrentBar Toolbar] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M | MD5 = D9A0CE26ADA5BD15B1B03A752DDF14A6] (Conduit Ltd.)
HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\q9rv5dbh.default\prefs.js ->
network.proxy.http -> "127.0.0.1" ->
network.proxy.http_port -> 50808 ->
network.proxy.type -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions -> ->
HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} -> C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION\ [C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION\] -> [2010/10/26 20:25:50 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 4.0\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/04/14 18:33:33 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/04/02 20:03:24 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions -> ->
HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74} -> C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\THUNDERBIRD CONNECTOR\THUNDERBIRDEXTENSION\ [C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\THUNDERBIRD CONNECTOR\THUNDERBIRDEXTENSION\] -> [2010/10/26 20:25:52 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\THBEXT] -> [2010/10/30 13:03:08 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions -> [2010/07/27 14:18:06 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q9rv5dbh.default\extensions -> [2011/04/15 17:44:09 | 000,000,000 | ---D | M]
DownThemAll! -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q9rv5dbh.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} -> [2011/03/12 16:04:41 | 000,000,000 | ---D | M]
SearchPreview -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q9rv5dbh.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} -> [2011/03/19 20:18:53 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q9rv5dbh.default\extensions\ALone-live@ya.ru -> [2011/04/15 17:44:09 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2011/04/14 18:41:27 | 000,000,000 | ---D | M]
-> C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru -> [2010/10/30 13:16:29 | 000,000,000 | ---D | M]
No name found -> -> File not found
No name found -> C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Q9RV5DBH.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI -> ()
No name found -> C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Q9RV5DBH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI -> ()
Roomy Bookmarks Toolbar -> C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Q9RV5DBH.DEFAULT\EXTENSIONS\ALONE-LIVE@YA.RU -> [2011/04/15 17:44:09 | 000,000,000 | ---D | M]
No name found -> C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Q9RV5DBH.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI -> ()
Java Quick Starter -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF -> [2010/07/27 14:35:11 | 000,000,000 | ---D | M]
~[Filtered]~
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{2EECD738-5844-4a99-B4B6-146BF802613B} [HKLM] -> C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll [CescrtHlpr Object] -> [2010/11/07 23:45:26 | 000,225,720 | ---- | M | MD5 = 91BCFFE9095DFE033125ADD31EE7FFC1] (Babylon BHO)
{30F9B915-B755-4826-820B-08FBA6BD249D} [HKLM] -> C:\Program Files\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M | MD5 = D9A0CE26ADA5BD15B1B03A752DDF14A6] (Conduit Ltd.)
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll [IEVkbdBHO Class] -> [2010/07/01 21:35:08 | 000,068,280 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Plug-In] -> [2010/11/22 19:05:52 | 001,242,504 | ---- | M | MD5 = 590C4454A1D36F76DA1F636FAD139771] (Skype Technologies S.A.)
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [HKLM] -> C:\Program Files\uTorrentBar\tbuTor.dll [uTorrentBar Toolbar] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M | MD5 = D9A0CE26ADA5BD15B1B03A752DDF14A6] (Conduit Ltd.)
{E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [FilterBHO Class] -> [2010/07/01 21:35:14 | 000,191,160 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> C:\Program Files\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M | MD5 = D9A0CE26ADA5BD15B1B03A752DDF14A6] (Conduit Ltd.)
"{98889811-442D-49dd-99D7-DC866BE87DBC}" [HKLM] -> C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll [Babylon Toolbar] -> [2010/11/07 23:45:28 | 000,184,760 | ---- | M | MD5 = CF158FAC1864EE97BFE3221285FEC23A] (Babylon Ltd.)
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" [HKLM] -> C:\Program Files\uTorrentBar\tbuTor.dll [uTorrentBar Toolbar] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M | MD5 = D9A0CE26ADA5BD15B1B03A752DDF14A6] (Conduit Ltd.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}" [HKLM] -> C:\Program Files\uTorrentBar\tbuTor.dll [uTorrentBar Toolbar] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M | MD5 = D9A0CE26ADA5BD15B1B03A752DDF14A6] (Conduit Ltd.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AVP" -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe ["C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"] -> [2010/10/30 15:08:41 | 000,352,976 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
"BabylonToolbar" -> C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe ["C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I] -> [2010/11/07 19:22:00 | 000,286,720 | ---- | M | MD5 = 000A83380536DF86EFE77D020D812F96] (Babylon Ltd.)
"IMJPMIG8.1" -> C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> [2004/08/03 22:32:00 | 000,208,952 | ---- | M | MD5 = 7BBE4CF421AECC7F0226EDD75F12079F] (Microsoft Corporation)
"NokiaMServer" -> C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe [C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup] -> [2010/07/20 11:45:24 | 001,531,904 | ---- | M | MD5 = ACC5596B15EB0351261A483DA06F3EB3] (Nokia)
"PHIME2002A" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName] -> [2003/07/17 06:23:16 | 000,455,168 | ---- | M | MD5 = 024DC0F68DF5FD6AE9DD82DFBAF479D6] (Microsoft Corporation)
"PHIME2002ASync" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC] -> [2003/07/17 06:23:16 | 000,455,168 | ---- | M | MD5 = 024DC0F68DF5FD6AE9DD82DFBAF479D6] (Microsoft Corporation)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003] > -> HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"AllowLegacyWebView" -> [1] -> File not found
\\"AllowUnhashedWebView" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003] > -> HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003] > -> HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{4248FE82-7FCB-46AC-B270-339F08212110}:{4248FE82-7FCB-46AC-B270-339F08212110} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [Button: &Virtual Keyboard] -> [2010/07/01 21:35:14 | 000,191,160 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Button: Skype Plug-In] -> [2010/11/22 19:05:52 | 001,242,504 | ---- | M | MD5 = 590C4454A1D36F76DA1F636FAD139771] (Skype Technologies S.A.)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Menu: Skype Plug-In] -> [2010/11/22 19:05:52 | 001,242,504 | ---- | M | MD5 = 590C4454A1D36F76DA1F636FAD139771] (Skype Technologies S.A.)
{CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [Button: URLs c&heck] -> [2010/07/01 21:35:14 | 000,191,160 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{4248FE82-7FCB-46AC-B270-339F08212110}" [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [VirtualKeyboardButtonHandler Class] -> [2010/07/01 21:35:14 | 000,191,160 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
CmdMapping\\"{898EA8C8-E7FF-479B-8935-AEC46303B9E5}" [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Browser Helper] -> [2010/11/22 19:05:52 | 001,242,504 | ---- | M | MD5 = 590C4454A1D36F76DA1F636FAD139771] (Skype Technologies S.A.)
CmdMapping\\"{CCF151D8-D089-449F-A5A4-D9909053F20F}" [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [FilterButtonHandler Class] -> [2010/07/01 21:35:14 | 000,191,160 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> [You must be registered and logged in to see this link.]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [You must be registered and logged in to see this link.] [Java Plug-in 1.6.0_22] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> [You must be registered and logged in to see this link.] [MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> [You must be registered and logged in to see this link.] [Java Plug-in 1.6.0_22] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [You must be registered and logged in to see this link.] [Java Plug-in 1.6.0_22] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> [You must be registered and logged in to see this link.] [Reg Error: Key error.] ->
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> [You must be registered and logged in to see this link.] [Minesweeper Flags Class] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.0.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{54948E67-3CD4-4064-870A-277FDA57788E}\\DhcpNameServer -> 192.168.0.1 (Broadcom 440x 10/100 Integrated Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2004/08/04 00:56:50 | 001,032,192 | ---- | M | MD5 = A0732187050030AE399B241436565E64] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2003/04/07 00:06:48 | 000,315,392 | ---- | M | MD5 = 6474AF152CD6025F781D7A5F2B8B6084] (Intel Corporation)
klogon -> C:\WINDOWS\system32\klogon.dll -> [2010/07/01 21:35:12 | 000,228,024 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"E:\Warcraft III\war3.exe" -> [E:\Warcraft III\war3.exe:*:Enabled:Warcraft III] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2010/07/27 08:22:15 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.iac2" -> C:\WINDOWS\System32\iac25_32.ax [iac25_32.ax] -> [2004/08/04 00:56:58 | 000,199,680 | ---- | M | MD5 = 6580E3EC7593C0621A91387AAB419524] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\System32\l3codeca.acm] -> [2010/01/30 00:43:39 | 000,307,260 | ---- | M | MD5 = F3946B534CC197CBFFD9A2ECFD1F556F] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2004/08/04 00:56:30 | 000,086,016 | ---- | M | MD5 = 059FCD11A8F067650ABF6426E1CB43D3] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2003/07/17 06:48:37 | 000,008,192 | ---- | M | MD5 = E8CD0D7E169ECCE2D4FD829DAAB786ED] (DSP GROUP, INC.)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2004/08/04 00:56:44 | 000,080,384 | ---- | M | MD5 = F263E68AF3B8ACE47DDB70F075B20782] (Radius Inc.)
"vidc.ffds" -> C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll [C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll] -> [2009/08/30 22:13:30 | 000,085,504 | ---- | M | MD5 = 9DA0C6D1B8344F872108F621B56194FF] ()
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2003/07/17 06:30:49 | 000,199,168 | ---- | M | MD5 = 43ECA1576906BA76FB3E329A338A3CAE] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2003/07/17 06:30:49 | 000,199,168 | ---- | M | MD5 = 43ECA1576906BA76FB3E329A338A3CAE] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2004/08/04 00:56:58 | 000,848,384 | ---- | M | MD5 = B106530542C5920EDB040A288BD300AB] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2004/08/04 00:56:44 | 000,755,200 | ---- | M | MD5 = 603CC77B5E5F7977DE2ABFBA50CD6854] (Intel Corporation)
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> C:\Program Files\Microsoft Office\Office12\IEAWSDC.DLL [Microsoft Office Template and Media Control] -> [2006/10/26 20:12:52 | 000,173,328 | ---- | M | MD5 = CC76C38D1995A716AC072D470D4A1345] ()
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{31261F21-2B16-45EE-BEAB-07C4CFA18B65} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/09/15 04:50:40 | 000,108,320 | ---- | M | MD5 = 54A3002507634139763983FBE4DBFE9A] (Sun Microsystems, Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{7DDCF809-C211-4757-AB3E-6387D9DF530B} [HKLM] -> C:\Program Files\uTorrentBar\tbuTor.dll [uTorrentBar API Server] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M | MD5 = D9A0CE26ADA5BD15B1B03A752DDF14A6] (Conduit Ltd.)
{812B35A9-45A7-4292-BF8C-94A156CE7085} [HKLM] -> C:\Program Files\ConduitEngine\ConduitEngine.dll [Conduit Engine API Server] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M | MD5 = D9A0CE26ADA5BD15B1B03A752DDF14A6] (Conduit Ltd.)
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_22.dll [Java Plug-in 1.6.0_22] -> [2010/09/15 04:50:46 | 000,141,088 | ---- | M | MD5 = AFB7EFCDE5277F6514EF0E9FF8D8D862] (Sun Microsystems, Inc.)
{9F9C4924-C3F3-4459-A396-9E9E0D8B83D1} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADEF2-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADEF4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint Stssync Handler] -> File not found
{C2828995-4A83-4100-A212-3024BA117356} [HKLM] -> C:\Program Files\Windows Live SkyDrive\Microsoft.Live.Folders.RichUpload.3.dll [Windows Live Upload Tool] -> [2008/10/29 11:46:56 | 000,245,112 | ---- | M | MD5 = DA204A2BAB5780A0DF37EB5BE58FCA57] (Microsoft Corporation)
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_22.dll [Java Plug-in 1.6.0_22] -> [2010/09/15 04:50:46 | 000,141,088 | ---- | M | MD5 = AFB7EFCDE5277F6514EF0E9FF8D8D862] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_22.dll [Java Plug-in 1.6.0_22] -> [2010/09/15 04:50:46 | 000,141,088 | ---- | M | MD5 = AFB7EFCDE5277F6514EF0E9FF8D8D862] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_22.dll [Java Plug-in 1.6.0_22] -> [2010/09/15 04:50:46 | 000,141,088 | ---- | M | MD5 = AFB7EFCDE5277F6514EF0E9FF8D8D862] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/09/15 04:50:37 | 000,472,808 | ---- | M | MD5 = 27CADAE7E69FEEE773EA55108A8F9F47] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/09/15 04:50:37 | 000,472,808 | ---- | M | MD5 = 27CADAE7E69FEEE773EA55108A8F9F47] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CB927D12-4FF7-4A9E-A169-56E4B8A75598} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [Behavior Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2010/04/28 15:06:20 | 000,111,912 | ---- | M | MD5 = 13984DFEF5DE6E93B19B8BA31D6639C3] (Apple Inc.)
{E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Portal\PortalConnectCore.dll [PersonalSite Class] -> [2006/10/26 21:30:44 | 000,482,088 | ---- | M | MD5 = 799A0E1244038B3FC2E1833D74FFA564] ()
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ ->
{2EECD738-5844-4A99-B4B6-146BF802613B} [HKLM] -> C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll [CescrtHlpr Object] -> [2010/11/07 23:45:26 | 000,225,720 | ---- | M | MD5 = 91BCFFE9095DFE033125ADD31EE7FFC1] (Babylon BHO)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Browser Helper] -> [2010/11/22 19:05:52 | 001,242,504 | ---- | M | MD5 = 590C4454A1D36F76DA1F636FAD139771] (Skype Technologies S.A.)
{98889811-442D-49DD-99D7-DC866BE87DBC} [HKLM] -> C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll [Babylon Toolbar] -> [2010/11/07 23:45:28 | 000,184,760 | ---- | M | MD5 = CF158FAC1864EE97BFE3221285FEC23A] (Babylon Ltd.)
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Plug-In] -> [2010/11/22 19:05:52 | 001,242,504 | ---- | M | MD5 = 590C4454A1D36F76DA1F636FAD139771] (Skype Technologies S.A.)
{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> C:\WINDOWS\system32\proctexe.ocx [Additive Surface] -> [2004/08/03 23:00:26 | 000,081,920 | ---- | M | MD5 = DAF4D5399F78812D3D79F0C9EAB1AC6B] (Intel Corporation)
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ ->
{2670000A-7350-4F3C-8081-5663EE0C6C49} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2EECD738-5844-4A99-B4B6-146BF802613B} [HKLM] -> C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll [CescrtHlpr Object] -> [2010/11/07 23:45:26 | 000,225,720 | ---- | M | MD5 = 91BCFFE9095DFE033125ADD31EE7FFC1] (Babylon BHO)
{30F9B915-B755-4826-820B-08FBA6BD249D} [HKLM] -> C:\Program Files\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M | MD5 = D9A0CE26ADA5BD15B1B03A752DDF14A6] (Conduit Ltd.)
{4248FE82-7FCB-46AC-B270-339F08212110} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [VirtualKeyboardButtonHandler Class] -> [2010/07/01 21:35:14 | 000,191,160 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll [IEVkbdBHO Class] -> [2010/07/01 21:35:08 | 000,068,280 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
{5C255C8A-E604-49B4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Browser Helper] -> [2010/11/22 19:05:52 | 001,242,504 | ---- | M | MD5 = 590C4454A1D36F76DA1F636FAD139771] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{98889811-442D-49DD-99D7-DC866BE87DBC} [HKLM] -> C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll [Babylon Toolbar] -> [2010/11/07 23:45:28 | 000,184,760 | ---- | M | MD5 = CF158FAC1864EE97BFE3221285FEC23A] (Babylon Ltd.)
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Plug-In] -> [2010/11/22 19:05:52 | 001,242,504 | ---- | M | MD5 = 590C4454A1D36F76DA1F636FAD139771] (Skype Technologies S.A.)
{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} [HKLM] -> C:\Program Files\uTorrentBar\tbuTor.dll [uTorrentBar Toolbar] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M | MD5 = D9A0CE26ADA5BD15B1B03A752DDF14A6] (Conduit Ltd.)
{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [FilterButtonHandler Class] -> [2010/07/01 21:35:14 | 000,191,160 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [FilterBHO Class] -> [2010/07/01 21:35:14 | 000,191,160 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1801674531-682003330-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
AppMgmt -> -> File not found
Ias -> -> File not found
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
WmdmPmSp -> -> File not found
*MultiFile Done* -> ->
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
AppMgmt -> -> File not found
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
AppMgmt -> -> File not found
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver



Mkl

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-04-15
Operating System : Windows XP

View user profile

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by Mkl on Mon 18 Apr 2011, 5:23 pm

second part

Spoiler:
[Files/Folders - Created Within 90 Days]
OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2011/04/18 15:50:14 | 000,645,632 | ---- | C | MD5 = AF5A3E59558352FF5867CFA60A096A5E] (OldTimer Tools)
_OTL -> C:\_OTL -> [2011/04/17 21:55:31 | 000,000,000 | ---D | C]
otl -> C:\Documents and Settings\Owner\Desktop\otl -> [2011/04/17 10:11:05 | 000,000,000 | ---D | C]
ESET -> C:\Program Files\ESET -> [2011/04/15 21:56:06 | 000,000,000 | ---D | C]
RECYCLER -> C:\RECYCLER -> [2011/04/15 18:21:05 | 000,000,000 | -HSD | C]
cmdcons -> C:\cmdcons -> [2011/04/15 14:59:07 | 000,000,000 | RHSD | C]
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2011/04/15 14:57:27 | 000,212,480 | ---- | C | MD5 = B1A9CF0B6F80611D31987C247EC630B4] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2011/04/15 14:57:27 | 000,161,792 | ---- | C | MD5 = 01D95A1F8CF13D07CC564AABB36BCC0B] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2011/04/15 14:57:27 | 000,136,704 | ---- | C | MD5 = B7517DB073B28F5696A1E5528ABEB5D0] (SteelWerX)
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2011/04/15 14:57:27 | 000,031,232 | ---- | C | MD5 = AE72E8619CB31D84DA25E2435E55003C] (NirSoft)
ERDNT -> C:\WINDOWS\ERDNT -> [2011/04/15 14:57:19 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2011/04/15 14:57:12 | 000,000,000 | ---D | C]
PSX2PSPv1.4.2FULL -> C:\Documents and Settings\Owner\My Documents\PSX2PSPv1.4.2FULL -> [2011/04/14 16:39:10 | 000,000,000 | ---D | C]
ImpalerPSX -> C:\Documents and Settings\Owner\My Documents\ImpalerPSX -> [2011/04/14 16:38:30 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\Owner\Application Data\Malwarebytes -> [2011/04/13 16:45:27 | 000,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/04/13 16:45:20 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2011/04/13 16:45:19 | 000,038,224 | ---- | C | MD5 = D68E165C3123ABA3B1282EDDB4213BD8] (Malwarebytes Corporation)
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2011/04/13 16:45:19 | 000,000,000 | ---D | C]
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2011/04/13 16:45:16 | 000,020,952 | ---- | C | MD5 = 836E0E09CA9869BE7EB39EF2CF3602C7] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/04/13 16:45:16 | 000,000,000 | ---D | C]
Kaspersky Anti-Virus 2011 -> C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Anti-Virus 2011 -> [2011/04/12 21:50:41 | 000,000,000 | ---D | C]
nJg28258bAfHl28258 -> C:\Documents and Settings\All Users\Application Data\nJg28258bAfHl28258 -> [2011/04/12 20:36:21 | 000,000,000 | ---D | C]
Axialis -> C:\Documents and Settings\Owner\Application Data\Axialis -> [2011/04/12 18:23:06 | 000,000,000 | ---D | C]
Axialis -> C:\Program Files\Axialis -> [2011/04/12 18:23:03 | 000,000,000 | ---D | C]
Axialis -> C:\Documents and Settings\Owner\Local Settings\Application Data\Axialis -> [2011/04/12 18:22:57 | 000,000,000 | ---D | C]
FileServe Manager -> C:\Documents and Settings\Owner\Local Settings\Application Data\FileServe Manager -> [2011/04/12 17:42:04 | 000,000,000 | ---D | C]
FileServe Limited -> C:\Documents and Settings\All Users\Application Data\FileServe Limited -> [2011/04/12 17:41:44 | 000,000,000 | ---D | C]
BabylonToolbar -> C:\Documents and Settings\Owner\Application Data\BabylonToolbar -> [2011/04/10 18:37:49 | 000,000,000 | ---D | C]
Messenger Plus! -> C:\Documents and Settings\All Users\Application Data\Messenger Plus! -> [2011/04/09 21:59:12 | 000,000,000 | ---D | C]
BabylonToolbar -> C:\Program Files\BabylonToolbar -> [2011/04/09 21:58:25 | 000,000,000 | ---D | C]
Yuna Software -> C:\Program Files\Yuna Software -> [2011/04/09 21:57:59 | 000,000,000 | ---D | C]
Microsoft -> C:\Program Files\Microsoft -> [2011/04/07 19:20:29 | 000,000,000 | ---D | C]
Windows Live -> C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live -> [2011/04/07 19:20:15 | 000,000,000 | ---D | C]
Windows Live -> C:\Program Files\Windows Live -> [2011/04/07 19:19:56 | 000,000,000 | ---D | C]
iTunes -> C:\Documents and Settings\All Users\Start Menu\Programs\iTunes -> [2011/04/02 20:04:55 | 000,000,000 | ---D | C]
iPod -> C:\Program Files\iPod -> [2011/04/02 20:03:58 | 000,000,000 | ---D | C]
iTunes -> C:\Program Files\iTunes -> [2011/04/02 20:03:51 | 000,000,000 | ---D | C]
QuickTime -> C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime -> [2011/04/02 20:03:14 | 000,000,000 | ---D | C]
QuickTime -> C:\Program Files\QuickTime -> [2011/04/02 20:02:49 | 000,000,000 | ---D | C]
Apple Software Update -> C:\Program Files\Apple Software Update -> [2011/04/02 20:02:29 | 000,000,000 | ---D | C]
SilvrLnk.sys -> C:\WINDOWS\System32\drivers\SilvrLnk.sys -> [2011/03/31 22:01:40 | 000,021,456 | ---- | C | MD5 = 392834ADB35DEB199B03AE6A6CAAB23A] (Texas Instruments Incorporated)
TI Tools -> C:\Documents and Settings\All Users\Start Menu\Programs\TI Tools -> [2011/03/31 22:01:21 | 000,000,000 | ---D | C]
TI Education -> C:\Program Files\TI Education -> [2011/03/31 22:01:16 | 000,000,000 | ---D | C]
Wise Installation Wizard -> C:\Program Files\Common Files\Wise Installation Wizard -> [2011/03/31 21:53:56 | 000,000,000 | ---D | C]
NJStar Chinese WP -> C:\Documents and Settings\Owner\Start Menu\Programs\NJStar Chinese WP -> [2011/03/25 20:56:59 | 000,000,000 | ---D | C]
NJStar Chinese WP -> C:\Documents and Settings\All Users\Start Menu\Programs\NJStar Chinese WP -> [2011/03/25 20:56:59 | 000,000,000 | ---D | C]
NJStar -> C:\Documents and Settings\Owner\Application Data\NJStar -> [2011/03/25 20:56:59 | 000,000,000 | ---D | C]
NJStar Chinese WP -> C:\Program Files\NJStar Chinese WP -> [2011/03/25 20:56:56 | 000,000,000 | ---D | C]
skypePM -> C:\Documents and Settings\Owner\Application Data\skypePM -> [2011/03/18 20:41:03 | 000,000,000 | ---D | C]
Skype -> C:\Documents and Settings\All Users\Start Menu\Programs\Skype -> [2011/03/18 20:40:09 | 000,000,000 | ---D | C]
Skype -> C:\Program Files\Common Files\Skype -> [2011/03/18 20:40:08 | 000,000,000 | ---D | C]
Skype -> C:\Program Files\Skype -> [2011/03/18 20:40:06 | 000,000,000 | R--D | C]
Skype -> C:\Documents and Settings\Owner\Application Data\Skype -> [2011/03/18 20:40:02 | 000,000,000 | ---D | C]
Skype -> C:\Documents and Settings\All Users\Application Data\Skype -> [2011/03/18 20:39:54 | 000,000,000 | ---D | C]
Recent -> C:\Documents and Settings\Owner\Recent -> [2011/02/14 13:04:29 | 000,000,000 | RH-D | C]
CCleaner -> C:\Program Files\CCleaner -> [2011/02/14 13:02:44 | 000,000,000 | ---D | C]
Conduit -> C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit -> [2011/01/28 16:07:00 | 000,000,000 | ---D | C]
Conduit -> C:\Program Files\Conduit -> [2011/01/28 16:06:59 | 000,000,000 | ---D | C]
uTorrentBar -> C:\Documents and Settings\Owner\Local Settings\Application Data\uTorrentBar -> [2011/01/28 16:06:55 | 000,000,000 | ---D | C]
ConduitEngine -> C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine -> [2011/01/28 16:06:50 | 000,000,000 | ---D | C]
ConduitEngine -> C:\Program Files\ConduitEngine -> [2011/01/28 16:06:47 | 000,000,000 | ---D | C]
uTorrentBar -> C:\Program Files\uTorrentBar -> [2011/01/28 16:06:37 | 000,000,000 | ---D | C]
Apple Computer -> C:\Documents and Settings\LocalService\Application Data\Apple Computer -> [2011/01/25 23:00:07 | 000,000,000 | ---D | C]

[Files/Folders - Modified Within 90 Days]
OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2011/04/18 15:50:15 | 000,645,632 | ---- | M | MD5 = AF5A3E59558352FF5867CFA60A096A5E] (OldTimer Tools)
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/04/18 15:48:24 | 000,002,048 | --S- | M | MD5 = 6A2CB42966136854F4464516FBB4AE72] ()
Microsoft Office Word 2007.lnk -> C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk -> [2011/04/18 11:05:44 | 000,002,515 | ---- | M | MD5 = 5835521B7442B2F98279A84BC8FEA985] ()
CKScanner.exe -> C:\Documents and Settings\Owner\Desktop\CKScanner.exe -> [2011/04/16 10:01:26 | 000,453,632 | ---- | M | MD5 = B3DFC8305C0C2AEE37B478D95DBC81FF] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2011/04/15 15:07:42 | 000,000,027 | ---- | M | MD5 = 6A4029CFF35FD4BA34C001C1ED5D9945] ()
boot.ini -> C:\boot.ini -> [2011/04/15 14:59:12 | 000,000,327 | RHS- | M | MD5 = 012058B1753F8A6C221D1884098FBD82] ()
ComboFix.exe -> C:\Documents and Settings\Owner\Desktop\ComboFix.exe -> [2011/04/15 14:56:23 | 004,321,202 | R--- | M | MD5 = 5AE5F54F211EE7CB6AE604AF63D6E039] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/04/15 12:19:54 | 000,039,424 | ---- | M | MD5 = 11452D05E3159BF3957B494FB45D86DB] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/04/13 16:45:20 | 000,000,784 | ---- | M | MD5 = E6CAB5A056172204F4F2BEB220C88C1D] ()
klin.dat -> C:\WINDOWS\System32\drivers\klin.dat -> [2011/04/09 14:53:02 | 000,115,267 | ---- | M | Unable to obtain MD5] ()
klick.dat -> C:\WINDOWS\System32\drivers\klick.dat -> [2011/04/09 14:53:02 | 000,097,859 | ---- | M | Unable to obtain MD5] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011/04/01 15:24:56 | 000,286,904 | ---- | M | MD5 = 27FABBD471C41E42F121644EBBB9D632] ()
TI Connect.lnk -> C:\Documents and Settings\All Users\Desktop\TI Connect.lnk -> [2011/03/31 22:01:22 | 000,001,102 | ---- | M | MD5 = 7BB9BE802EE12DE5799A0391018FB0BB] ()
NJStar Chinese WP.lnk -> C:\Documents and Settings\All Users\Desktop\NJStar Chinese WP.lnk -> [2011/03/25 20:56:59 | 000,000,733 | ---- | M | MD5 = 396F15FBF61009F00A53FC54BAD5AD68] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> [2011/03/25 20:27:57 | 000,000,742 | ---- | M | MD5 = AECC81EEF44491A59D2032FF3555874E] ()
Skype.lnk -> C:\Documents and Settings\All Users\Desktop\Skype.lnk -> [2011/03/20 19:39:57 | 000,002,415 | ---- | M | MD5 = 0DE556D8013F8C612F72E47FEEB05675] ()
ezsidmv.dat -> C:\WINDOWS\System32\ezsidmv.dat -> [2011/03/18 20:41:06 | 000,000,056 | -H-- | M | MD5 = 29F8A8CBEC629393A068923EA41AB2B2] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2011/03/18 18:14:09 | 000,495,958 | ---- | M | MD5 = A70FADF2861D4B723DB2EDCF9752DE50] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2011/03/18 18:14:09 | 000,084,442 | ---- | M | MD5 = EDD5EBE35E0860727B3EA5AF3E8B9D02] ()
Microsoft Office Excel 2007.lnk -> C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2007.lnk -> [2011/03/08 22:11:41 | 000,002,485 | ---- | M | MD5 = 9D2523EE9D4DC2746FBEFE0249E8A9C9] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/03/06 15:32:33 | 000,002,206 | ---- | M | MD5 = D1EEA952A2CCF71A779146BFD1086A83] ()

[Files - No Company Name]
CKScanner.exe -> C:\Documents and Settings\Owner\Desktop\CKScanner.exe -> [2011/04/16 10:01:25 | 000,453,632 | ---- | C | MD5 = B3DFC8305C0C2AEE37B478D95DBC81FF] ()
Boot.bak -> C:\Boot.bak -> [2011/04/15 14:59:12 | 000,000,211 | ---- | C | MD5 = F61DF22835F390A718706EFAF02C55F9] ()
cmldr -> C:\cmldr -> [2011/04/15 14:59:08 | 000,260,272 | RHS- | C | MD5 = 94E5450C43E4CF78E1D3AD4816966909] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2011/04/15 14:57:27 | 000,256,512 | ---- | C | MD5 = F1FBA6185A6A2BC6456970914875078E] ()
sed.exe -> C:\WINDOWS\sed.exe -> [2011/04/15 14:57:27 | 000,098,816 | ---- | C | MD5 = 2B657A67AEBB84AEA5632C53E61E23BF] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2011/04/15 14:57:27 | 000,089,088 | ---- | C | MD5 = 9DAA7218961710008D7385B01BD3F386] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2011/04/15 14:57:27 | 000,080,412 | ---- | C | MD5 = 9E05A9C264C8A908A8E79450FCBFF047] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2011/04/15 14:57:27 | 000,068,096 | ---- | C | MD5 = 5E832F4FAF5F481F2EAF3B3A48F603B8] ()
ComboFix.exe -> C:\Documents and Settings\Owner\Desktop\ComboFix.exe -> [2011/04/15 14:56:06 | 004,321,202 | R--- | C | MD5 = 5AE5F54F211EE7CB6AE604AF63D6E039] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/04/13 16:45:20 | 000,000,784 | ---- | C | MD5 = E6CAB5A056172204F4F2BEB220C88C1D] ()
TI Connect.lnk -> C:\Documents and Settings\All Users\Desktop\TI Connect.lnk -> [2011/03/31 22:01:22 | 000,001,102 | ---- | C | MD5 = 7BB9BE802EE12DE5799A0391018FB0BB] ()
NJStar Chinese WP.lnk -> C:\Documents and Settings\All Users\Desktop\NJStar Chinese WP.lnk -> [2011/03/25 20:56:59 | 000,000,733 | ---- | C | MD5 = 396F15FBF61009F00A53FC54BAD5AD68] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk -> [2011/03/25 20:27:57 | 000,000,730 | ---- | C | MD5 = F3B316BD7BE173DE7B9FDEF57BF3B400] ()
ezsidmv.dat -> C:\WINDOWS\System32\ezsidmv.dat -> [2011/03/18 20:41:06 | 000,000,056 | -H-- | C | MD5 = 29F8A8CBEC629393A068923EA41AB2B2] ()
Skype.lnk -> C:\Documents and Settings\All Users\Desktop\Skype.lnk -> [2011/03/18 20:40:09 | 000,002,415 | ---- | C | MD5 = 0DE556D8013F8C612F72E47FEEB05675] ()
Microsoft Office Excel 2007.lnk -> C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2007.lnk -> [2011/03/09 21:08:34 | 000,002,485 | ---- | C | MD5 = 9D2523EE9D4DC2746FBEFE0249E8A9C9] ()
klin.dat -> C:\WINDOWS\System32\drivers\klin.dat -> [2010/10/30 13:04:35 | 000,115,267 | ---- | C | Unable to obtain MD5] ()
klick.dat -> C:\WINDOWS\System32\drivers\klick.dat -> [2010/10/30 13:04:35 | 000,097,859 | ---- | C | Unable to obtain MD5] ()
FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2010/08/07 22:18:48 | 000,168,400 | ---- | C | MD5 = 51A564B463E9C8C82A34625F28F575CF] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/07/28 21:06:10 | 000,039,424 | ---- | C | MD5 = 11452D05E3159BF3957B494FB45D86DB] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2010/07/27 18:11:36 | 000,004,161 | ---- | C | MD5 = CF20C26877B14BED0A9AA15A4800C3F8] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/07/27 18:10:40 | 000,286,904 | ---- | C | MD5 = 27FABBD471C41E42F121644EBBB9D632] ()
nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2010/07/27 14:18:03 | 000,000,000 | ---- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/07/27 08:32:45 | 000,002,048 | --S- | C | MD5 = 6A2CB42966136854F4464516FBB4AE72] ()
emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2010/07/27 08:19:59 | 000,021,640 | ---- | C | MD5 = 6F2F869DC147CA61D13C297CE827E9B1] ()
klopp.dat -> C:\WINDOWS\System32\drivers\klopp.dat -> [2009/09/09 19:01:40 | 000,027,675 | ---- | C | Unable to obtain MD5] ()
secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2004/08/02 14:20:40 | 000,004,569 | ---- | C | MD5 = 8588009E29654C772D891CD9CE983A1C] ()
oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2003/07/17 06:54:55 | 000,004,594 | ---- | C | MD5 = 17C9BFB1927530DB531AD11EB0AF4DF2] ()
oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2003/07/17 06:54:54 | 013,107,200 | ---- | C | MD5 = 5D99FEC4DC0AFA9EC9CA7E802A783DD3] ()
secdrv.sys -> C:\WINDOWS\System32\drivers\secdrv.sys -> [2003/07/17 06:44:08 | 000,027,440 | ---- | C | MD5 = D26E26EA516450AF9D072635C60387F4] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2003/07/17 06:41:25 | 000,495,958 | ---- | C | MD5 = A70FADF2861D4B723DB2EDCF9752DE50] ()
perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2003/07/17 06:41:25 | 000,272,128 | ---- | C | MD5 = 7796CCDEE5911408F15092CF3C3A563C] ()
perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2003/07/17 06:41:23 | 000,028,626 | ---- | C | MD5 = ECA2A3B283482FB78B446902F0BBA7DC] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2003/07/17 06:41:21 | 000,084,442 | ---- | C | MD5 = EDD5EBE35E0860727B3EA5AF3E8B9D02] ()
noise.dat -> C:\WINDOWS\System32\noise.dat -> [2003/07/17 06:39:07 | 000,000,741 | ---- | C | MD5 = DE78E0C57BC478D47CC2F470B68E1A45] ()
mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2003/07/17 06:33:50 | 000,673,088 | ---- | C | MD5 = ED434A3EBE29070A7E0138C42482EB93] ()
mib.bin -> C:\WINDOWS\System32\mib.bin -> [2003/07/17 06:33:39 | 000,046,258 | ---- | C | MD5 = 6FAFC044FAC0A871A0D9BE448FF83832] ()
dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2003/07/17 06:27:41 | 000,218,003 | ---- | C | MD5 = B26B88487BB3F49726DEB5E7D160DC38] ()
dcache.bin -> C:\WINDOWS\System32\dcache.bin -> [2003/07/17 06:26:37 | 000,001,788 | ---- | C | MD5 = 524C47310868F0D11A7CF21D3CEE0FD1] ()

[File - Lop Check]
FileServe Limited -> C:\Documents and Settings\All Users\Application Data\FileServe Limited -> [2011/04/12 17:41:44 | 000,000,000 | ---D | M]
Messenger Plus! -> C:\Documents and Settings\All Users\Application Data\Messenger Plus! -> [2011/04/09 21:59:12 | 000,000,000 | ---D | M]
NexonUS -> C:\Documents and Settings\All Users\Application Data\NexonUS -> [2011/04/02 19:54:50 | 000,000,000 | ---D | M]
nJg28258bAfHl28258 -> C:\Documents and Settings\All Users\Application Data\nJg28258bAfHl28258 -> [2011/04/13 17:08:32 | 000,000,000 | ---D | M]
Nokia -> C:\Documents and Settings\All Users\Application Data\Nokia -> [2010/10/26 21:09:44 | 000,000,000 | ---D | M]
NokiaInstallerCache -> C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache -> [2010/10/26 20:23:51 | 000,000,000 | ---D | M]
PC Suite -> C:\Documents and Settings\All Users\Application Data\PC Suite -> [2010/10/26 20:34:01 | 000,000,000 | ---D | M]
PMB Files -> C:\Documents and Settings\All Users\Application Data\PMB Files -> [2011/01/10 19:39:58 | 000,000,000 | ---D | M]
{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/08/08 20:28:09 | 000,000,000 | ---D | M]
{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> [2010/07/27 21:06:07 | 000,000,000 | ---D | M]
Axialis -> C:\Documents and Settings\Owner\Application Data\Axialis -> [2011/04/12 18:23:06 | 000,000,000 | ---D | M]
BabylonToolbar -> C:\Documents and Settings\Owner\Application Data\BabylonToolbar -> [2011/04/10 18:37:49 | 000,000,000 | ---D | M]
Foxit Software -> C:\Documents and Settings\Owner\Application Data\Foxit Software -> [2010/08/02 20:09:49 | 000,000,000 | ---D | M]
GetRightToGo -> C:\Documents and Settings\Owner\Application Data\GetRightToGo -> [2010/07/29 19:19:47 | 000,000,000 | ---D | M]
NJStar -> C:\Documents and Settings\Owner\Application Data\NJStar -> [2011/03/25 20:56:59 | 000,000,000 | ---D | M]
Nokia -> C:\Documents and Settings\Owner\Application Data\Nokia -> [2010/10/26 20:38:51 | 000,000,000 | ---D | M]
PC Suite -> C:\Documents and Settings\Owner\Application Data\PC Suite -> [2010/10/26 20:40:24 | 000,000,000 | ---D | M]
uTorrent -> C:\Documents and Settings\Owner\Application Data\uTorrent -> [2011/04/12 22:48:16 | 000,000,000 | ---D | M]

[File - Purity Scan]

[Custom Scans]
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
klogon.dll : Unable to obtain MD5 -> C:\WINDOWS\system32\klogon.dll -> [2010/07/01 21:35:12 | 000,228,024 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
< %systemroot%\system32\*.exe /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
kl1.sys : Unable to obtain MD5 -> C:\WINDOWS\system32\drivers\kl1.sys -> [2010/06/09 17:43:50 | 000,132,184 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
kl2.sys : Unable to obtain MD5 -> C:\WINDOWS\system32\drivers\kl2.sys -> [2010/06/09 17:43:52 | 000,011,352 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
klif.sys : Unable to obtain MD5 -> C:\WINDOWS\system32\drivers\klif.sys -> [2010/10/30 15:08:41 | 000,475,736 | ---- | M | Unable to obtain MD5] (Kaspersky Lab)
klim5.sys : Unable to obtain MD5 -> C:\WINDOWS\system32\drivers\klim5.sys -> [2010/05/07 12:06:26 | 000,032,856 | ---- | M | Unable to obtain MD5] (Kaspersky Lab ZAO)
klmouflt.sys : Unable to obtain MD5 -> C:\WINDOWS\system32\drivers\klmouflt.sys -> [2009/11/02 20:27:24 | 000,019,472 | ---- | M | Unable to obtain MD5] (Kaspersky Lab)
< %systemroot%\System32\config\*.sav >
default.sav -> C:\WINDOWS\system32\config\default.sav -> [2010/07/27 18:10:04 | 000,094,208 | ---- | M | MD5 = 017F508F3D6B922E77D9230AE05AD7D5] ()
software.sav -> C:\WINDOWS\system32\config\software.sav -> [2010/07/27 18:10:04 | 000,602,112 | ---- | M | MD5 = 8F10884415F428920631AE450A8F5884] ()
system.sav -> C:\WINDOWS\system32\config\system.sav -> [2010/07/27 18:10:04 | 000,393,216 | ---- | M | MD5 = C1F66650239AB49BB39F5641CDF66BF3] ()
< %systemroot%\System32\*.sys >
ansi.sys -> C:\WINDOWS\system32\ansi.sys -> [2003/07/17 06:24:13 | 000,009,029 | ---- | M | MD5 = 8AAD333C876590293F72B315E162BCC7] ()
country.sys -> C:\WINDOWS\system32\country.sys -> [2003/07/17 06:25:52 | 000,027,097 | ---- | M | MD5 = 0FE9F16075C9ACB941C957B7C649176E] ()
himem.sys -> C:\WINDOWS\system32\himem.sys -> [2003/07/17 06:29:25 | 000,004,768 | ---- | M | MD5 = E6BC0F98FECEF245A0010D350C1A0B9B] ()
key01.sys -> C:\WINDOWS\system32\key01.sys -> [2003/07/17 06:31:42 | 000,042,809 | ---- | M | MD5 = 582BCDD47CF4B68B5CB528F18E3CB808] ()
keyboard.sys -> C:\WINDOWS\system32\keyboard.sys -> [2003/07/17 06:31:44 | 000,042,537 | ---- | M | MD5 = FBBCFEC1379C5C02D88A361993EDF1B8] ()
npptNT2.sys -> C:\WINDOWS\system32\npptNT2.sys -> [2005/01/04 10:43:08 | 000,004,682 | ---- | M | MD5 = 9131FE60ADFAB595C8DA53AD6A06AA31] (INCA Internet Co., Ltd.)
ntdos.sys -> C:\WINDOWS\system32\ntdos.sys -> [2003/07/17 06:39:32 | 000,027,866 | ---- | M | MD5 = FFFF296A08DBF2AC0126C62E3778AC0D] ()
ntdos404.sys -> C:\WINDOWS\system32\ntdos404.sys -> [2003/07/17 06:39:33 | 000,029,146 | ---- | M | MD5 = CF9ED169FF86D935E47999E82359E898] ()
ntdos411.sys -> C:\WINDOWS\system32\ntdos411.sys -> [2003/07/17 06:39:33 | 000,029,370 | ---- | M | MD5 = 03B945AC0481CD8BB161C3569D8ED1C3] ()
ntdos412.sys -> C:\WINDOWS\system32\ntdos412.sys -> [2003/07/17 06:39:37 | 000,029,274 | ---- | M | MD5 = BBC957DC18C17CC027EB80B7C77F2AEA] ()
ntdos804.sys -> C:\WINDOWS\system32\ntdos804.sys -> [2003/07/17 06:39:38 | 000,029,146 | ---- | M | MD5 = 3CFFAEFFF23B0D208214A6D3061A5B1B] ()
ntio.sys -> C:\WINDOWS\system32\ntio.sys -> [2004/08/03 22:45:10 | 000,033,840 | ---- | M | MD5 = 4FE09F868CE65B334B42862C372C69CC] ()
ntio404.sys -> C:\WINDOWS\system32\ntio404.sys -> [2004/08/03 22:45:16 | 000,034,560 | ---- | M | MD5 = 6F73F50162DEF60C84B725C18CD9140F] ()
ntio411.sys -> C:\WINDOWS\system32\ntio411.sys -> [2004/08/03 22:45:12 | 000,035,648 | ---- | M | MD5 = 0FDD5E69C1FF3B58043D44F2CC743D45] ()
ntio412.sys -> C:\WINDOWS\system32\ntio412.sys -> [2004/08/03 22:45:16 | 000,035,424 | ---- | M | MD5 = 8842837C4D8311BF8E72BEE8CCC42217] ()
ntio804.sys -> C:\WINDOWS\system32\ntio804.sys -> [2004/08/03 22:45:14 | 000,034,560 | ---- | M | MD5 = 6B56CEB3C6F9D5CD7293DBD9FE23B311] ()
watchdog.sys -> C:\WINDOWS\system32\watchdog.sys -> [2004/08/03 23:07:34 | 000,017,664 | ---- | M | MD5 = C9BF2F12C4E6C12F8A85FBA4B6BC6208] (Microsoft Corporation)
win32k.sys -> C:\WINDOWS\system32\win32k.sys -> [2010/05/02 15:56:34 | 001,850,880 | ---- | M | MD5 = 7190A8EBD16D56C78864E49C9BB5FE7D] (Microsoft Corporation)
< %systemroot%\System32\drivers\*.dll >
adv01nt5.dll -> C:\WINDOWS\system32\drivers\adv01nt5.dll -> [2004/08/04 00:56:42 | 000,004,255 | ---- | M | MD5 = E843F15273FD0BB4D8D82D02786E0501] (Intel(R) Corporation)
adv02nt5.dll -> C:\WINDOWS\system32\drivers\adv02nt5.dll -> [2004/08/04 00:56:42 | 000,003,967 | ---- | M | MD5 = 8EBACA0542B6BA1F9E44D51571782743] (Intel(R) Corporation)
adv05nt5.dll -> C:\WINDOWS\system32\drivers\adv05nt5.dll -> [2004/08/04 00:56:42 | 000,003,615 | ---- | M | MD5 = ABD110E5843DBC92DB3AF6BD22D87B00] (Intel(R) Corporation)
adv07nt5.dll -> C:\WINDOWS\system32\drivers\adv07nt5.dll -> [2004/08/04 00:56:42 | 000,003,647 | ---- | M | MD5 = 0CB199356BC00F25C68C6A6FC195B5B7] (Intel(R) Corporation)
adv08nt5.dll -> C:\WINDOWS\system32\drivers\adv08nt5.dll -> [2004/08/04 00:56:42 | 000,003,135 | ---- | M | MD5 = 71248001E6C8100274569219F14CFAA1] (Intel(R) Corporation)
adv09nt5.dll -> C:\WINDOWS\system32\drivers\adv09nt5.dll -> [2004/08/04 00:56:42 | 000,003,711 | ---- | M | MD5 = 68B89CCB062E18A201DA0D7A719EA3E8] (Intel(R) Corporation)
adv11nt5.dll -> C:\WINDOWS\system32\drivers\adv11nt5.dll -> [2004/08/04 00:56:42 | 000,003,775 | ---- | M | MD5 = 5E6161F389B252450AD23D3CCEA10508] (Intel(R) Corporation)
atv01nt5.dll -> C:\WINDOWS\system32\drivers\atv01nt5.dll -> [2004/08/04 00:56:42 | 000,021,183 | ---- | M | MD5 = A7B5356B55E1322EE534DCA5BBD07D53] (Intel(R) Corporation)
atv02nt5.dll -> C:\WINDOWS\system32\drivers\atv02nt5.dll -> [2004/08/04 00:56:42 | 000,011,359 | ---- | M | MD5 = 26A953C339990BA628B5E798A58DE05C] (Intel(R) Corporation)
atv04nt5.dll -> C:\WINDOWS\system32\drivers\atv04nt5.dll -> [2004/08/04 00:56:42 | 000,025,471 | ---- | M | MD5 = 510DA475CA621CEFF2B956DAFF39FAED] (Intel(R) Corporation)
atv06nt5.dll -> C:\WINDOWS\system32\drivers\atv06nt5.dll -> [2004/08/04 00:56:42 | 000,014,143 | ---- | M | MD5 = 93AC52C2513A788B4723965DF73A788C] (Intel(R) Corporation)
atv10nt5.dll -> C:\WINDOWS\system32\drivers\atv10nt5.dll -> [2004/08/04 00:56:42 | 000,017,279 | ---- | M | MD5 = E0DA7019226AE1DA265BDD2B9162B9B1] (Intel(R) Corporation)
ch7xxnt5.dll -> C:\WINDOWS\system32\drivers\ch7xxnt5.dll -> [2004/08/04 00:56:42 | 000,015,423 | ---- | M | MD5 = 5043B1E84F0E5E0B5D4173AF56E18544] (Intel(R) Corporation)
siint5.dll -> C:\WINDOWS\system32\drivers\siint5.dll -> [2004/08/04 00:56:46 | 000,003,901 | ---- | M | MD5 = 91401E49115D8A09F4DDF8CE78D31298] (Intel(R) Corporation)
vchnt5.dll -> C:\WINDOWS\system32\drivers\vchnt5.dll -> [2004/08/04 00:56:48 | 000,011,325 | ---- | M | MD5 = 64CA66A32509379BF7932A084A7972AC] (Intel(R) Corporation)
< %systemroot%\System32\drivers\*.ini >
< %systemroot%\System32\drivers\*.exe >
< %SYSTEMDRIVE%\*.* >
AUTOEXEC.BAT -> C:\AUTOEXEC.BAT -> [2010/07/27 08:22:15 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
Boot.bak -> C:\Boot.bak -> [2010/07/27 12:45:03 | 000,000,211 | ---- | M | MD5 = F61DF22835F390A718706EFAF02C55F9] ()
boot.ini -> C:\boot.ini -> [2011/04/15 14:59:12 | 000,000,327 | RHS- | M | MD5 = 012058B1753F8A6C221D1884098FBD82] ()
cmldr -> C:\cmldr -> [2004/08/03 23:00:00 | 000,260,272 | RHS- | M | MD5 = 94E5450C43E4CF78E1D3AD4816966909] ()
ComboFix.txt -> C:\ComboFix.txt -> [2011/04/15 15:14:56 | 000,014,701 | ---- | M | MD5 = 171EAC771B533D04B14BBB66A116B484] ()
CONFIG.SYS -> C:\CONFIG.SYS -> [2010/07/27 08:22:15 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
IO.SYS -> C:\IO.SYS -> [2010/07/27 08:22:15 | 000,000,000 | RHS- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
MSDOS.SYS -> C:\MSDOS.SYS -> [2010/07/27 08:22:15 | 000,000,000 | RHS- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
NTDETECT.COM -> C:\NTDETECT.COM -> [2010/07/27 12:41:17 | 000,047,564 | RHS- | M | MD5 = B2DE3452DE03674C6CEC68B8C8CE7C78] ()
ntldr -> C:\ntldr -> [2010/07/27 12:41:17 | 000,250,032 | RHS- | M | MD5 = 9EC920F4179D45AF3A6638A083D39C85] ()
pagefile.sys -> C:\pagefile.sys -> [2011/04/18 15:48:21 | 2145,386,496 | -HS- | M | Unable to obtain MD5] ()
rkill.log -> C:\rkill.log -> [2011/04/13 16:44:19 | 000,000,785 | ---- | M | MD5 = 224ED4A689ED9B5D5B6E3974D644CABE] ()
< %PROGRAMFILES%\*. >
Analog Devices -> C:\Program Files\Analog Devices -> [2010/07/27 13:35:12 | 000,000,000 | ---D | M]
Apple Software Update -> C:\Program Files\Apple Software Update -> [2011/04/02 20:02:30 | 000,000,000 | ---D | M]
AutoHotkey -> C:\Program Files\AutoHotkey -> [2010/10/31 12:13:39 | 000,000,000 | ---D | M]
Axialis -> C:\Program Files\Axialis -> [2011/04/13 18:42:58 | 000,000,000 | ---D | M]
BabylonToolbar -> C:\Program Files\BabylonToolbar -> [2011/04/09 21:58:25 | 000,000,000 | ---D | M]
Bonjour -> C:\Program Files\Bonjour -> [2010/10/07 20:52:09 | 000,000,000 | ---D | M]
Broadcom -> C:\Program Files\Broadcom -> [2010/07/27 13:38:46 | 000,000,000 | ---D | M]
CCleaner -> C:\Program Files\CCleaner -> [2011/02/14 13:02:54 | 000,000,000 | ---D | M]
Combined Community Codec Pack -> C:\Program Files\Combined Community Codec Pack -> [2010/07/27 20:52:08 | 000,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2011/04/15 15:02:56 | 000,000,000 | ---D | M]
ComPlus Applications -> C:\Program Files\ComPlus Applications -> [2010/07/27 08:19:50 | 000,000,000 | ---D | M]
Conduit -> C:\Program Files\Conduit -> [2011/01/28 16:06:59 | 000,000,000 | ---D | M]
ConduitEngine -> C:\Program Files\ConduitEngine -> [2011/01/28 16:06:53 | 000,000,000 | ---D | M]
DIFX -> C:\Program Files\DIFX -> [2010/10/26 20:25:43 | 000,000,000 | ---D | M]
ESET -> C:\Program Files\ESET -> [2011/04/15 21:56:06 | 000,000,000 | ---D | M]
Foxit Software -> C:\Program Files\Foxit Software -> [2010/07/27 14:24:08 | 000,000,000 | ---D | M]
InstallShield Installation Information -> C:\Program Files\InstallShield Installation Information -> [2010/07/27 13:39:20 | 000,000,000 | -H-D | M]
Intel -> C:\Program Files\Intel -> [2010/07/27 13:36:44 | 000,000,000 | ---D | M]
Internet Explorer -> C:\Program Files\Internet Explorer -> [2010/07/27 18:12:57 | 000,000,000 | ---D | M]
iPod -> C:\Program Files\iPod -> [2011/04/02 20:03:58 | 000,000,000 | ---D | M]
iTunes -> C:\Program Files\iTunes -> [2011/04/02 20:04:53 | 000,000,000 | ---D | M]
Jasc Software Inc -> C:\Program Files\Jasc Software Inc -> [2010/08/19 20:57:59 | 000,000,000 | ---D | M]
Java -> C:\Program Files\Java -> [2010/11/07 13:09:47 | 000,000,000 | ---D | M]
Kaspersky Lab -> C:\Program Files\Kaspersky Lab -> [2010/10/30 13:02:00 | 000,000,000 | ---D | M]
kis2011_au -> C:\Program Files\kis2011_au -> [2010/10/30 13:00:06 | 000,000,000 | ---D | M]
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/04/13 16:45:20 | 000,000,000 | ---D | M]
Messenger -> C:\Program Files\Messenger -> [2010/07/27 18:18:49 | 000,000,000 | ---D | M]
Microsoft -> C:\Program Files\Microsoft -> [2011/04/07 19:20:29 | 000,000,000 | ---D | M]
microsoft frontpage -> C:\Program Files\microsoft frontpage -> [2010/07/27 08:31:38 | 000,000,000 | ---D | M]
Microsoft Office -> C:\Program Files\Microsoft Office -> [2010/07/27 13:53:12 | 000,000,000 | ---D | M]
Microsoft Visual Studio -> C:\Program Files\Microsoft Visual Studio -> [2010/07/27 13:53:01 | 000,000,000 | ---D | M]
Microsoft Works -> C:\Program Files\Microsoft Works -> [2010/07/27 13:53:26 | 000,000,000 | ---D | M]
Microsoft.NET -> C:\Program Files\Microsoft.NET -> [2011/01/11 15:31:12 | 000,000,000 | ---D | M]
Movie Maker -> C:\Program Files\Movie Maker -> [2010/07/27 18:16:28 | 000,000,000 | ---D | M]
Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2011/04/14 18:33:30 | 000,000,000 | ---D | M]
MSBuild -> C:\Program Files\MSBuild -> [2010/07/27 13:53:19 | 000,000,000 | ---D | M]
MSN -> C:\Program Files\MSN -> [2010/07/27 08:19:21 | 000,000,000 | ---D | M]
MSN Gaming Zone -> C:\Program Files\MSN Gaming Zone -> [2010/07/27 08:19:11 | 000,000,000 | ---D | M]
MSXML 6.0 -> C:\Program Files\MSXML 6.0 -> [2010/08/07 22:15:15 | 000,000,000 | ---D | M]
NetMeeting -> C:\Program Files\NetMeeting -> [2010/07/27 12:42:43 | 000,000,000 | ---D | M]
NJStar Chinese WP -> C:\Program Files\NJStar Chinese WP -> [2011/03/25 20:57:02 | 000,000,000 | ---D | M]
Nokia -> C:\Program Files\Nokia -> [2010/10/26 20:25:49 | 000,000,000 | ---D | M]
Online Services -> C:\Program Files\Online Services -> [2010/07/27 08:19:22 | 000,000,000 | ---D | M]
Outlook Express -> C:\Program Files\Outlook Express -> [2010/07/27 18:14:22 | 000,000,000 | ---D | M]
Pando Networks -> C:\Program Files\Pando Networks -> [2010/09/20 20:53:46 | 000,000,000 | ---D | M]
PC Connectivity Solution -> C:\Program Files\PC Connectivity Solution -> [2010/10/26 20:25:38 | 000,000,000 | ---D | M]
QuickTime -> C:\Program Files\QuickTime -> [2011/04/02 20:03:23 | 000,000,000 | ---D | M]
Real Alternative -> C:\Program Files\Real Alternative -> [2010/09/25 22:10:39 | 000,000,000 | ---D | M]
Reference Assemblies -> C:\Program Files\Reference Assemblies -> [2010/08/07 22:18:10 | 000,000,000 | ---D | M]
Skype -> C:\Program Files\Skype -> [2011/03/18 20:40:27 | 000,000,000 | R--D | M]
TI Education -> C:\Program Files\TI Education -> [2011/03/31 22:01:40 | 000,000,000 | ---D | M]
Uninstall Information -> C:\Program Files\Uninstall Information -> [2010/07/27 08:36:56 | 000,000,000 | -H-D | M]
uTorrent -> C:\Program Files\uTorrent -> [2011/01/29 10:04:54 | 000,000,000 | ---D | M]
uTorrentBar -> C:\Program Files\uTorrentBar -> [2011/01/28 16:07:00 | 000,000,000 | ---D | M]
Windows Live -> C:\Program Files\Windows Live -> [2011/04/07 19:20:22 | 000,000,000 | ---D | M]
Windows Live SkyDrive -> C:\Program Files\Windows Live SkyDrive -> [2010/07/27 20:55:37 | 000,000,000 | ---D | M]
Windows Media Connect 2 -> C:\Program Files\Windows Media Connect 2 -> [2010/07/27 20:50:30 | 000,000,000 | ---D | M]
Windows Media Player -> C:\Program Files\Windows Media Player -> [2010/07/27 20:50:29 | 000,000,000 | ---D | M]
Windows NT -> C:\Program Files\Windows NT -> [2010/07/27 12:42:40 | 000,000,000 | ---D | M]
WindowsUpdate -> C:\Program Files\WindowsUpdate -> [2010/07/27 08:19:22 | 000,000,000 | -H-D | M]
WinRAR -> C:\Program Files\WinRAR -> [2010/07/27 21:46:27 | 000,000,000 | ---D | M]
xerox -> C:\Program Files\xerox -> [2010/07/27 08:31:38 | 000,000,000 | ---D | M]
Yuna Software -> C:\Program Files\Yuna Software -> [2011/04/09 21:57:59 | 000,000,000 | ---D | M]
< %appdata%\*.* >
desktop.ini -> C:\Documents and Settings\Owner\Application Data\desktop.ini -> [2010/07/27 18:11:13 | 000,000,062 | -HS- | M | MD5 = 88CF0FF92A4A9FA7BD9B7513B2E9E22B] ()
< End of report >
[/code]

Mkl

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-04-15
Operating System : Windows XP

View user profile

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by DragonMaster Jay on Wed 20 Apr 2011, 3:57 pm

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by Mkl on Wed 20 Apr 2011, 6:09 pm

ummm...
this is probably the main issue with the internet
but, my windows messenger isn't working fully, like i sign in and appear online to people but they still see me offline, this doesn't happen when i use messenger on ipod though.
I don't have any fake anti virus alerts but my processes seem to use up a lot of mem usage.
the wuauclt.exe uses roughly 46,700K and this seems to be quite a bit compared to when i first used this computer after a reformat.
no error messages nor blur screen
ummm... how do i know if my svchost.exe is running at 100%?

but that should be about all my problems that i actually notice

edit: just noticed this but when i turn on my computer, i get this how to load windows screen for a second or 2
couldn't read it but i saw like 3 options, something about safe boot, windows xp and not sure about the other one

Mkl

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-04-15
Operating System : Windows XP

View user profile

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by DragonMaster Jay on Thu 21 Apr 2011, 1:36 pm

Download Process Explorer: [You must be registered and logged in to see this link.]
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by Mkl on Thu 21 Apr 2011, 7:03 pm

okay that screen when I first turn on my computer says some stuff about windows recovery, doesn't seem too important

Procexp.txt
Spoiler:
Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 0 K 16 K
System 4 1.52 0 K 240 K
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
smss.exe 872 168 K 400 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 920 1,864 K 4,136 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 944 6,648 K 4,120 K Windows NT Logon Application Microsoft Corporation winlogon.exe
services.exe 992 2,156 K 4,336 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
svchost.exe 1168 3,300 K 5,160 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch
wmiprvse.exe 3880 3,764 K 7,064 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
wmiprvse.exe 3284 2,944 K 4,840 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
svchost.exe 1272 1,868 K 4,356 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k rpcss
svchost.exe 1400 93.94 63,700 K 77,616 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
wuauclt.exe 2208 10,160 K 41,620 K Windows Update Microsoft Corporation "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[578]SUSDS95c27eade3c6e340b5780379f61d7339
wscntfy.exe 4064 1,048 K 3,008 K Windows Security Center Notification App Microsoft Corporation C:\WINDOWS\system32\wscntfy.exe
wuauclt.exe 4036 2,344 K 4,224 K Windows Update Microsoft Corporation "C:\WINDOWS\system32\wuauclt.exe"
svchost.exe 1444 2,456 K 3,464 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe 1624 1,484 K 3,644 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k NetworkService
svchost.exe 1764 1,564 K 3,904 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
spoolsv.exe 1916 3,636 K 5,364 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
svchost.exe 788 1,344 K 3,460 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalService
svchost.exe 1344 5,660 K 9,620 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k Akamai
AppleMobileDeviceService.exe 1424 4,776 K 7,136 K MobileDeviceService Apple Inc. "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
mDNSResponder.exe 1720 1,276 K 3,744 K Bonjour Service Apple Inc. "C:\Program Files\Bonjour\mDNSResponder.exe"
jqs.exe 124 2,084 K 1,724 K Java(TM) Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
svchost.exe 456 2,568 K 4,196 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k imgsvc
iPodService.exe 3168 2,560 K 4,120 K iPodService Module (32-bit) Apple Inc. "C:\Program Files\iPod\bin\iPodService.exe"
alg.exe 3560 1,232 K 3,564 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
lsass.exe 1004 3,960 K 6,252 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
explorer.exe 280 17,808 K 27,216 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
hkcmd.exe 664 1,980 K 4,436 K hkcmd Module Intel Corporation "C:\WINDOWS\system32\hkcmd.exe"
GrooveMonitor.exe 676 2,072 K 6,428 K GrooveMonitor Utility Microsoft Corporation "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
jusched.exe 688 848 K 2,564 K Java(TM) Update Scheduler Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
iTunesHelper.exe 760 10,636 K 15,392 K iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
NokiaMServer.exe 824 9,144 K 16,676 K Nokia M Platform Nokia "C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles startup
ctfmon.exe 864 1,472 K 4,448 K CTF Loader Microsoft Corporation "C:\WINDOWS\system32\ctfmon.exe"
rundll32.exe 888 2,768 K 4,012 K Run a DLL as an App Microsoft Corporation "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\witc10.dll",Startup
firefox.exe 2840 4.55 136,104 K 150,800 K Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\firefox.exe"
procexp.exe 600 12,452 K 17,780 K Sysinternals Process Explorer Sysinternals - [You must be registered and logged in to see this link.] "C:\Documents and Settings\Owner\My Documents\Downloads\procexp.exe"
dwm.exe 288 3,800 K 6,464 K "C:\Documents and Settings\Owner\Application Data\dwm.exe"
conhost.exe 392 2,624 K 4,440 K "C:\Documents and Settings\Owner\Application Data\Microsoft\conhost.exe"


Mkl

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-04-15
Operating System : Windows XP

View user profile

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by DragonMaster Jay on Fri 22 Apr 2011, 3:03 pm

Please download SpiderKill by DragonMaster Jay and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by Mkl on Sat 23 Apr 2011, 5:01 pm

oh umm... actually...
my brother came back from Sydney earlier than i thought and hes helping me with reformatting the computer

sorry for the trouble i caused you and thanks

Mkl

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2011-04-15
Operating System : Windows XP

View user profile

Back to top Go down

Re: MS Removal Tool changed proxy setting

Post by Sponsored content Today at 4:08 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum