Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unusual traffic from computer network

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unusual traffic from computer network

Unread postby zeax.ikim » March 18th, 2012, 11:33 pm

Hi there,

I was trying to use Google search engine and was led to this page:

__________________________________________________________________________________________________

About this page

Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot. Why did this happen?


This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service. The block will expire shortly after those requests stop. In the meantime, solving the above CAPTCHA will let you continue to use our services.

This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests. If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible. Learn more

Sometimes you may be asked to solve the CAPTCHA if you are using advanced terms that robots are known to use, or sending requests very quickly.
IP address: 94.63.147.10
Time: 2012-03-19T02:44:17Z
URL: http://74.125.65.99/search?hl=en&site=& ... ver+letter

__________________________________________________________________________________________________

I used Yahoo to search for troubleshoot advice and was led to the following page:

http://support.google.com/websearch/bin ... swer=86640

Taking the chance I downloaded HijackThis and ran a scan on my computer. According to instruction I should submit my log in a forum to seek support, please find my log as follow:-

__________________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:51:34 PM, on 3/19/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Kim\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O1 - Hosts: 94.63.147.22 www.google.com
O1 - Hosts: 94.63.147.23 www.bing.com
O2 - BHO: Tango - {2B3CD287-1CC1-4ABD-B1AC-2BBE59483224} - C:\WINDOWS\system32\d278.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Tango - {2B3CD286-1CC1-4ABD-B1AC-2BBE59483224} - C:\WINDOWS\system32\d278.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... ADcATQBaAA "&"inst=NwA3AC0ANAAyADQAMQAxADcAMQAzADIALQBYAEwAKwAxAC0AVAA0AC0ATgAxAEYAKwAxAC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADEAMABBACsAMQAtAFgATwA5ACsAMQAtAEYAOQBNADIAKwAxAC0ARABEAFQAKwAzADAANgAyADEALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEQATgArADEALQBUAEIAKwAxAC0AVQA5ADUAKwAxAC0ARgA5ADAAVABCACsAMgA"&"prod=90"&"ver=9.0.894
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GabPath] C:\Documents and Settings\Kim\Application Data\GabPath\GabPath.exe
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background
O4 - HKCU\..\Run: [9158] C:\Program Files\9158KTV\9158.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Kim\Application Data\Dropbox\bin\Dropbox.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (file missing)
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (file missing)
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.webscache.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O18 - Protocol: KuGoo - (no CLSID) - (no file)
O18 - Protocol: KuGoo3 - (no CLSID) - (no file)
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - Unknown owner - C:\Documents and Settings\Kim\Desktop\StormII\stormliv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SpaceQuery Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SpaceQuery\spacequery141.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9617 bytes
_________________________________________________________________________________________________

Please advice. Thank you.
zeax.ikim
Regular Member
 
Posts: 15
Joined: March 18th, 2012, 11:08 pm
Advertisement
Register to Remove

Re: Unusual traffic from computer network

Unread postby maxi » March 19th, 2012, 2:38 pm

Hi zeax.ikim,

Welcome to the forum.:)

My name is maxi and I'll be helping you with any malware problems.

Before we begin...please read and follow these important guidelines so things will proceed smoothly.

  1. If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. Please read all instructions carefully before executing them and perform the steps in the order given.
    lf you have any questions or problems executing these instructions, <<STOP>> do not proceed but rather post back with the question or problem.
  4. Your security programs may give warnings for some of the tools I will ask you to use. Be assured that any links I give are safe.
  5. You must have Administrator rights permissions for this computer.
  6. DO NOT run any other fix or removal tools unless instructed to do so!
  7. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  8. Only post your problem at one (1) help site. Applying fixes from multiple help sites can cause problems.
  9. Print each set of instructions if possible. Your Internet browser and/or Internet connection may not be available during some fix steps.
  10. Only reply to this thread. Do not start another thread.
  11. The absence of symptoms does not imply the absence of malware. Please, continue responding, until I give you the "All Clean".
  12. You might want to place a link to this thread in your Favorites/Bookmarks for easy access.
  13. No Reply Within 3 Days Will Result In Your Topic Being Closed! Please let me know in advance if you will not be able to reply within this time limit.
  14. The logs I request can take a while to research, so please be patient.
  15. I am currently in training at Malware Removal University. Each set of instructions that I provide will be reviewed by a faculty member before being posted to this thread. This process may add a small amount of time to my replies. On the positive side, you will have two people working together to resolve your malware issues.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

How to back up or transfer your data on a Windows-based computer

-----------------------------------------------------------

I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thanks,
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Unusual traffic from computer network

Unread postby maxi » March 22nd, 2012, 7:08 am

Hi zeax.ikim,

Please download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

In your next reply please copy and paste both logs.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Unusual traffic from computer network

Unread postby zeax.ikim » March 22nd, 2012, 7:36 pm

Thank you very much for your prompt reply Maxi.
Please find the following logs as per requested

OTL.Txt
_______________________________________________________________________________________________

OTL logfile created on: 3/23/2012 10:16:22 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Kim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 46.88% Memory free
2.83 Gb Paging File | 2.02 Gb Available in Paging File | 71.20% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.01 Gb Total Space | 4.46 Gb Free Space | 11.15% Space Free | Partition Type: NTFS
Drive D: | 11.42 Gb Total Space | 5.04 Gb Free Space | 44.14% Space Free | Partition Type: NTFS

Computer Name: IKIM | User Name: Kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/23 10:14:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kim\Desktop\OTL.exe
PRC - [2012/02/15 10:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Kim\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/09/02 23:46:00 | 000,446,328 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2011/04/24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
PRC - [2010/02/24 14:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- C:\Program Files\PPStream\PPSAP.exe
PRC - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/25 14:32:56 | 000,689,416 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe
PRC - [2008/01/25 14:32:48 | 000,191,240 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe
PRC - [2007/02/06 17:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2005/12/28 15:04:56 | 000,262,217 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2005/12/28 14:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/10 18:16:14 | 000,034,152 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsdone.dll
MOD - [2012/02/16 11:23:25 | 000,349,608 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsclient.dll
MOD - [2011/12/01 15:52:33 | 000,038,328 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsstatistic.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/26 23:00:30 | 000,547,688 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\MngModule.dll
MOD - [2011/08/22 20:50:24 | 000,143,720 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\kernel\FWUpnp.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2010/02/06 05:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/08/14 17:22:36 | 000,112,912 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\LAppRes.DLL
MOD - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/08/14 17:13:30 | 000,149,264 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2008/08/14 17:13:08 | 000,165,136 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
MOD - [2008/08/14 17:13:08 | 000,138,000 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll
MOD - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2008/08/14 17:11:48 | 000,345,872 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
MOD - [2008/04/14 11:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 11:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/12/28 15:11:34 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/12/28 15:11:34 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/12/28 15:11:34 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\SpaceQuery\spacequery141.exe C:\Program Files\SpaceQuery\spacequery.dll iibfioth -- (SpaceQuery Service)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\Kim\Desktop\StormII\stormliv.exe /asservice -- (ccosm)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/04/14 11:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 11:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2006/04/06 17:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/12/28 15:04:56 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\w810obex.sys -- (w810obex)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\w810mdm.sys -- (w810mdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\w810mdfl.sys -- (w810mdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - File not found [Kernel | Boot | Stopped] -- System32\DRIVERS\rczvbe20.sys -- (rczvbe20)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/04 03:12:57 | 000,565,552 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (TSP)
DRV - [2012/03/04 03:12:57 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/05/10 09:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/03/10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/12/18 12:40:30 | 000,147,416 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cbfs.sys -- (CbFs)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/01/21 18:07:17 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/07/27 02:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/27 02:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/27 02:22:32 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/27 02:22:20 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/03/01 16:10:55 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/03/24 19:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/09 17:04:19 | 000,013,312 | ---- | M] (VNN B.J.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vcdvnic.sys -- (vcddev)
DRV - [2005/12/28 16:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/04 12:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/10/14 11:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 11:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 11:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 20:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 12:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/08/03 08:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/07/21 23:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 23:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 23:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/17 17:48:34 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/01/13 18:20:36 | 000,012,500 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2004/11/05 14:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/19 16:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004/10/19 16:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/19 14:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004/09/21 21:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2004/08/04 21:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/02/13 12:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 15:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8DF
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 5C 6D 99 BF F1 CC 01 [binary data]
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\SearchScopes,DefaultScope = {BFB619C9-3937-4339-B015-AAE4F3C03FA0}
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\SearchScopes\{BFB619C9-3937-4339-B015-AAE4F3C03FA0}: "URL" = http://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.selectedEngine: "iMesh Web Search"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.1
FF - prefs.js..keyword.URL: "http://search.imesh.com/web?src=ffb&systemid=1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Kim\Application Data\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/03/04 03:52:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/03/04 03:52:03 | 000,000,000 | ---D | M]

[2010/12/13 13:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kim\Application Data\Mozilla\Extensions
[2011/03/19 22:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions
[2010/12/20 13:55:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/13 13:43:56 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}
[2010/08/12 19:21:14 | 000,002,486 | ---- | M] () -- C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\searchplugins\iMeshWebSearch.xml
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
File not found (No name found) -- C:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION

O1 HOSTS File: ([2012/03/03 23:55:45 | 000,000,882 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.22 www.google.com
O1 - Hosts: 94.63.147.23 www.bing.com
O2 - BHO: (Tango) - {2B3CD287-1CC1-4ABD-B1AC-2BBE59483224} - C:\WINDOWS\system32\d278.dll File not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Tango) - {2B3CD286-1CC1-4ABD-B1AC-2BBE59483224} - C:\WINDOWS\system32\d278.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\Toolbar\WebBrowser: (Tango) - {2B3CD286-1CC1-4ABD-B1AC-2BBE59483224} - C:\WINDOWS\system32\d278.dll File not found
O3 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\Toolbar\WebBrowser: (iMesh MediaBar) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006..\Run: [9158] C:\Program Files\9158KTV\9158.exe File not found
O4 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006..\Run: [GabPath] C:\Documents and Settings\Kim\Application Data\GabPath\GabPath.exe File not found
O4 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Kim\Shared\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Kim\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe File not found
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe File not found
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0126B36-0B4F-45B5-98A3-DDEDEB81B590}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\KuGoo - No CLSID value found
O18 - Protocol\Handler\KuGoo3 - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\CoopenOldWallPaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\CoopenOldWallPaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 16:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/03/21 16:05:44 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/03/21 16:05:44 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\Shell - "" = AutoRun
O33 - MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\Shell\Auto\command - "" = G:\OSO.exe
O33 - MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
O33 - MountPoints2\{211642f6-3cb6-11dc-96c2-0015c5a3ecfe}\Shell\AutoRun\command - "" = G:\Iexplores.exe
O33 - MountPoints2\{211642f7-3cb6-11dc-96c2-0015c5a3ecfe}\Shell\AutoRun\command - "" = H:\Iexplores.exe
O33 - MountPoints2\{32b76790-59d8-11db-9d39-0015c5a3ecfe}\Shell\AutoRun\command - "" = System32.exe
O33 - MountPoints2\{460c5569-972a-11dc-9702-0015c5a3ecfe}\Shell\AutoRun\command - "" = ie.exe
O33 - MountPoints2\{460c5569-972a-11dc-9702-0015c5a3ecfe}\Shell\explore\Command - "" = ie.exe
O33 - MountPoints2\{460c5569-972a-11dc-9702-0015c5a3ecfe}\Shell\open\Command - "" = ie.exe
O33 - MountPoints2\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\Shell\AutoRun\command - "" = F:\tn0k.exe
O33 - MountPoints2\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\Shell\explore\Command - "" = F:\tn0k.exe
O33 - MountPoints2\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\Shell\open\Command - "" = F:\tn0k.exe
O33 - MountPoints2\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\Shell\AutoRun\command - "" = F:\ntdelect.com
O33 - MountPoints2\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\Shell\explore\Command - "" = F:\ntdelect.com
O33 - MountPoints2\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\Shell\open\Command - "" = F:\ntdelect.com
O33 - MountPoints2\{b61f2ef4-136b-11dd-976e-001302a8d95c}\Shell\Auto\command - "" = infrom.exe
O33 - MountPoints2\{b61f2ef4-136b-11dd-976e-001302a8d95c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b61f2ef4-136b-11dd-976e-001302a8d95c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
O33 - MountPoints2\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\Shell\AutoRun\command - "" = F:\tfk8.exe
O33 - MountPoints2\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\Shell\explore\Command - "" = F:\tfk8.exe
O33 - MountPoints2\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\Shell\open\Command - "" = F:\tfk8.exe
O33 - MountPoints2\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\Shell\Auto\command - "" = infrom.exe
O33 - MountPoints2\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
O33 - MountPoints2\{e333e2b8-e40f-11df-9611-001302a8d95c}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{e333e2b8-e40f-11df-9611-001302a8d95c}\Shell\Install\command - "" = F:\Setup.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\Auto\command - "" = OSO.exe
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/23 10:10:37 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kim\Desktop\OTL.exe
[2012/03/22 10:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/22 10:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/22 00:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Application Data\dvdcss
[2012/03/19 13:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/19 13:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Shared\Start Menu\Programs\HiJackThis
[2012/03/19 12:56:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/03/18 23:15:22 | 021,094,072 | ---- | C] (Microsoft Corporation) -- C:\Program Files\BOIE8_ENUS_XP.EXE
[2012/03/04 03:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2012/03/04 03:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/03/04 03:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Start Menu
[2012/03/04 03:12:57 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/03/04 02:54:19 | 080,143,432 | ---- | C] (Kaspersky Lab) -- C:\Program Files\kav12.0.0.374en.exe
[2012/02/24 01:34:06 | 000,000,000 | ---D | C] -- C:\cinject_0.4.3
[2011/01/08 14:10:15 | 010,462,072 | ---- | C] (PPLive Corporation) -- C:\Program Files\pptvsetup_2.7.0.0031.exe
[2010/10/02 18:26:49 | 008,573,648 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.8.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/23 10:14:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kim\Desktop\OTL.exe
[2012/03/23 09:55:13 | 000,002,867 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2012/03/23 09:54:43 | 000,000,092 | ---- | M] () -- C:\WINDOWS\PCDNSetting.ini
[2012/03/23 09:53:04 | 000,013,678 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/23 09:53:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/22 10:38:46 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/22 07:45:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/22 00:56:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/19 13:50:27 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\HiJackThis.lnk
[2012/03/19 13:10:28 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/19 13:04:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/18 23:15:29 | 021,094,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\BOIE8_ENUS_XP.EXE
[2012/03/04 03:51:32 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/03/04 03:51:31 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/03/04 03:18:21 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Kim\Local Settings\Application Data\WebpageIcons.db
[2012/03/04 03:12:57 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/03/04 02:54:49 | 080,143,432 | ---- | M] (Kaspersky Lab) -- C:\Program Files\kav12.0.0.374en.exe
[2012/03/04 01:46:50 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/02 13:13:45 | 000,445,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/02 13:13:45 | 000,073,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/24 09:02:54 | 000,001,002 | ---- | M] () -- C:\Documents and Settings\Kim\Shared\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/24 01:41:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kim\cd
[2012/02/24 01:28:51 | 007,441,828 | ---- | M] () -- C:\cinject_0.4.3.zip
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/22 10:38:46 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/19 13:50:27 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\HiJackThis.lnk
[2012/03/04 03:18:15 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Kim\Local Settings\Application Data\WebpageIcons.db
[2012/03/04 03:17:03 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/03/04 03:17:03 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/02/24 01:41:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kim\cd
[2012/02/24 01:28:47 | 007,441,828 | ---- | C] () -- C:\cinject_0.4.3.zip
[2011/05/12 18:26:42 | 000,005,055 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vgzcakvi.hqf
[2011/04/25 14:36:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/30 00:05:48 | 000,709,992 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2011/01/10 13:56:54 | 000,000,027 | ---- | C] () -- C:\WINDOWS\OOIIEProxy.ini
[2010/10/05 21:51:18 | 000,000,092 | ---- | C] () -- C:\WINDOWS\PCDNSetting.ini
[2010/10/05 21:28:25 | 000,000,060 | ---- | C] () -- C:\WINDOWS\MediaList.ini
[2010/10/05 21:27:50 | 000,001,462 | ---- | C] () -- C:\WINDOWS\Powerlist.ini
[2010/10/05 21:27:45 | 000,001,951 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2010/10/05 21:27:42 | 000,002,867 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2010/10/02 18:28:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

< End of report >
_______________________________________________________________________________________________________

Extras.Txt
_______________________________________________________________________________________________________

OTL Extras logfile created on: 3/23/2012 10:16:22 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Kim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 46.88% Memory free
2.83 Gb Paging File | 2.02 Gb Available in Paging File | 71.20% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.01 Gb Total Space | 4.46 Gb Free Space | 11.15% Space Free | Partition Type: NTFS
Drive D: | 11.42 Gb Total Space | 5.04 Gb Free Space | 44.14% Space Free | Partition Type: NTFS

Computer Name: IKIM | User Name: Kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2B3CD286-1CC1-4ABD-B1AC-2BBE59483224}" = Tango
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}" = Canon MP450
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Azureus" = Azureus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative PC-CAM Center" = Creative PC-CAM Center
"Crossword Weaver 8.0" = Crossword Weaver 8.0
"Cucusoft iPhone Tool Kits_is1" = iPhone Tool Kits 2.6.1
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ie8" = Windows Internet Explorer 8
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"legacyqcam_10.51" = Logitech Legacy USB Camera Driver Package
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator 2.0" = Canon MP Navigator 2.0
"Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.263
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"ProInst" = Intel(R) PROSet/Wireless Software
"QueTek File Scavenger 3.2 (en)" = File Scavenger 3.2 (en)
"storm2" = 惟瑞荌秞
"Unlocker" = Unlocker 1.8.6
"VLC media player" = VLC media player 1.0.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"ZumoDrive" = ZumoDrive

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 3/22/2012 6:53:13 PM | Computer Name = IKIM | Source = Service Control Manager | ID = 7000
Description = The Contrl Center of Storm Media service failed to start due to the
following error: %%2

Error - 3/22/2012 6:53:19 PM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/22/2012 6:53:23 PM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/22/2012 6:53:24 PM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/22/2012 6:53:24 PM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/22/2012 6:53:24 PM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/22/2012 6:53:24 PM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/22/2012 6:53:24 PM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/22/2012 6:53:27 PM | Computer Name = IKIM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
rczvbe20

Error - 3/22/2012 6:53:28 PM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}


< End of report >
________________________________________________________________________________________________________

Please note that I am ready to remove ANY programs that you find unnecessary. To be honest, the only few programs i use is Intel PROset wireless, microsoft office, VLC and Internet Explorer. The rest are all redundant but I don't know what to remove.

I know my room mate have installed some programs in the past years whenever she borrow my laptop when hers crash.
Please advice.

Looking forward to your reply.
Once again, thank you.
zeax.ikim
Regular Member
 
Posts: 15
Joined: March 18th, 2012, 11:08 pm

Re: Unusual traffic from computer network

Unread postby zeax.ikim » March 22nd, 2012, 7:37 pm

Thank you very much for your prompt reply Maxi.
Please find the following logs as per requested

OTL.Txt
_______________________________________________________________________________________________

OTL logfile created on: 3/23/2012 10:16:22 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Kim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 46.88% Memory free
2.83 Gb Paging File | 2.02 Gb Available in Paging File | 71.20% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.01 Gb Total Space | 4.46 Gb Free Space | 11.15% Space Free | Partition Type: NTFS
Drive D: | 11.42 Gb Total Space | 5.04 Gb Free Space | 44.14% Space Free | Partition Type: NTFS

Computer Name: IKIM | User Name: Kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/23 10:14:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kim\Desktop\OTL.exe
PRC - [2012/02/15 10:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Kim\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/09/02 23:46:00 | 000,446,328 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2011/04/24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
PRC - [2010/02/24 14:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- C:\Program Files\PPStream\PPSAP.exe
PRC - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/25 14:32:56 | 000,689,416 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe
PRC - [2008/01/25 14:32:48 | 000,191,240 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe
PRC - [2007/02/06 17:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2005/12/28 15:04:56 | 000,262,217 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2005/12/28 14:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/10 18:16:14 | 000,034,152 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsdone.dll
MOD - [2012/02/16 11:23:25 | 000,349,608 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsclient.dll
MOD - [2011/12/01 15:52:33 | 000,038,328 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsstatistic.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/26 23:00:30 | 000,547,688 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\MngModule.dll
MOD - [2011/08/22 20:50:24 | 000,143,720 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\kernel\FWUpnp.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2010/02/06 05:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/08/14 17:22:36 | 000,112,912 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\LAppRes.DLL
MOD - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/08/14 17:13:30 | 000,149,264 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2008/08/14 17:13:08 | 000,165,136 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
MOD - [2008/08/14 17:13:08 | 000,138,000 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll
MOD - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2008/08/14 17:11:48 | 000,345,872 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
MOD - [2008/04/14 11:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 11:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/12/28 15:11:34 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/12/28 15:11:34 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/12/28 15:11:34 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\SpaceQuery\spacequery141.exe C:\Program Files\SpaceQuery\spacequery.dll iibfioth -- (SpaceQuery Service)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\Kim\Desktop\StormII\stormliv.exe /asservice -- (ccosm)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/04/14 11:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 11:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2006/04/06 17:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/12/28 15:04:56 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\w810obex.sys -- (w810obex)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\w810mdm.sys -- (w810mdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\w810mdfl.sys -- (w810mdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - File not found [Kernel | Boot | Stopped] -- System32\DRIVERS\rczvbe20.sys -- (rczvbe20)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/04 03:12:57 | 000,565,552 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (TSP)
DRV - [2012/03/04 03:12:57 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/05/10 09:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/03/10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/12/18 12:40:30 | 000,147,416 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cbfs.sys -- (CbFs)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/01/21 18:07:17 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/07/27 02:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/27 02:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/27 02:22:32 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/27 02:22:20 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/03/01 16:10:55 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/03/24 19:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/09 17:04:19 | 000,013,312 | ---- | M] (VNN B.J.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vcdvnic.sys -- (vcddev)
DRV - [2005/12/28 16:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/04 12:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/10/14 11:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 11:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 11:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 20:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 12:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/08/03 08:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/07/21 23:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 23:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 23:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/17 17:48:34 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/01/13 18:20:36 | 000,012,500 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2004/11/05 14:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/19 16:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004/10/19 16:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/19 14:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004/09/21 21:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2004/08/04 21:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/02/13 12:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 15:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8DF
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 5C 6D 99 BF F1 CC 01 [binary data]
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\SearchScopes,DefaultScope = {BFB619C9-3937-4339-B015-AAE4F3C03FA0}
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\SearchScopes\{BFB619C9-3937-4339-B015-AAE4F3C03FA0}: "URL" = http://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.selectedEngine: "iMesh Web Search"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.1
FF - prefs.js..keyword.URL: "http://search.imesh.com/web?src=ffb&systemid=1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Kim\Application Data\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/03/04 03:52:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/03/04 03:52:03 | 000,000,000 | ---D | M]

[2010/12/13 13:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kim\Application Data\Mozilla\Extensions
[2011/03/19 22:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions
[2010/12/20 13:55:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/13 13:43:56 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}
[2010/08/12 19:21:14 | 000,002,486 | ---- | M] () -- C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\searchplugins\iMeshWebSearch.xml
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
File not found (No name found) -- C:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION

O1 HOSTS File: ([2012/03/03 23:55:45 | 000,000,882 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.22 www.google.com
O1 - Hosts: 94.63.147.23 www.bing.com
O2 - BHO: (Tango) - {2B3CD287-1CC1-4ABD-B1AC-2BBE59483224} - C:\WINDOWS\system32\d278.dll File not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Tango) - {2B3CD286-1CC1-4ABD-B1AC-2BBE59483224} - C:\WINDOWS\system32\d278.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\Toolbar\WebBrowser: (Tango) - {2B3CD286-1CC1-4ABD-B1AC-2BBE59483224} - C:\WINDOWS\system32\d278.dll File not found
O3 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\Toolbar\WebBrowser: (iMesh MediaBar) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006..\Run: [9158] C:\Program Files\9158KTV\9158.exe File not found
O4 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006..\Run: [GabPath] C:\Documents and Settings\Kim\Application Data\GabPath\GabPath.exe File not found
O4 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Kim\Shared\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Kim\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe File not found
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe File not found
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0126B36-0B4F-45B5-98A3-DDEDEB81B590}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\KuGoo - No CLSID value found
O18 - Protocol\Handler\KuGoo3 - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\CoopenOldWallPaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\CoopenOldWallPaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 16:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/03/21 16:05:44 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/03/21 16:05:44 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\Shell - "" = AutoRun
O33 - MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\Shell\Auto\command - "" = G:\OSO.exe
O33 - MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
O33 - MountPoints2\{211642f6-3cb6-11dc-96c2-0015c5a3ecfe}\Shell\AutoRun\command - "" = G:\Iexplores.exe
O33 - MountPoints2\{211642f7-3cb6-11dc-96c2-0015c5a3ecfe}\Shell\AutoRun\command - "" = H:\Iexplores.exe
O33 - MountPoints2\{32b76790-59d8-11db-9d39-0015c5a3ecfe}\Shell\AutoRun\command - "" = System32.exe
O33 - MountPoints2\{460c5569-972a-11dc-9702-0015c5a3ecfe}\Shell\AutoRun\command - "" = ie.exe
O33 - MountPoints2\{460c5569-972a-11dc-9702-0015c5a3ecfe}\Shell\explore\Command - "" = ie.exe
O33 - MountPoints2\{460c5569-972a-11dc-9702-0015c5a3ecfe}\Shell\open\Command - "" = ie.exe
O33 - MountPoints2\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\Shell\AutoRun\command - "" = F:\tn0k.exe
O33 - MountPoints2\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\Shell\explore\Command - "" = F:\tn0k.exe
O33 - MountPoints2\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\Shell\open\Command - "" = F:\tn0k.exe
O33 - MountPoints2\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\Shell\AutoRun\command - "" = F:\ntdelect.com
O33 - MountPoints2\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\Shell\explore\Command - "" = F:\ntdelect.com
O33 - MountPoints2\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\Shell\open\Command - "" = F:\ntdelect.com
O33 - MountPoints2\{b61f2ef4-136b-11dd-976e-001302a8d95c}\Shell\Auto\command - "" = infrom.exe
O33 - MountPoints2\{b61f2ef4-136b-11dd-976e-001302a8d95c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b61f2ef4-136b-11dd-976e-001302a8d95c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
O33 - MountPoints2\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\Shell\AutoRun\command - "" = F:\tfk8.exe
O33 - MountPoints2\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\Shell\explore\Command - "" = F:\tfk8.exe
O33 - MountPoints2\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\Shell\open\Command - "" = F:\tfk8.exe
O33 - MountPoints2\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\Shell\Auto\command - "" = infrom.exe
O33 - MountPoints2\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
O33 - MountPoints2\{e333e2b8-e40f-11df-9611-001302a8d95c}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{e333e2b8-e40f-11df-9611-001302a8d95c}\Shell\Install\command - "" = F:\Setup.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\Auto\command - "" = OSO.exe
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/23 10:10:37 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kim\Desktop\OTL.exe
[2012/03/22 10:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/22 10:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/22 00:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Application Data\dvdcss
[2012/03/19 13:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/19 13:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Shared\Start Menu\Programs\HiJackThis
[2012/03/19 12:56:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/03/18 23:15:22 | 021,094,072 | ---- | C] (Microsoft Corporation) -- C:\Program Files\BOIE8_ENUS_XP.EXE
[2012/03/04 03:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2012/03/04 03:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/03/04 03:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Start Menu
[2012/03/04 03:12:57 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/03/04 02:54:19 | 080,143,432 | ---- | C] (Kaspersky Lab) -- C:\Program Files\kav12.0.0.374en.exe
[2012/02/24 01:34:06 | 000,000,000 | ---D | C] -- C:\cinject_0.4.3
[2011/01/08 14:10:15 | 010,462,072 | ---- | C] (PPLive Corporation) -- C:\Program Files\pptvsetup_2.7.0.0031.exe
[2010/10/02 18:26:49 | 008,573,648 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.8.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/23 10:14:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kim\Desktop\OTL.exe
[2012/03/23 09:55:13 | 000,002,867 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2012/03/23 09:54:43 | 000,000,092 | ---- | M] () -- C:\WINDOWS\PCDNSetting.ini
[2012/03/23 09:53:04 | 000,013,678 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/23 09:53:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/22 10:38:46 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/22 07:45:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/22 00:56:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/19 13:50:27 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\HiJackThis.lnk
[2012/03/19 13:10:28 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/19 13:04:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/18 23:15:29 | 021,094,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\BOIE8_ENUS_XP.EXE
[2012/03/04 03:51:32 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/03/04 03:51:31 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/03/04 03:18:21 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Kim\Local Settings\Application Data\WebpageIcons.db
[2012/03/04 03:12:57 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/03/04 02:54:49 | 080,143,432 | ---- | M] (Kaspersky Lab) -- C:\Program Files\kav12.0.0.374en.exe
[2012/03/04 01:46:50 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/02 13:13:45 | 000,445,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/02 13:13:45 | 000,073,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/24 09:02:54 | 000,001,002 | ---- | M] () -- C:\Documents and Settings\Kim\Shared\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/24 01:41:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kim\cd
[2012/02/24 01:28:51 | 007,441,828 | ---- | M] () -- C:\cinject_0.4.3.zip
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/22 10:38:46 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/19 13:50:27 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\HiJackThis.lnk
[2012/03/04 03:18:15 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Kim\Local Settings\Application Data\WebpageIcons.db
[2012/03/04 03:17:03 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/03/04 03:17:03 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/02/24 01:41:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kim\cd
[2012/02/24 01:28:47 | 007,441,828 | ---- | C] () -- C:\cinject_0.4.3.zip
[2011/05/12 18:26:42 | 000,005,055 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vgzcakvi.hqf
[2011/04/25 14:36:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/30 00:05:48 | 000,709,992 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2011/01/10 13:56:54 | 000,000,027 | ---- | C] () -- C:\WINDOWS\OOIIEProxy.ini
[2010/10/05 21:51:18 | 000,000,092 | ---- | C] () -- C:\WINDOWS\PCDNSetting.ini
[2010/10/05 21:28:25 | 000,000,060 | ---- | C] () -- C:\WINDOWS\MediaList.ini
[2010/10/05 21:27:50 | 000,001,462 | ---- | C] () -- C:\WINDOWS\Powerlist.ini
[2010/10/05 21:27:45 | 000,001,951 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2010/10/05 21:27:42 | 000,002,867 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2010/10/02 18:28:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

< End of report >
_______________________________________________________________________________________________________

Extras.Txt
_______________________________________________________________________________________________________

OTL Extras logfile created on: 3/23/2012 10:16:22 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Kim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 46.88% Memory free
2.83 Gb Paging File | 2.02 Gb Available in Paging File | 71.20% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.01 Gb Total Space | 4.46 Gb Free Space | 11.15% Space Free | Partition Type: NTFS
Drive D: | 11.42 Gb Total Space | 5.04 Gb Free Space | 44.14% Space Free | Partition Type: NTFS

Computer Name: IKIM | User Name: Kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2B3CD286-1CC1-4ABD-B1AC-2BBE59483224}" = Tango
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}" = Canon MP450
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Azureus" = Azureus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative PC-CAM Center" = Creative PC-CAM Center
"Crossword Weaver 8.0" = Crossword Weaver 8.0
"Cucusoft iPhone Tool Kits_is1" = iPhone Tool Kits 2.6.1
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ie8" = Windows Internet Explorer 8
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"legacyqcam_10.51" = Logitech Legacy USB Camera Driver Package
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator 2.0" = Canon MP Navigator 2.0
"Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.263
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"ProInst" = Intel(R) PROSet/Wireless Software
"QueTek File Scavenger 3.2 (en)" = File Scavenger 3.2 (en)
"storm2" = 惟瑞荌秞
"Unlocker" = Unlocker 1.8.6
"VLC media player" = VLC media player 1.0.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"ZumoDrive" = ZumoDrive

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 3/22/2012 6:53:13 PM | Computer Name = IKIM | Source = Service Control Manager | ID = 7000
Description = The Contrl Center of Storm Media service failed to start due to the
following error: %%2

Error - 3/22/2012 6:53:19 PM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/22/2012 6:53:23 PM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/22/2012 6:53:24 PM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/22/2012 6:53:24 PM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/22/2012 6:53:24 PM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/22/2012 6:53:24 PM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/22/2012 6:53:24 PM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/22/2012 6:53:27 PM | Computer Name = IKIM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
rczvbe20

Error - 3/22/2012 6:53:28 PM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}


< End of report >
________________________________________________________________________________________________________

Please note that I am ready to remove ANY programs that you find unnecessary. To be honest, the only few programs i use is Intel PROset wireless, microsoft office, VLC and Internet Explorer. The rest are all redundant but I don't know what to remove.

I know my room mate have installed some programs in the past years whenever she borrow my laptop when hers crash.
Please advice.

Looking forward to your reply.
Once again, thank you.
zeax.ikim
Regular Member
 
Posts: 15
Joined: March 18th, 2012, 11:08 pm

Re: Unusual traffic from computer network

Unread postby maxi » March 23rd, 2012, 1:37 pm

Hi zeax.ikim ,

Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    Azureus


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

In your next reply please include:
A fresh OTL log.


Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Unusual traffic from computer network

Unread postby zeax.ikim » March 24th, 2012, 10:00 am

Hi Maxi,

I have removed 'Azureus' from my list of programs. Please advice if you find anymore P2P related programs in my computer as i would really want to clean my computer from vulnerable programs, but I don't know what else I can remove.

As instructed, please find below logs after removal of P2P:-

OTL.Txt
____________________________________________________________

OTL logfile created on: 3/24/2012 11:39:42 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Kim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 52.39% Memory free
2.83 Gb Paging File | 2.15 Gb Available in Paging File | 76.08% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.01 Gb Total Space | 4.44 Gb Free Space | 11.11% Space Free | Partition Type: NTFS
Drive D: | 11.42 Gb Total Space | 5.03 Gb Free Space | 44.05% Space Free | Partition Type: NTFS

Computer Name: IKIM | User Name: Kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/23 10:14:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kim\Desktop\OTL.exe
PRC - [2012/02/15 10:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Kim\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/09/02 23:46:00 | 000,446,328 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2011/04/24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
PRC - [2010/02/24 14:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- C:\Program Files\PPStream\PPSAP.exe
PRC - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/25 14:32:56 | 000,689,416 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe
PRC - [2008/01/25 14:32:48 | 000,191,240 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe
PRC - [2007/02/06 17:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2005/12/28 15:04:56 | 000,262,217 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2005/12/28 14:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/10 18:16:14 | 000,034,152 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsdone.dll
MOD - [2012/02/16 11:23:25 | 000,349,608 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsclient.dll
MOD - [2011/12/01 15:52:33 | 000,038,328 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsstatistic.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/26 23:00:30 | 000,547,688 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\MngModule.dll
MOD - [2011/08/22 20:50:24 | 000,143,720 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\kernel\FWUpnp.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2010/02/06 05:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/08/14 17:22:36 | 000,112,912 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\LAppRes.DLL
MOD - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/08/14 17:13:30 | 000,149,264 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2008/08/14 17:13:08 | 000,165,136 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
MOD - [2008/08/14 17:13:08 | 000,138,000 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll
MOD - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2008/08/14 17:11:48 | 000,345,872 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
MOD - [2008/04/14 11:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 11:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/12/28 15:11:34 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/12/28 15:11:34 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/12/28 15:11:34 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\SpaceQuery\spacequery141.exe C:\Program Files\SpaceQuery\spacequery.dll iibfioth -- (SpaceQuery Service)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\Kim\Desktop\StormII\stormliv.exe /asservice -- (ccosm)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/04/14 11:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 11:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2006/04/06 17:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/12/28 15:04:56 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\w810obex.sys -- (w810obex)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\w810mdm.sys -- (w810mdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\w810mdfl.sys -- (w810mdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - File not found [Kernel | Boot | Stopped] -- System32\DRIVERS\rczvbe20.sys -- (rczvbe20)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/04 03:12:57 | 000,565,552 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (TSP)
DRV - [2012/03/04 03:12:57 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/05/10 09:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/03/10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/01/21 18:07:17 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/07/27 02:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/27 02:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/27 02:22:32 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/27 02:22:20 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/03/01 16:10:55 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/03/24 19:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/09 17:04:19 | 000,013,312 | ---- | M] (VNN B.J.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vcdvnic.sys -- (vcddev)
DRV - [2005/12/28 16:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/04 12:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/10/14 11:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 11:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 11:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 20:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 12:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/08/03 08:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/07/21 23:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 23:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 23:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/17 17:48:34 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/01/13 18:20:36 | 000,012,500 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2004/11/05 14:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/19 16:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004/10/19 16:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/19 14:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004/09/21 21:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2004/08/04 21:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/02/13 12:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 15:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8DF
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 5C 6D 99 BF F1 CC 01 [binary data]
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\SearchScopes,DefaultScope = {BFB619C9-3937-4339-B015-AAE4F3C03FA0}
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\SearchScopes\{BFB619C9-3937-4339-B015-AAE4F3C03FA0}: "URL" = http://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.selectedEngine: "iMesh Web Search"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.1
FF - prefs.js..keyword.URL: "http://search.imesh.com/web?src=ffb&systemid=1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Kim\Application Data\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/03/04 03:52:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/03/04 03:52:03 | 000,000,000 | ---D | M]

[2010/12/13 13:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kim\Application Data\Mozilla\Extensions
[2011/03/19 22:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions
[2010/12/20 13:55:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/13 13:43:56 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}
[2010/08/12 19:21:14 | 000,002,486 | ---- | M] () -- C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\searchplugins\iMeshWebSearch.xml
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
File not found (No name found) -- C:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION

O1 HOSTS File: ([2012/03/03 23:55:45 | 000,000,882 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.22 www.google.com
O1 - Hosts: 94.63.147.23 www.bing.com
O2 - BHO: (Tango) - {2B3CD287-1CC1-4ABD-B1AC-2BBE59483224} - C:\WINDOWS\system32\d278.dll File not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Tango) - {2B3CD286-1CC1-4ABD-B1AC-2BBE59483224} - C:\WINDOWS\system32\d278.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\Toolbar\WebBrowser: (Tango) - {2B3CD286-1CC1-4ABD-B1AC-2BBE59483224} - C:\WINDOWS\system32\d278.dll File not found
O3 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\Toolbar\WebBrowser: (iMesh MediaBar) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006..\Run: [9158] C:\Program Files\9158KTV\9158.exe File not found
O4 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006..\Run: [GabPath] C:\Documents and Settings\Kim\Application Data\GabPath\GabPath.exe File not found
O4 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Kim\Shared\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Kim\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe File not found
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe File not found
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0126B36-0B4F-45B5-98A3-DDEDEB81B590}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\KuGoo - No CLSID value found
O18 - Protocol\Handler\KuGoo3 - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\CoopenOldWallPaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\CoopenOldWallPaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 16:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/03/21 16:05:44 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/03/21 16:05:44 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\Shell - "" = AutoRun
O33 - MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\Shell\Auto\command - "" = G:\OSO.exe
O33 - MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
O33 - MountPoints2\{211642f6-3cb6-11dc-96c2-0015c5a3ecfe}\Shell\AutoRun\command - "" = G:\Iexplores.exe
O33 - MountPoints2\{211642f7-3cb6-11dc-96c2-0015c5a3ecfe}\Shell\AutoRun\command - "" = H:\Iexplores.exe
O33 - MountPoints2\{32b76790-59d8-11db-9d39-0015c5a3ecfe}\Shell\AutoRun\command - "" = System32.exe
O33 - MountPoints2\{460c5569-972a-11dc-9702-0015c5a3ecfe}\Shell\AutoRun\command - "" = ie.exe
O33 - MountPoints2\{460c5569-972a-11dc-9702-0015c5a3ecfe}\Shell\explore\Command - "" = ie.exe
O33 - MountPoints2\{460c5569-972a-11dc-9702-0015c5a3ecfe}\Shell\open\Command - "" = ie.exe
O33 - MountPoints2\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\Shell\AutoRun\command - "" = F:\tn0k.exe
O33 - MountPoints2\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\Shell\explore\Command - "" = F:\tn0k.exe
O33 - MountPoints2\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\Shell\open\Command - "" = F:\tn0k.exe
O33 - MountPoints2\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\Shell\AutoRun\command - "" = F:\ntdelect.com
O33 - MountPoints2\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\Shell\explore\Command - "" = F:\ntdelect.com
O33 - MountPoints2\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\Shell\open\Command - "" = F:\ntdelect.com
O33 - MountPoints2\{b61f2ef4-136b-11dd-976e-001302a8d95c}\Shell\Auto\command - "" = infrom.exe
O33 - MountPoints2\{b61f2ef4-136b-11dd-976e-001302a8d95c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b61f2ef4-136b-11dd-976e-001302a8d95c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
O33 - MountPoints2\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\Shell\AutoRun\command - "" = F:\tfk8.exe
O33 - MountPoints2\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\Shell\explore\Command - "" = F:\tfk8.exe
O33 - MountPoints2\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\Shell\open\Command - "" = F:\tfk8.exe
O33 - MountPoints2\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\Shell\Auto\command - "" = infrom.exe
O33 - MountPoints2\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
O33 - MountPoints2\{e333e2b8-e40f-11df-9611-001302a8d95c}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{e333e2b8-e40f-11df-9611-001302a8d95c}\Shell\Install\command - "" = F:\Setup.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\Auto\command - "" = OSO.exe
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/23 10:10:37 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kim\Desktop\OTL.exe
[2012/03/22 10:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/22 10:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/22 00:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Application Data\dvdcss
[2012/03/19 13:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/19 13:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Shared\Start Menu\Programs\HiJackThis
[2012/03/19 12:56:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/03/18 23:15:22 | 021,094,072 | ---- | C] (Microsoft Corporation) -- C:\Program Files\BOIE8_ENUS_XP.EXE
[2012/03/04 03:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2012/03/04 03:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/03/04 03:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kim\Start Menu
[2012/03/04 03:12:57 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/03/04 02:54:19 | 080,143,432 | ---- | C] (Kaspersky Lab) -- C:\Program Files\kav12.0.0.374en.exe
[2012/02/24 01:34:06 | 000,000,000 | ---D | C] -- C:\cinject_0.4.3
[2011/01/08 14:10:15 | 010,462,072 | ---- | C] (PPLive Corporation) -- C:\Program Files\pptvsetup_2.7.0.0031.exe
[2010/10/02 18:26:49 | 008,573,648 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.8.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/24 23:27:22 | 000,002,867 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2012/03/24 23:26:51 | 000,000,092 | ---- | M] () -- C:\WINDOWS\PCDNSetting.ini
[2012/03/24 23:25:03 | 000,013,678 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/24 23:25:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/23 10:14:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kim\Desktop\OTL.exe
[2012/03/22 10:38:46 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/22 07:45:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/22 00:56:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/19 13:50:27 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Kim\Desktop\HiJackThis.lnk
[2012/03/19 13:10:28 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/19 13:04:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/18 23:15:29 | 021,094,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\BOIE8_ENUS_XP.EXE
[2012/03/04 03:51:32 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/03/04 03:51:31 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/03/04 03:18:21 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Kim\Local Settings\Application Data\WebpageIcons.db
[2012/03/04 03:12:57 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/03/04 02:54:49 | 080,143,432 | ---- | M] (Kaspersky Lab) -- C:\Program Files\kav12.0.0.374en.exe
[2012/03/04 01:46:50 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/02 13:13:45 | 000,445,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/02 13:13:45 | 000,073,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/24 09:02:54 | 000,001,002 | ---- | M] () -- C:\Documents and Settings\Kim\Shared\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/24 01:41:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kim\cd
[2012/02/24 01:28:51 | 007,441,828 | ---- | M] () -- C:\cinject_0.4.3.zip
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/22 10:38:46 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/19 13:50:27 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Kim\Desktop\HiJackThis.lnk
[2012/03/04 03:18:15 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Kim\Local Settings\Application Data\WebpageIcons.db
[2012/03/04 03:17:03 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/03/04 03:17:03 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/02/24 01:41:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kim\cd
[2012/02/24 01:28:47 | 007,441,828 | ---- | C] () -- C:\cinject_0.4.3.zip
[2011/05/12 18:26:42 | 000,005,055 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vgzcakvi.hqf
[2011/04/25 14:36:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/30 00:05:48 | 000,709,992 | ---- | C] () -- C:\WINDOWS\System32\kindling.dll
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2011/01/10 13:56:54 | 000,000,027 | ---- | C] () -- C:\WINDOWS\OOIIEProxy.ini
[2010/10/05 21:51:18 | 000,000,092 | ---- | C] () -- C:\WINDOWS\PCDNSetting.ini
[2010/10/05 21:28:25 | 000,000,060 | ---- | C] () -- C:\WINDOWS\MediaList.ini
[2010/10/05 21:27:50 | 000,001,462 | ---- | C] () -- C:\WINDOWS\Powerlist.ini
[2010/10/05 21:27:45 | 000,001,951 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2010/10/05 21:27:42 | 000,002,867 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2010/10/02 18:28:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

< End of report >
____________________________________________________________

Extras.Txt
____________________________________________________________

OTL Extras logfile created on: 3/24/2012 11:39:42 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Kim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 52.39% Memory free
2.83 Gb Paging File | 2.15 Gb Available in Paging File | 76.08% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.01 Gb Total Space | 4.44 Gb Free Space | 11.11% Space Free | Partition Type: NTFS
Drive D: | 11.42 Gb Total Space | 5.03 Gb Free Space | 44.05% Space Free | Partition Type: NTFS

Computer Name: IKIM | User Name: Kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2B3CD286-1CC1-4ABD-B1AC-2BBE59483224}" = Tango
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}" = Canon MP450
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative PC-CAM Center" = Creative PC-CAM Center
"Crossword Weaver 8.0" = Crossword Weaver 8.0
"Cucusoft iPhone Tool Kits_is1" = iPhone Tool Kits 2.6.1
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ie8" = Windows Internet Explorer 8
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"legacyqcam_10.51" = Logitech Legacy USB Camera Driver Package
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator 2.0" = Canon MP Navigator 2.0
"Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.263
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"ProInst" = Intel(R) PROSet/Wireless Software
"QueTek File Scavenger 3.2 (en)" = File Scavenger 3.2 (en)
"storm2" = 惟瑞荌秞
"Unlocker" = Unlocker 1.8.6
"VLC media player" = VLC media player 1.0.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/3/2012 12:18:43 PM | Computer Name = IKIM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 3/24/2012 8:25:30 AM | Computer Name = IKIM | Source = Service Control Manager | ID = 7000
Description = The Contrl Center of Storm Media service failed to start due to the
following error: %%2

Error - 3/24/2012 8:25:35 AM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/24/2012 8:25:40 AM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/24/2012 8:25:40 AM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/24/2012 8:25:40 AM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/24/2012 8:25:41 AM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/24/2012 8:25:42 AM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/24/2012 8:25:42 AM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}

Error - 3/24/2012 8:25:48 AM | Computer Name = IKIM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
rczvbe20

Error - 3/24/2012 8:25:49 AM | Computer Name = IKIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service LVCOMSer with
arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}


< End of report >
____________________________________________________________

Look forward to your reply.

Thank you.
zeax.ikim
Regular Member
 
Posts: 15
Joined: March 18th, 2012, 11:08 pm

Re: Unusual traffic from computer network

Unread postby maxi » March 25th, 2012, 1:34 pm

Hi zeax.ikim,

Step 1
Back Up registry with ERUNT
  • Please download ERUNT and save it to your desktop.
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.



Step 2
Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
    FF - prefs.js..browser.search.order.1: "iMesh Web Search"
    FF - prefs.js..browser.search.selectedEngine: "iMesh Web Search"
    FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
    FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.1
    FF - prefs.js..keyword.URL: "http://search.imesh.com/web?src=ffb&systemid=1&q="
    [2010/12/13 13:43:56 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}
    [2010/08/12 19:21:14 | 000,002,486 | ---- | M] () -- C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\searchplugins\iMeshWebSearch.xml
    File not found (No name found) -- C:\PROGRAM FILES\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
    O2 - BHO: (Tango) - {2B3CD287-1CC1-4ABD-B1AC-2BBE59483224} - C:\WINDOWS\system32\d278.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Tango) - {2B3CD286-1CC1-4ABD-B1AC-2BBE59483224} - C:\WINDOWS\system32\d278.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\Toolbar\WebBrowser: (Tango) - {2B3CD286-1CC1-4ABD-B1AC-2BBE59483224} - C:\WINDOWS\system32\d278.dll File not found
    O3 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..\Toolbar\WebBrowser: (iMesh MediaBar) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - Reg Error: Value error. File not found
    O4 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006..\Run: [9158] C:\Program Files\9158KTV\9158.exe File not found
    O4 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006..\Run: [GabPath] C:\Documents and Settings\Kim\Application Data\GabPath\GabPath.exe File not found
    O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
    O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
    O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: pps.tv ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: ppstream.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-849200177-4156556311-1692382273-1006\..Trusted Domains: webscache.com ([]http in Trusted sites)
    O18 - Protocol\Handler\KuGoo - No CLSID value found
    O18 - Protocol\Handler\KuGoo3 - No CLSID value found
    O24 - Desktop WallPaper: C:\WINDOWS\CoopenOldWallPaper.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\CoopenOldWallPaper.bmp
    O32 - AutoRun File - [2008/03/21 16:05:44 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2008/03/21 16:05:44 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\Shell - "" = AutoRun
    O33 - MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\Shell\Auto\command - "" = G:\OSO.exe
    O33 - MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
    O33 - MountPoints2\{211642f6-3cb6-11dc-96c2-0015c5a3ecfe}\Shell\AutoRun\command - "" = G:\Iexplores.exe
    O33 - MountPoints2\{211642f7-3cb6-11dc-96c2-0015c5a3ecfe}\Shell\AutoRun\command - "" = H:\Iexplores.exe
    O33 - MountPoints2\{32b76790-59d8-11db-9d39-0015c5a3ecfe}\Shell\AutoRun\command - "" = System32.exe
    O33 - MountPoints2\{460c5569-972a-11dc-9702-0015c5a3ecfe}\Shell\AutoRun\command - "" = ie.exe
    O33 - MountPoints2\{460c5569-972a-11dc-9702-0015c5a3ecfe}\Shell\explore\Command - "" = ie.exe
    O33 - MountPoints2\{460c5569-972a-11dc-9702-0015c5a3ecfe}\Shell\open\Command - "" = ie.exe
    O33 - MountPoints2\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\Shell\AutoRun\command - "" = F:\tn0k.exe
    O33 - MountPoints2\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\Shell\explore\Command - "" = F:\tn0k.exe
    O33 - MountPoints2\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\Shell\open\Command - "" = F:\tn0k.exe
    O33 - MountPoints2\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\Shell\AutoRun\command - "" = F:\ntdelect.com
    O33 - MountPoints2\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\Shell\explore\Command - "" = F:\ntdelect.com
    O33 - MountPoints2\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\Shell\open\Command - "" = F:\ntdelect.com
    O33 - MountPoints2\{b61f2ef4-136b-11dd-976e-001302a8d95c}\Shell\Auto\command - "" = infrom.exe
    O33 - MountPoints2\{b61f2ef4-136b-11dd-976e-001302a8d95c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b61f2ef4-136b-11dd-976e-001302a8d95c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
    O33 - MountPoints2\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\Shell\AutoRun\command - "" = F:\tfk8.exe
    O33 - MountPoints2\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\Shell\explore\Command - "" = F:\tfk8.exe
    O33 - MountPoints2\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\Shell\open\Command - "" = F:\tfk8.exe
    O33 - MountPoints2\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\Shell\Auto\command - "" = infrom.exe
    O33 - MountPoints2\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
    O33 - MountPoints2\{e333e2b8-e40f-11df-9611-001302a8d95c}\Shell\AutoRun\command - "" = F:\Setup.exe
    O33 - MountPoints2\{e333e2b8-e40f-11df-9611-001302a8d95c}\Shell\Install\command - "" = F:\Setup.exe
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\Auto\command - "" = OSO.exe
    O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
    [2011/05/12 18:26:42 | 000,005,055 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vgzcakvi.hqf
    
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 0
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [resethosts] 
    [createrestorepoint] 
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Step 3
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


In your next reply please include:

The OTL logfile.
The Mbam logfile.
How your computer is running now.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Unusual traffic from computer network

Unread postby zeax.ikim » March 25th, 2012, 8:55 pm

Hi Maxi,

I'm sending this OTL log while MBAM is running the quick scan.
Will send you Mbam log when it's complete.

Also, THANK YOU VERY MUCH!!! Google search engine is working now =D
zeax.ikim
Regular Member
 
Posts: 15
Joined: March 18th, 2012, 11:08 pm

Re: Unusual traffic from computer network

Unread postby zeax.ikim » March 25th, 2012, 10:42 pm

Hi Maxi,

Apologies i forgotten to attach the OTL log in my previous reply.
Please advice how i could retrieve the file for your reference.
I didn't save it when MBAM had to reboot my comp during the Removal process.

Meanwhile, please find Mbam log for your reference:-
_____________________________________________________________________

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.25.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kim :: IKIM [administrator]

3/26/2012 11:37:38 AM
mbam-log-2012-03-26 (11-37-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216874
Time elapsed: 12 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 28
HKCR\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} (Adware.WebDir) -> Quarantined and deleted successfully.
HKCR\TypeLib\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1} (Adware.WebDir) -> Quarantined and deleted successfully.
HKCR\Interface\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533} (Adware.WebDir) -> Quarantined and deleted successfully.
HKCR\DLP.DLPObj.1 (Adware.WebDir) -> Quarantined and deleted successfully.
HKCR\DLP.DLPObj (Adware.WebDir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} (Adware.WebDir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} (Adware.WebDir) -> Quarantined and deleted successfully.
HKCR\Typelib\{15C7D7AD-A87A-4C0D-9D8B-637FCD3488EF} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{4937D5D1-2039-409A-BD83-FEC9B39B2356} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8B2AE9C0-1555-4C92-905A-531532F15698} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B2AE9C0-1555-4C92-905A-531532F15698} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B7D3E479-CC68-42B5-A338-938ECE35F419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B7D3E479-CC68-42B5-A338-938ECE35F419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\SogouExplorerHTML (Adware.Sogou) -> Quarantined and deleted successfully.
HKCR\AppID\DLP.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\IEAntiVirus (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.
HKCU\Software\GabPath (Adware.Adparatus) -> Quarantined and deleted successfully.
HKCU\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully.
HKCU\Software\MarketPrecision\DuhikiToolbar (Malware.Trace) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\ESENT\Process\Adparatus (Adware.Adparatus) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPACEQUERY_SERVICE (Adware.SpaceQuery) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SpaceQuery Service (Adware.SpaceQuery) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCR\AppID| (Adware.WebDir) -> Data: DLP -> Quarantined and deleted successfully.

Registry Data Items Detected: 4
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Program Files\SpaceQuery (Adware.SpaceQuery) -> Quarantined and deleted successfully.

Files Detected: 4
C:\WINDOWS\system32\Coopen.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Coopen.inf (Adware.Coopen) -> Quarantined and deleted successfully.
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe (Adware.Clicker) -> Quarantined and deleted successfully.
C:\Program Files\SpaceQuery\spacequery.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully.

(end)
_____________________________________________________________________

I have another question and hope to get your advice:-

I installed Kaspersky Anti Virus about a month ago when my computer went wonky after I clicked into a job search website. Internet Explorer closed itself and I couldn't open it again, some annoying pop up message kept appearing on my screen asking me to enter my email and etc, which i didn't and ignored it.

I didn't know what to do at that time and decided to System Restore my computer to an earlier date, and then installed Kaspersky Anti Virus (trial version)

This program is expiring in a week, but i can't afford to pay for the full version. Please advice how i could keep my laptop safe from virus/spyware in the future without having to pay a fortune.

Once again, THANK YOU VERY MUCH for your great guidance.
zeax.ikim
Regular Member
 
Posts: 15
Joined: March 18th, 2012, 11:08 pm

Re: Unusual traffic from computer network

Unread postby maxi » March 26th, 2012, 8:50 am

Hi zeax.ikim,

I will recommend a free anti-virus when we are done with your malware :)

You can find the OTL log in the following location C:\_OTL\MovedFiles.

When you open the MovedFiles folder there will be a notepad file, Please copy and paste the contents in your next reply.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Unusual traffic from computer network

Unread postby zeax.ikim » March 27th, 2012, 3:18 am

Thank You for the tips Maxi.

Please find the following log as per requested:-
_____________________________________________________________________

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Prefs.js: "iMesh Web Search" removed from browser.search.defaultenginename
Prefs.js: "iMesh Web Search" removed from browser.search.order.1
Prefs.js: "iMesh Web Search" removed from browser.search.selectedEngine
Prefs.js: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0 removed from extensions.enabledItems
Prefs.js: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.1 removed from extensions.enabledItems
Prefs.js: "http://search.imesh.com/web?src=ffb&systemid=1&q=" removed from keyword.URL
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\components folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\skin\searchbar folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\skin\options folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\skin\lib\uwa folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\skin\lib\radio\images folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\skin\lib\radio\css folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\skin\lib\radio folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\skin\lib\panels\images folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\skin\lib\panels\css folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\skin\lib\panels folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\skin\lib folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\skin folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\content\widgets\net.vmn.www.3.YouTube.1217 folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\content\widgets\net.vmn.www.3.Twitter.1227 folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\content\widgets folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\content\modules folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\content\lib folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\content\data\search folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\content\data folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome\content folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\chrome folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593} folder moved successfully.
C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\c9qmy6vo.default\searchplugins\iMeshWebSearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B3CD287-1CC1-4ABD-B1AC-2BBE59483224}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B3CD287-1CC1-4ABD-B1AC-2BBE59483224}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2B3CD286-1CC1-4ABD-B1AC-2BBE59483224} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B3CD286-1CC1-4ABD-B1AC-2BBE59483224}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-849200177-4156556311-1692382273-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2B3CD286-1CC1-4ABD-B1AC-2BBE59483224} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B3CD286-1CC1-4ABD-B1AC-2BBE59483224}\ not found.
Registry value HKEY_USERS\S-1-5-21-849200177-4156556311-1692382273-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B7D3E479-CC68-42B5-A338-938ECE35F419} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-849200177-4156556311-1692382273-1006\Software\Microsoft\Windows\CurrentVersion\Run\\9158 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-849200177-4156556311-1692382273-1006\Software\Microsoft\Windows\CurrentVersion\Run\\GabPath deleted successfully.
Registry key HKEY_USERS\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@install.mar@\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@mail.mar@\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pps.tv\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ppstream.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-849200177-4156556311-1692382273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webscache.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\KuGoo\ deleted successfully.
File Protocol\Handler\KuGoo - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\KuGoo3\ deleted successfully.
File Protocol\Handler\KuGoo3 - No CLSID value found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\WallPaper deleted successfully.
C:\WINDOWS\CoopenOldWallPaper.bmp moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\BackupWallPaper deleted successfully.
File C:\WINDOWS\CoopenOldWallPaper.bmp not found.
File not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\ not found.
File G:\OSO.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02e7af93-d5b7-11db-9e08-0015c5a3ecfe}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{211642f6-3cb6-11dc-96c2-0015c5a3ecfe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{211642f6-3cb6-11dc-96c2-0015c5a3ecfe}\ not found.
File G:\Iexplores.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{211642f7-3cb6-11dc-96c2-0015c5a3ecfe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{211642f7-3cb6-11dc-96c2-0015c5a3ecfe}\ not found.
File H:\Iexplores.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32b76790-59d8-11db-9d39-0015c5a3ecfe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b76790-59d8-11db-9d39-0015c5a3ecfe}\ not found.
File System32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{460c5569-972a-11dc-9702-0015c5a3ecfe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{460c5569-972a-11dc-9702-0015c5a3ecfe}\ not found.
File ie.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{460c5569-972a-11dc-9702-0015c5a3ecfe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{460c5569-972a-11dc-9702-0015c5a3ecfe}\ not found.
File ie.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{460c5569-972a-11dc-9702-0015c5a3ecfe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{460c5569-972a-11dc-9702-0015c5a3ecfe}\ not found.
File ie.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\ not found.
File F:\tn0k.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\ not found.
File F:\tn0k.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8279645b-41a7-11dd-97bc-0015c5a3ecfe}\ not found.
File F:\tn0k.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\ not found.
File F:\ntdelect.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\ not found.
File F:\ntdelect.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d8d6740-65c2-11dc-96e2-001302a8d95c}\ not found.
File F:\ntdelect.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b61f2ef4-136b-11dd-976e-001302a8d95c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b61f2ef4-136b-11dd-976e-001302a8d95c}\ not found.
File infrom.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b61f2ef4-136b-11dd-976e-001302a8d95c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b61f2ef4-136b-11dd-976e-001302a8d95c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b61f2ef4-136b-11dd-976e-001302a8d95c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b61f2ef4-136b-11dd-976e-001302a8d95c}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\ not found.
File F:\tfk8.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\ not found.
File F:\tfk8.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9869e7c-f7dd-11db-9e33-001302a8d95c}\ not found.
File F:\tfk8.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\ not found.
File infrom.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d77843d2-a8ae-11dc-9710-0015c5a3ecfe}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e333e2b8-e40f-11df-9611-001302a8d95c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e333e2b8-e40f-11df-9611-001302a8d95c}\ not found.
File F:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e333e2b8-e40f-11df-9611-001302a8d95c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e333e2b8-e40f-11df-9611-001302a8d95c}\ not found.
File F:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File OSO.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe not found.
C:\Documents and Settings\All Users\Application Data\vgzcakvi.hqf moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UpdatesDisableNotify" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\"DisableMonitoring" | 0 /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Kim\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Kim\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: A.K. Lim
->Temp folder emptied: 22099 bytes
->Temporary Internet Files folder emptied: 76135 bytes

User: Administrator
->Temporary Internet Files folder emptied: 5966748 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Kim
->Temp folder emptied: 732969683 bytes
->Temporary Internet Files folder emptied: 140181840 bytes
->Java cache emptied: 3855964 bytes
->FireFox cache emptied: 55803473 bytes
->Apple Safari cache emptied: 72188928 bytes
->Flash cache emptied: 45651 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 737440 bytes

User: NetworkService
->Temp folder emptied: 92950 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 6106129 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95573254 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 172064172 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 37451 bytes
RecycleBin emptied: 22 bytes

Total Files Cleaned = 1,228.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.2 log created on 03262012_110846

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Kim\Local Settings\Temp\fla6E.tmp not found!
File\Folder C:\Documents and Settings\Kim\Local Settings\Temp\~DFC864.tmp not found!
File\Folder C:\Documents and Settings\Kim\Local Settings\Temp\~DFC8F4.tmp not found!
File\Folder C:\Documents and Settings\Kim\Local Settings\Temp\~DFCA3C.tmp not found!
File\Folder C:\Documents and Settings\Kim\Local Settings\Temp\~DFCADF.tmp not found!
File\Folder C:\Documents and Settings\Kim\Local Settings\Temp\~DFCCAC.tmp not found!
File\Folder C:\Documents and Settings\Kim\Local Settings\Temp\~DFCEDD.tmp not found!
File\Folder C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\WBZN5ULZ\alinta_energy_80x90_176jace-176jact[2].jpg not found!
File\Folder C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\WBZN5ULZ\anz1-176geep[2].jpg not found!
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\WBZN5ULZ\combo[4] moved successfully.
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\WBZN5ULZ\news_print.minify[1].css moved successfully.
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\WBZN5ULZ\st[1] moved successfully.
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\QZF0EQVQ\activityi;src=2542116;type=conap955;cat=gmail3;ord=1;num=1093030039073.6631;~oref=http___www.google.com_mail_help_intl_en_au_logout[1].htm moved successfully.
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\QZF0EQVQ\CheckConnection[1].htm moved successfully.
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\QZF0EQVQ\satwitterlogo_normal[1].jpg moved successfully.
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\QZF0EQVQ\satwitterlogo_normal[2].jpg moved successfully.
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\QZF0EQVQ\satwitterlogo_normal[3].jpg moved successfully.
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\QZF0EQVQ\st[2] moved successfully.
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\G1QBEI1N\4fu8RBPDDCYpod03lr_bYQ[1].eot moved successfully.
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\G1QBEI1N\ServiceLogin[1].htm moved successfully.
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\G1QBEI1N\st[3] moved successfully.
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\G1QBEI1N\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\7N2YABGS\earthquake-strikes-central-australia[2].txt moved successfully.
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\7N2YABGS\satwitterlogo_normal[1].jpg moved successfully.
C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\7N2YABGS\st[2] moved successfully.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
C:\WINDOWS\temp\klsE24B.tmp moved successfully.

Registry entries deleted on Reboot...
zeax.ikim
Regular Member
 
Posts: 15
Joined: March 18th, 2012, 11:08 pm

Re: Unusual traffic from computer network

Unread postby maxi » March 27th, 2012, 11:58 am

Hi zeax.ikim,
Step 1
SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    OSO.exe
    Iexplores.exe
    System32.exe
    ie.exe
    tn0k.exe
    ntdelect.com
    infrom.exe
    tfk8.exe
    Setup.exe
    AutoRun
    Auto&Play

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Step 2
Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

Step 3
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

In your next reply please include:
The systemlook log.
The aswMBR log.
The eset log.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Unusual traffic from computer network

Unread postby maxi » March 30th, 2012, 9:39 am

Hi,

Are you still with us ?
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Unusual traffic from computer network

Unread postby zeax.ikim » April 1st, 2012, 9:58 pm

yes i am.

was caught up at work last whole week.

I'm going through your step by step guide now and will reply again within the next hour.

Thank you for your patience.
zeax.ikim
Regular Member
 
Posts: 15
Joined: March 18th, 2012, 11:08 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware