Dear Tech Support,
As advised, i am attaching the dds.txt and attach.zip containing attach.txt and ark.txt.
I am not attaching the malware website address as well as advised which comes as popup or advertisement in every page i open.
Looking forward for your support and appreciate your valuable time for the help.
Cheers
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by User at 0:11:51 on 2013-03-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1206 [GMT 5.5:30]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.in/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: SFCDisable = dword:-99
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: EnableLUA = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354218528531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{38C03813-5E72-47FE-8579-CCEDDFFFEC52} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: NavLogon - <no file>
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\l1gzsqt6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\l1gzsqt6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\l1gzsqt6.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyH2xelcO
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.incredibar_i.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-5-17 565552]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-12-14 76696]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 206448]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S2 facuf;Shell Server;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 omwbz;System Universal;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 qyboxiy;Network Time;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\njlojp.sys --> c:\windows\system32\drivers\njlojp.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-11-23 100736]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~1\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-03-18 08:58:07 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-18 08:58:07 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
.
==================== Find3M ====================
.
2013-03-16 17:42:54 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-16 17:42:53 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 0:13:11.10 ===============
As advised, i am attaching the dds.txt and attach.zip containing attach.txt and ark.txt.
I am not attaching the malware website address as well as advised which comes as popup or advertisement in every page i open.
Looking forward for your support and appreciate your valuable time for the help.
Cheers
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by User at 0:11:51 on 2013-03-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1206 [GMT 5.5:30]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.in/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: SFCDisable = dword:-99
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: EnableLUA = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354218528531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{38C03813-5E72-47FE-8579-CCEDDFFFEC52} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: NavLogon - <no file>
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\l1gzsqt6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\l1gzsqt6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\l1gzsqt6.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyH2xelcO
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.incredibar_i.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-5-17 565552]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-12-14 76696]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 206448]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S2 facuf;Shell Server;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 omwbz;System Universal;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 qyboxiy;Network Time;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\njlojp.sys --> c:\windows\system32\drivers\njlojp.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-11-23 100736]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~1\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-03-18 08:58:07 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-18 08:58:07 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
.
==================== Find3M ====================
.
2013-03-16 17:42:54 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-16 17:42:53 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 0:13:11.10 ===============