Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

had password stolen and login info changed


  • This topic is locked This topic is locked
9 replies to this topic

#1 n2rga

n2rga

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 11 January 2010 - 12:50 PM

I be leave I had a Trojan someone contacted me by e-mail saying that if I wanted my account back
that I will have to pay him money via paypal. (will not mention where account is publicly for security reasons)
I think I got the Trojan removed. I see no signs of it.

I have malwarebytes, spybot s&d, kaspersky installed all says its clean.

please tell me if every thing looks good I'm using kaspesksy virtual keyboard for all my log ins and its a pain.
the RootRepeal error-ed out could not run it
this is the error I got
CODE
12:25:00: FOPS - DeviceIoControl Error!  Error Code = 0xc0000024 Extended Info (0x000000e8)
12:25:00: DeviceIoControl Error!  Error Code = 0x1e7
12:25:00: FOPS - DeviceIoControl Error!  Error Code = 0xc0000024 Extended Info (0x000000e8)


attach.zip attached

I ran the DDS and got the DDS.txt here that is

CODE
DDS (Ver_09-12-01.01) - NTFSx86  
Run by n2rga at 12:11:54.47 on Mon 01/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3326.2292 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\System32\rpcnet.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Users\n2rga\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mife82~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\n2rga\appdata\roaming\mozilla\firefox\profiles\zjm9wuih.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\n2rga\appdata\roaming\mozilla\firefox\profiles\zjm9wuih.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: c:\users\n2rga\appdata\roaming\mozilla\firefox\profiles\zjm9wuih.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2008-5-20 15328]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340456]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-8 236368]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2009-11-12 220128]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-10 1153368]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-7 19160]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

=============== Created Last 30 ================

2010-01-11 13:50:48    0    d-----w-    c:\program files\Trend Micro
2010-01-11 03:56:03    0    d-----w-    c:\programdata\McAfee
2010-01-11 03:54:31    0    d-----w-    c:\programdata\McAfee Security Scan
2010-01-10 18:51:15    0    d-----w-    c:\programdata\Spybot - Search & Destroy
2010-01-10 18:51:15    0    d-----w-    c:\program files\Spybot - Search & Destroy
2010-01-10 18:48:34    0    d-----w-    c:\programdata\TEMP
2010-01-10 00:20:54    0    d-----w-    c:\program files\Microsoft WSE
2010-01-10 00:20:15    2414360    ----a-w-    c:\windows\system32\d3dx9_31.dll
2010-01-10 00:08:16    116736    ----a-w-    c:\windows\system32\drivers\mcdbus.sys
2010-01-10 00:08:15    0    d-----w-    c:\program files\MagicDisc
2010-01-09 19:57:15    0    d-----w-    c:\users\n2rga\appdata\roaming\QuickScan
2010-01-08 08:00:32    0    d-----w-    c:\program files\MSXML 4.0
2010-01-08 07:05:00    411368    ----a-w-    c:\windows\system32\deploytk.dll
2010-01-08 07:00:45    0    d-----w-    c:\program files\PremiumSoft
2010-01-08 06:57:24    90112    ----a-w-    c:\windows\unvise32.exe
2010-01-08 06:55:10    0    d-----w-    c:\program files\The Logo Creator v5
2010-01-08 06:52:22    0    d-----w-    c:\program files\LimeWire
2010-01-08 06:48:28    0    d-----w-    c:\program files\Microsoft Expression
2010-01-08 04:44:59    0    d-----w-    c:\program files\Nero
2010-01-08 04:44:40    0    d-----w-    c:\programdata\Nero
2010-01-08 03:20:45    32592    ----a-w-    c:\windows\system32\msonpmon.dll
2010-01-08 03:17:46    0    d-----w-    c:\windows\PCHEALTH
2010-01-08 03:14:11    0    d-----w-    c:\program files\Microsoft Visual Studio 8
2010-01-08 03:13:08    0    d-----w-    c:\programdata\Microsoft Help
2010-01-08 03:01:30    0    d-----w-    c:\program files\common files\Nova Development
2010-01-08 03:00:11    0    d-----w-    c:\programdata\Creative Home
2010-01-08 03:00:11    0    d-----w-    c:\program files\Creative Home
2010-01-08 02:54:27    952    --sha-w-    c:\windows\system32\KGyGaAvL.sys
2010-01-08 02:54:15    0    d-----w-    c:\programdata\Corel
2010-01-08 02:52:09    0    d-----w-    c:\program files\common files\Corel
2010-01-08 02:52:08    0    d-----w-    c:\program files\Corel
2010-01-08 02:30:11    0    d-----w-    c:\program files\Microsoft Streets & Trips 2010
2010-01-08 02:28:35    0    d-----w-    c:\program files\MSECache
2010-01-08 01:32:30    0    d-----w-    c:\program files\SmartFTP Client
2010-01-08 01:30:40    0    d-----w-    c:\program files\SmartFTP Client 4.0 Setup Files
2010-01-07 13:57:44    0    ---ha-w-    c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-01-07 13:57:38    0    d-----w-    c:\program files\Synaptics
2010-01-07 13:42:00    0    d-----w-    C:\Temp
2010-01-07 13:36:51    0    d-----w-    c:\users\n2rga\appdata\roaming\Malwarebytes
2010-01-07 13:36:41    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 13:36:40    0    d-----w-    c:\programdata\Malwarebytes
2010-01-07 13:36:38    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-01-07 13:36:38    0    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-01-07 13:34:13    0    d-----w-    c:\program files\MagicISO
2010-01-07 12:52:48    0    d-----w-    c:\programdata\FLEXnet
2010-01-07 12:46:48    0    d-----w-    c:\programdata\ALM
2010-01-07 12:42:30    0    d-----w-    c:\program files\common files\PX Storage Engine
2010-01-07 12:33:34    22872    ----a-r-    c:\windows\system32\AdobePDFUI.dll
2010-01-07 12:26:08    0    d-----w-    c:\programdata\Adobe
2010-01-07 12:21:40    0    d-----w-    c:\program files\common files\Macrovision Shared
2010-01-07 10:11:48    17408    ----a-w-    c:\windows\system32\rpcnetp.dll
2010-01-07 10:11:08    17408    ----a-w-    c:\windows\system32\rpcnetp.exe
2010-01-07 10:10:12    8192    --sha-r-    C:\BOOTSECT.BAK
2010-01-07 10:10:10    383562    --sha-r-    C:\bootmgr
2010-01-07 10:10:10    0    d-sh--w-    C:\Boot
2010-01-07 08:45:20    0    d-----w-    c:\program files\common files\Akamai
2010-01-07 08:36:25    0    d-----w-    c:\users\n2rga\appdata\roaming\GrabIt
2010-01-07 08:34:47    0    d-----w-    c:\program files\GrabIt
2010-01-07 08:21:56    981    ----a-w-    c:\windows\eReg.dat
2010-01-07 08:20:26    0    d-----w-    c:\program files\EA Games
2010-01-07 08:06:01    0    d-----w-    c:\programdata\NVIDIA
2010-01-07 07:57:02    797216    ----a-w-    c:\windows\system32\nvcplui.exe
2010-01-07 07:57:02    453152    ----a-w-    c:\windows\system32\nvuninst.exe
2010-01-07 07:57:02    420384    ----a-w-    c:\windows\system32\nvcpl.cpl
2010-01-07 07:57:02    1108512    ----a-w-    c:\windows\system32\nvcpluir.dll
2010-01-07 07:56:17    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-01-07 07:43:05    0    d-----w-    c:\programdata\Macrium
2010-01-07 07:42:20    0    d-----w-    c:\program files\Macrium
2010-01-07 07:33:41    95259    ----a-w-    c:\windows\system32\drivers\klick.dat
2010-01-07 07:33:41    108059    ----a-w-    c:\windows\system32\drivers\klin.dat
2010-01-07 07:33:22    0    d-----w-    c:\programdata\Kaspersky Lab
2010-01-07 07:33:22    0    d-----w-    c:\program files\Kaspersky Lab
2010-01-07 07:32:39    0    d-sh--w-    c:\windows\Installer
2010-01-07 07:32:28    0    d-----w-    c:\programdata\Kaspersky Lab Setup Files
2010-01-07 07:27:31    713888    ----a-w-    c:\windows\system32\PerfStringBackup.INI
2010-01-07 07:25:11    51200    ----a-w-    c:\windows\system32\rpcnet.exe
2010-01-07 07:25:11    51200    ----a-w-    c:\windows\system32\rpcnet.dll
2010-01-07 07:24:49    13160    ----a-w-    c:\windows\system32\Upgrd.exe
2010-01-07 07:23:51    0    d-----w-    c:\programdata\Hewlett-Packard
2010-01-07 07:21:45    0    d-----w-    c:\windows\system32\wbem\Performance
2010-01-07 07:21:28    204528    --sh--r-    C:\GRLDR
2010-01-07 07:21:23    0    d-sh--we    c:\programdata\Documents
2010-01-07 07:21:23    0    d-sh--we    C:\Documents and Settings
2010-01-07 07:21:23    0    d-sh--w-    C:\Recovery

==================== Find3M  ====================

2009-11-12 21:41:28    32736    ----a-w-    c:\windows\system32\drivers\psmounter.sys
2009-11-10 09:38:37    12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2009-11-10 09:38:32    71168    ----a-w-    c:\windows\system32\fontsub.dll
2009-11-10 09:38:32    507568    ----a-w-    c:\windows\system32\winload.exe
2009-11-10 09:38:32    442920    ----a-w-    c:\windows\system32\winresume.exe
2009-11-10 09:38:32    293888    ----a-w-    c:\windows\system32\atmfd.dll
2009-11-10 09:38:32    2613248    ----a-w-    c:\windows\explorer.exe
2009-11-10 09:38:32    1320960    ----a-w-    c:\windows\system32\CertEnroll.dll
2009-11-10 09:38:32    108544    ----a-w-    c:\windows\system32\t2embed.dll
2009-11-05 08:36:20    25024    ----a-w-    c:\windows\system32\mrtstub.exe
2009-11-03 01:42:06    195456    ------w-    c:\windows\system32\MpSigStub.exe
2009-10-21 16:45:04    33792    ----a-w-    c:\windows\system32\identprv.dll
2009-10-21 01:34:56    219664    ----a-w-    c:\windows\system32\klogon.dll
2009-07-14 04:56:42    31548    ----a-w-    c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42    31548    ----a-w-    c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42    291294    ----a-w-    c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42    291294    ----a-w-    c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57    174    --sha-w-    c:\program files\desktop.ini
2009-07-14 00:34:40    291294    ----a-w-    c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40    291294    ----a-w-    c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38    31548    ----a-w-    c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38    31548    ----a-w-    c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35    9633792    --sha-r-    c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:12:37.81 ===============


I have hijackthis if you want me to run it let me know
I'm familiar with msconfig, running scans, let me know what you need and I will get right on it

thanks for your help in advance. I will be looking for a link to post on my commercial site and my hobby forums

Attached Files



BC AdBot (Login to Remove)

 


#2 n2rga

n2rga
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 14 January 2010 - 10:58 AM

I know you guys/gals are volunteers But how long before a topic is answered?
The help page said a few days.
I would like to also learn to do what you guys/Gals are doing so I can also help out here but no slots are available.

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Elise - forum moderator

Edited by elise025, 16 January 2010 - 01:50 PM.


#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:52 AM

Posted 16 January 2010 - 04:14 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#4 n2rga

n2rga
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 17 January 2010 - 10:18 PM

Like I said in the first post
I be leave I had a Trojan someone contacted me by e-mail saying that if I wanted my account back
that I will have to pay him money via paypal. (will not mention where account is publicly for security reasons)
I think I got the Trojan removed. I see no signs of it.

I have malwarebytes, spybot s&d, kaspersky installed all says its clean. I installed sanity but uninstalled after reading not to do anything to computer untill checked

here is the dds log


CODE
DDS (Ver_09-12-01.01) - NTFSx86  
Run by n2rga at 22:07:59.03 on Sun 01/17/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3326.2477 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\System32\rpcnet.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\n2rga\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mife82~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\n2rga\appdata\roaming\mozilla\firefox\profiles\zjm9wuih.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\n2rga\appdata\roaming\mozilla\firefox\profiles\zjm9wuih.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: c:\users\n2rga\appdata\roaming\mozilla\firefox\profiles\zjm9wuih.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2008-5-20 15328]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-8 236368]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2009-11-12 220128]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-10 1153368]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-7 19160]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340456]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2010-1-11 27192]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

=============== Created Last 30 ================

2010-01-16 00:00:51    70656    ----a-w-    c:\windows\system32\fontsub.dll
2010-01-16 00:00:51    108544    ----a-w-    c:\windows\system32\t2embed.dll
2010-01-12 01:24:12    27192    ----a-w-    c:\windows\system32\drivers\rspSanity32.sys
2010-01-11 17:23:22    0    ----a-w-    c:\windows\system32\settings.dat
2010-01-11 13:50:48    0    d-----w-    c:\program files\Trend Micro
2010-01-11 03:56:03    0    d-----w-    c:\programdata\McAfee
2010-01-11 03:54:31    0    d-----w-    c:\programdata\McAfee Security Scan
2010-01-10 18:51:15    0    d-----w-    c:\programdata\Spybot - Search & Destroy
2010-01-10 18:51:15    0    d-----w-    c:\program files\Spybot - Search & Destroy
2010-01-10 18:48:34    0    d-----w-    c:\programdata\TEMP
2010-01-10 00:20:54    0    d-----w-    c:\program files\Microsoft WSE
2010-01-10 00:20:15    2414360    ----a-w-    c:\windows\system32\d3dx9_31.dll
2010-01-10 00:08:16    116736    ----a-w-    c:\windows\system32\drivers\mcdbus.sys
2010-01-10 00:08:15    0    d-----w-    c:\program files\MagicDisc
2010-01-09 19:57:15    0    d-----w-    c:\users\n2rga\appdata\roaming\QuickScan
2010-01-08 08:00:32    0    d-----w-    c:\program files\MSXML 4.0
2010-01-08 07:05:00    411368    ----a-w-    c:\windows\system32\deploytk.dll
2010-01-08 07:00:45    0    d-----w-    c:\program files\PremiumSoft
2010-01-08 06:57:24    90112    ----a-w-    c:\windows\unvise32.exe
2010-01-08 06:55:10    0    d-----w-    c:\program files\The Logo Creator v5
2010-01-08 06:52:22    0    d-----w-    c:\program files\LimeWire
2010-01-08 06:48:28    0    d-----w-    c:\program files\Microsoft Expression
2010-01-08 04:44:59    0    d-----w-    c:\program files\Nero
2010-01-08 04:44:40    0    d-----w-    c:\programdata\Nero
2010-01-08 03:20:45    32592    ----a-w-    c:\windows\system32\msonpmon.dll
2010-01-08 03:17:46    0    d-----w-    c:\windows\PCHEALTH
2010-01-08 03:14:11    0    d-----w-    c:\program files\Microsoft Visual Studio 8
2010-01-08 03:13:08    0    d-----w-    c:\programdata\Microsoft Help
2010-01-08 03:01:30    0    d-----w-    c:\program files\common files\Nova Development
2010-01-08 03:00:11    0    d-----w-    c:\programdata\Creative Home
2010-01-08 03:00:11    0    d-----w-    c:\program files\Creative Home
2010-01-08 02:54:27    952    --sha-w-    c:\windows\system32\KGyGaAvL.sys
2010-01-08 02:54:15    0    d-----w-    c:\programdata\Corel
2010-01-08 02:52:09    0    d-----w-    c:\program files\common files\Corel
2010-01-08 02:52:08    0    d-----w-    c:\program files\Corel
2010-01-08 02:30:11    0    d-----w-    c:\program files\Microsoft Streets & Trips 2010
2010-01-08 02:28:35    0    d-----w-    c:\program files\MSECache
2010-01-08 01:32:30    0    d-----w-    c:\program files\SmartFTP Client
2010-01-08 01:30:40    0    d-----w-    c:\program files\SmartFTP Client 4.0 Setup Files
2010-01-07 13:57:44    0    ---ha-w-    c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-01-07 13:57:38    0    d-----w-    c:\program files\Synaptics
2010-01-07 13:42:00    0    d-----w-    C:\Temp
2010-01-07 13:36:51    0    d-----w-    c:\users\n2rga\appdata\roaming\Malwarebytes
2010-01-07 13:36:41    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 13:36:40    0    d-----w-    c:\programdata\Malwarebytes
2010-01-07 13:36:38    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-01-07 13:36:38    0    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-01-07 13:34:13    0    d-----w-    c:\program files\MagicISO
2010-01-07 12:52:48    0    d-----w-    c:\programdata\FLEXnet
2010-01-07 12:46:48    0    d-----w-    c:\programdata\ALM
2010-01-07 12:42:30    0    d-----w-    c:\program files\common files\PX Storage Engine
2010-01-07 12:33:34    22872    ----a-r-    c:\windows\system32\AdobePDFUI.dll
2010-01-07 12:26:08    0    d-----w-    c:\programdata\Adobe
2010-01-07 12:21:40    0    d-----w-    c:\program files\common files\Macrovision Shared
2010-01-07 10:11:48    17408    ----a-w-    c:\windows\system32\rpcnetp.dll
2010-01-07 10:11:08    17408    ----a-w-    c:\windows\system32\rpcnetp.exe
2010-01-07 10:10:12    8192    --sha-r-    C:\BOOTSECT.BAK
2010-01-07 10:10:10    383562    --sha-r-    C:\bootmgr
2010-01-07 10:10:10    0    d-sh--w-    C:\Boot
2010-01-07 08:45:20    0    d-----w-    c:\program files\common files\Akamai
2010-01-07 08:36:25    0    d-----w-    c:\users\n2rga\appdata\roaming\GrabIt
2010-01-07 08:34:47    0    d-----w-    c:\program files\GrabIt
2010-01-07 08:21:56    981    ----a-w-    c:\windows\eReg.dat
2010-01-07 08:20:26    0    d-----w-    c:\program files\EA Games
2010-01-07 08:06:01    0    d-----w-    c:\programdata\NVIDIA
2010-01-07 07:57:02    797216    ----a-w-    c:\windows\system32\nvcplui.exe
2010-01-07 07:57:02    453152    ----a-w-    c:\windows\system32\nvuninst.exe
2010-01-07 07:57:02    420384    ----a-w-    c:\windows\system32\nvcpl.cpl
2010-01-07 07:57:02    1108512    ----a-w-    c:\windows\system32\nvcpluir.dll
2010-01-07 07:56:17    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-01-07 07:43:05    0    d-----w-    c:\programdata\Macrium
2010-01-07 07:42:20    0    d-----w-    c:\program files\Macrium
2010-01-07 07:33:41    95259    ----a-w-    c:\windows\system32\drivers\klick.dat
2010-01-07 07:33:41    108059    ----a-w-    c:\windows\system32\drivers\klin.dat
2010-01-07 07:33:22    0    d-----w-    c:\programdata\Kaspersky Lab
2010-01-07 07:33:22    0    d-----w-    c:\program files\Kaspersky Lab
2010-01-07 07:32:39    0    d-sh--w-    c:\windows\Installer
2010-01-07 07:32:28    0    d-----w-    c:\programdata\Kaspersky Lab Setup Files
2010-01-07 07:27:31    713888    ----a-w-    c:\windows\system32\PerfStringBackup.INI
2010-01-07 07:25:11    51200    ----a-w-    c:\windows\system32\rpcnet.exe
2010-01-07 07:25:11    51200    ----a-w-    c:\windows\system32\rpcnet.dll
2010-01-07 07:24:49    13160    ----a-w-    c:\windows\system32\Upgrd.exe
2010-01-07 07:23:51    0    d-----w-    c:\programdata\Hewlett-Packard
2010-01-07 07:21:45    0    d-----w-    c:\windows\system32\wbem\Performance
2010-01-07 07:21:28    204528    --sh--r-    C:\GRLDR
2010-01-07 07:21:23    0    d-sh--we    c:\programdata\Documents
2010-01-07 07:21:23    0    d-sh--we    C:\Documents and Settings
2010-01-07 07:21:23    0    d-sh--w-    C:\Recovery

==================== Find3M  ====================

2009-11-10 09:38:37    12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2009-11-10 09:38:32    507568    ----a-w-    c:\windows\system32\winload.exe
2009-11-10 09:38:32    442920    ----a-w-    c:\windows\system32\winresume.exe
2009-11-10 09:38:32    293888    ----a-w-    c:\windows\system32\atmfd.dll
2009-11-10 09:38:32    2613248    ----a-w-    c:\windows\explorer.exe
2009-11-10 09:38:32    1320960    ----a-w-    c:\windows\system32\CertEnroll.dll
2009-11-05 08:36:20    25024    ----a-w-    c:\windows\system32\mrtstub.exe
2009-11-03 01:42:06    195456    ------w-    c:\windows\system32\MpSigStub.exe
2009-10-21 16:45:04    33792    ----a-w-    c:\windows\system32\identprv.dll
2009-10-21 01:34:56    219664    ----a-w-    c:\windows\system32\klogon.dll
2009-07-14 04:56:42    31548    ----a-w-    c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42    31548    ----a-w-    c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42    291294    ----a-w-    c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42    291294    ----a-w-    c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57    174    --sha-w-    c:\program files\desktop.ini
2009-07-14 00:34:40    291294    ----a-w-    c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40    291294    ----a-w-    c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38    31548    ----a-w-    c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38    31548    ----a-w-    c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35    9633792    --sha-r-    c:\windows\fonts\StaticCache.dat
2009-10-14 09:58:17    245760    --sha-w-    c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:08:15.75 ===============

Attached Files



#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:52 AM

Posted 18 January 2010 - 02:25 PM

Hello, n2rga and again
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 n2rga

n2rga
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 19 January 2010 - 08:39 PM

CODE
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-19 20:37:24
Windows 6.1.7600
Running: jnuompdm.exe; Driver: C:\Users\n2rga\AppData\Local\Temp\awkdypog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwAdjustPrivilegesToken [0x9085BBD0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwAlpcConnectPort [0x9085D52C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwAlpcCreatePort [0x9085D782]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwAlpcSendWaitReceivePort [0x9085D9FC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwClose [0x9085C450]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwConnectPort [0x9085CB32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateEvent [0x9085CF3C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateFile [0x9085C5F8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateMutant [0x9085CE14]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateNamedPipeFile [0x9085B7D6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreatePort [0x9085CCD0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateSection [0x9085B992]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateSemaphore [0x9085D06E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateSymbolicLinkObject [0x9085ECB0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateThread [0x9085C0EE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateThreadEx [0x9085C1EE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateWaitablePort [0x9085CD72]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwDebugActiveProcess [0x9085E6A2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwDuplicateObject [0x9085F672]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwFsControlFile [0x9085C752]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwLoadDriver [0x9085E734]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwMapViewOfSection [0x9085ED64]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenEvent [0x9085CFDE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenFile [0x9085C4D2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenMutant [0x9085CEAC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenProcess [0x9085BDD6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenSection [0x9085ECDA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenSemaphore [0x9085D110]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenThread [0x9085BCFA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwQueryDirectoryObject [0x9085DC3E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwQuerySection [0x9085F07C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwQueueApcThread [0x9085E9CA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwReplyPort [0x9085D49A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwReplyWaitReceivePort [0x9085D360]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwRequestWaitReplyPort [0x9085E442]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwResumeThread [0x9085F554]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSecureConnectPort [0x9085C86C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSetContextThread [0x9085C30C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSetInformationToken [0x9085DCF2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSetSecurityObject [0x9085E82E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSetSystemInformation [0x9085F1BC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSuspendProcess [0x9085F2A0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSuspendThread [0x9085F3C8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSystemDebugControl [0x9085E5CE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwTerminateProcess [0x9085BF4E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwTerminateThread [0x9085BEA4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwUnmapViewOfSection [0x9085EF32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwWriteVirtualMemory [0x9085C02E]

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82A25AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82A25104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82A253F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82A0E2D8
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82A0D898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82A251DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82A25958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82A256F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82A25F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 82A261A8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                          82A85579 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                   82AA9F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 220                                                                      82AB1720 4 Bytes  [D0, BB, 85, 90]
.text           ntkrnlpa.exe!RtlSidHashLookup + 248                                                                      82AB1748 8 Bytes  [2C, D5, 85, 90, 82, D7, 85, ...] {SUB AL, 0xd5; TEST [EAX-0x6f7a287e], EDX}
.text           ntkrnlpa.exe!RtlSidHashLookup + 28C                                                                      82AB178C 4 Bytes  [FC, D9, 85, 90]
.text           ntkrnlpa.exe!RtlSidHashLookup + 2B8                                                                      82AB17B8 4 Bytes  [50, C4, 85, 90]
.text           ntkrnlpa.exe!RtlSidHashLookup + 2DC                                                                      82AB17DC 4 Bytes  [32, CB, 85, 90]
.text           ...                                                                                                      
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                 section is writeable [0x91C28340, 0x3EE217, 0xE8000020]
.text           peauth.sys                                                                                               9E63AC9D 28 Bytes  [1E, B9, 4F, 80, 40, 82, A1, ...]
.text           peauth.sys                                                                                               9E63ACC1 28 Bytes  [1E, B9, 4F, 80, 40, 82, A1, ...]
PAGE            peauth.sys                                                                                               9E640B9B 72 Bytes  [67, B0, C7, 23, 1A, 00, 58, ...]
PAGE            peauth.sys                                                                                               9E640BEC 111 Bytes  [50, DD, F9, 02, 05, 84, FA, ...]
PAGE            peauth.sys                                                                                               9E640E20 101 Bytes  [26, D2, 27, 6D, 7A, 13, A2, ...]
PAGE            ...                                                                                                      

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\system32\rundll32.exe[1376] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1376] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1376] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1376] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[1664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[1664] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[1664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[1664] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\System32\rpcnet.exe[1964] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]       [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\System32\rpcnet.exe[1964] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]      [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\System32\rpcnet.exe[1964] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]    [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\System32\rpcnet.exe[1964] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]     [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\System32\rpcnet.exe[1964] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]     [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[3936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[3936] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[3936] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[3936] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [757A5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                  Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                  Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000047                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                  kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                  kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197edd8499                              
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197edd8499 (not active ControlSet)          

---- EOF - GMER 1.0.15 ----


#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:52 AM

Posted 20 January 2010 - 01:24 PM

Hi,

  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 n2rga

n2rga
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 20 January 2010 - 10:03 PM

CODE
OTL logfile created on: 1/20/2010 9:42:03 PM - Run 1
OTL by OldTimer - Version 3.1.25.3     Folder = C:\Users\n2rga\Desktop
Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296.04 Gb Total Space | 233.65 Gb Free Space | 78.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: N2RGA-LAPTOP_PC
Current User Name: n2rga
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/01/20 21:37:18 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\n2rga\Desktop\OTL.exe
PRC - [2010/01/08 02:04:49 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2010/01/07 16:07:10 | 00,429,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/01/07 16:07:10 | 00,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/01/07 08:41:30 | 00,051,200 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2009/12/22 12:41:29 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/12 13:50:18 | 00,220,128 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2009/11/10 04:38:32 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/10/20 20:34:38 | 00,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
PRC - [2009/09/23 13:38:18 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/07/13 20:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/03/06 11:52:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/06/11 22:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2006/11/17 18:52:40 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/10/27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/01/20 21:37:18 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\n2rga\Desktop\OTL.exe
MOD - [2009/07/13 20:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 20:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/01/07 16:07:10 | 00,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/01/07 08:41:30 | 00,051,200 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/01/07 07:21:40 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/12 13:50:18 | 00,220,128 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/09/23 13:38:18 | 00,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/13 20:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/03/06 11:52:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/06/05 13:20:32 | 00,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/01/07 02:36:23 | 00,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/11/12 10:11:40 | 00,027,192 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\rspSanity32.sys -- (rspSanity)
DRV - [2009/10/14 21:18:34 | 00,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 19:39:36 | 00,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:46:36 | 00,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/09/01 15:29:50 | 00,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/13 20:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 00,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 00,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 00,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 20:20:36 | 00,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 00,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 00,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 00,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 00,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 00,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 18:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:13:46 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 17:13:45 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 17:13:45 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 17:02:51 | 04,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 17:02:50 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2009/07/13 17:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:49 | 00,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/07/13 17:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 15:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/03/06 11:52:00 | 07,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/24 18:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/05/20 08:32:40 | 00,015,328 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2008/02/06 03:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/11/17 18:52:38 | 00,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/14 17:35:20 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC 08 B1 2B 6B 8F CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 10:09:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/11 08:48:04 | 00,000,000 | ---D | M]

[2010/01/07 10:09:14 | 00,000,000 | ---D | M] -- C:\Users\n2rga\AppData\Roaming\Mozilla\Extensions
[2010/01/19 20:29:35 | 00,000,000 | ---D | M] -- C:\Users\n2rga\AppData\Roaming\Mozilla\Firefox\Profiles\zjm9wuih.default\extensions
[2010/01/07 10:31:12 | 00,000,000 | ---D | M] (Screengrab) -- C:\Users\n2rga\AppData\Roaming\Mozilla\Firefox\Profiles\zjm9wuih.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/01/07 10:31:12 | 00,000,000 | ---D | M] (ColorZilla) -- C:\Users\n2rga\AppData\Roaming\Mozilla\Firefox\Profiles\zjm9wuih.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/01/07 10:31:12 | 00,000,000 | ---D | M] (IE View) -- C:\Users\n2rga\AppData\Roaming\Mozilla\Firefox\Profiles\zjm9wuih.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/01/07 10:31:12 | 00,000,000 | ---D | M] (Password Exporter) -- C:\Users\n2rga\AppData\Roaming\Mozilla\Firefox\Profiles\zjm9wuih.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/01/07 10:31:12 | 00,000,000 | ---D | M] (No name found) -- C:\Users\n2rga\AppData\Roaming\Mozilla\Firefox\Profiles\zjm9wuih.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
[2010/01/07 10:31:12 | 00,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\n2rga\AppData\Roaming\Mozilla\Firefox\Profiles\zjm9wuih.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2010/01/07 10:31:12 | 00,000,000 | ---D | M] -- C:\Users\n2rga\AppData\Roaming\Mozilla\Firefox\Profiles\zjm9wuih.default\extensions\firebug@software.joehewitt.com
[2010/01/07 10:31:12 | 00,000,000 | ---D | M] -- C:\Users\n2rga\AppData\Roaming\Mozilla\Firefox\Profiles\zjm9wuih.default\extensions\moveplayer@movenetworks.com
[2010/01/08 02:05:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/07 21:27:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: ([2010/01/17 21:59:47 | 00,000,856 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts:     
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 21:37:08 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/01/20 21:37:14 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Users\n2rga\Desktop\OTL.exe
[2010/01/15 19:00:51 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/15 19:00:51 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/11 20:24:12 | 00,027,192 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\System32\drivers\rspSanity32.sys
[2010/01/11 12:22:38 | 00,472,064 | ---- | C] ( ) -- C:\Users\n2rga\Desktop\RootRepeal.exe
[2010/01/11 08:50:48 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/10 22:56:03 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/01/10 22:54:31 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/01/10 13:51:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/10 13:51:15 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/10 13:48:34 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/01/10 13:47:25 | 00,000,000 | ---D | C] -- C:\Users\n2rga\Documents\Simply Super Software
[2010/01/09 19:26:07 | 00,000,000 | ---D | C] -- C:\Users\n2rga\Documents\Electronic Arts
[2010/01/09 19:20:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/01/09 19:20:15 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010/01/09 19:12:38 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/01/09 19:08:16 | 00,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys
[2010/01/09 19:08:15 | 00,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2010/01/09 14:59:30 | 00,000,000 | --SD | C] -- C:\Users\n2rga\Documents\My Web Sites
[2010/01/09 14:57:15 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Roaming\QuickScan
[2010/01/08 03:00:32 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/01/08 02:21:41 | 00,000,000 | ---D | C] -- C:\Users\n2rga\Documents\Reflect
[2010/01/08 02:05:00 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/01/08 02:05:00 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/01/08 02:05:00 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/01/08 02:05:00 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/01/08 02:04:46 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2010/01/08 02:00:45 | 00,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2010/01/08 01:57:24 | 00,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/01/08 01:55:10 | 00,000,000 | ---D | C] -- C:\Program Files\The Logo Creator v5
[2010/01/08 01:52:22 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/01/08 01:48:28 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Expression
[2010/01/08 00:57:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/01/07 23:58:48 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Roaming\Nero
[2010/01/07 23:44:59 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/01/07 23:44:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/01/07 23:44:02 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010/01/07 22:50:02 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Roaming\WinRAR
[2010/01/07 22:48:30 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/01/07 22:20:45 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2010/01/07 22:18:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/01/07 22:18:21 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/01/07 22:18:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/01/07 22:17:46 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/01/07 22:17:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/01/07 22:14:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/01/07 22:13:11 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Local\Microsoft Help
[2010/01/07 22:13:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/01/07 22:11:43 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2010/01/07 22:01:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nova Development
[2010/01/07 22:00:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Creative Home
[2010/01/07 22:00:11 | 00,000,000 | ---D | C] -- C:\Program Files\Creative Home
[2010/01/07 21:55:23 | 00,000,000 | ---D | C] -- C:\Users\n2rga\Documents\My Corel Shows
[2010/01/07 21:55:22 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Local\Corel
[2010/01/07 21:54:18 | 00,000,000 | ---D | C] -- C:\Users\n2rga\Documents\My PSP Files
[2010/01/07 21:54:18 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Roaming\Corel
[2010/01/07 21:54:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Corel
[2010/01/07 21:52:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2010/01/07 21:52:08 | 00,000,000 | ---D | C] -- C:\Program Files\Corel
[2010/01/07 21:30:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Streets & Trips 2010
[2010/01/07 21:28:47 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/01/07 21:28:35 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/01/07 20:32:43 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Roaming\SmartFTP
[2010/01/07 20:32:30 | 00,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/01/07 20:30:40 | 00,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/01/07 10:09:07 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Roaming\Mozilla
[2010/01/07 10:09:07 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Local\Mozilla
[2010/01/07 10:09:01 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/07 08:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/01/07 08:42:00 | 00,000,000 | ---D | C] -- C:\Temp
[2010/01/07 08:36:51 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Roaming\Malwarebytes
[2010/01/07 08:36:41 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 08:36:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/07 08:36:38 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/07 08:36:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/07 08:34:13 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2010/01/07 07:52:48 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/01/07 07:46:48 | 00,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010/01/07 07:42:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/01/07 07:33:34 | 00,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010/01/07 07:27:07 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/01/07 07:27:06 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Roaming\Macromedia
[2010/01/07 07:26:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/01/07 07:26:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/01/07 07:23:33 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Roaming\Adobe
[2010/01/07 07:23:33 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/01/07 07:22:08 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/01/07 07:22:06 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Local\Adobe
[2010/01/07 07:21:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/01/07 07:04:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/01/07 05:13:59 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/01/07 05:11:49 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2010/01/07 05:11:45 | 00,000,000 | ---D | C] -- C:\Windows\CSC
[2010/01/07 05:10:10 | 00,000,000 | -HSD | C] -- C:\Boot
[2010/01/07 03:45:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010/01/07 03:36:25 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Roaming\GrabIt
[2010/01/07 03:34:47 | 00,000,000 | ---D | C] -- C:\Program Files\GrabIt
[2010/01/07 03:23:39 | 00,000,000 | ---D | C] -- C:\Users\n2rga\Documents\Command and Conquer Generals Data
[2010/01/07 03:21:59 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/01/07 03:20:26 | 00,000,000 | ---D | C] -- C:\Program Files\EA Games
[2010/01/07 03:19:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/01/07 03:19:06 | 00,000,000 | ---D | C] -- C:\Users\n2rga\Documents\winlink
[2010/01/07 03:19:01 | 00,000,000 | ---D | C] -- C:\Users\n2rga\Documents\PDFs
[2010/01/07 03:19:00 | 00,000,000 | ---D | C] -- C:\Users\n2rga\Documents\img
[2010/01/07 03:18:57 | 00,000,000 | ---D | C] -- C:\Users\n2rga\Documents\Dell™ Inspiron™ 9400E1705 Owner's Manual
[2010/01/07 03:18:54 | 00,000,000 | ---D | C] -- C:\Users\n2rga\Documents\Dell™ Inspiron™ 9400 Service Manual
[2010/01/07 03:18:50 | 00,000,000 | ---D | C] -- C:\Users\n2rga\Documents\Dell updated drivers
[2010/01/07 03:18:49 | 00,000,000 | ---D | C] -- C:\Users\n2rga\Documents\Command and Conquer Generals Zero Hour Data
[2010/01/07 03:18:45 | 00,000,000 | ---D | C] -- C:\Users\n2rga\Documents\All freq Files
[2010/01/07 03:18:44 | 33,138,928 | ---- | C] (Kaspersky Lab) -- C:\Users\n2rga\Documents\kav8.0.0.454en.exe
[2010/01/07 03:06:01 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/01/07 02:57:02 | 01,108,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2010/01/07 02:57:02 | 00,797,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe
[2010/01/07 02:57:02 | 00,453,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe
[2010/01/07 02:57:02 | 00,420,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl
[2010/01/07 02:56:17 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/01/07 02:54:57 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/07 02:43:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2010/01/07 02:42:20 | 00,000,000 | ---D | C] -- C:\Program Files\Macrium
[2010/01/07 02:33:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/01/07 02:33:22 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/01/07 02:33:13 | 00,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/01/07 02:32:39 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/01/07 02:32:28 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/01/07 02:25:11 | 00,051,200 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2010/01/07 02:25:11 | 00,051,200 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2010/01/07 02:24:49 | 00,013,160 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\Upgrd.exe
[2010/01/07 02:23:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/01/07 02:23:24 | 00,000,000 | R--D | C] -- C:\Users\n2rga\Searches
[2010/01/07 02:23:15 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Roaming\Identities
[2010/01/07 02:23:13 | 00,000,000 | R--D | C] -- C:\Users\n2rga\Contacts
[2010/01/07 02:22:59 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Local\VirtualStore
[2010/01/07 02:22:56 | 00,000,000 | -HSD | C] -- C:\Users\n2rga\AppData\Local\Temporary Internet Files
[2010/01/07 02:22:56 | 00,000,000 | -HSD | C] -- C:\Users\n2rga\Templates
[2010/01/07 02:22:56 | 00,000,000 | -HSD | C] -- C:\Users\n2rga\Start Menu
[2010/01/07 02:22:56 | 00,000,000 | -HSD | C] -- C:\Users\n2rga\SendTo
[2010/01/07 02:22:56 | 00,000,000 | -HSD | C] -- C:\Users\n2rga\Recent
[2010/01/07 02:22:56 | 00,000,000 | -HSD | C] -- C:\Users\n2rga\PrintHood
[2010/01/07 02:22:56 | 00,000,000 | -HSD | C] -- C:\Users\n2rga\NetHood
[2010/01/07 02:22:56 | 00,000,000 | -HSD | C] -- C:\Users\n2rga\Documents\My Videos
[2010/01/07 02:22:56 | 00,000,000 | -HSD | C] -- C:\Users\n2rga\Documents\My Pictures
[2010/01/07 02:22:56 | 00,000,000 | -HSD | C] -- C:\Users\n2rga\Documents\My Music
[2010/01/07 02:22:56 | 00,000,000 | -HSD | C] -- C:\Users\n2rga\My Documents
[2010/01/07 02:22:56 | 00,000,000 | -HSD | C] -- C:\Users\n2rga\Local Settings
[2010/01/07 02:22:56 | 00,000,000 | -HSD | C] -- C:\Users\n2rga\AppData\Local\History
[2010/01/07 02:22:56 | 00,000,000 | -HSD | C] -- C:\Users\n2rga\Cookies
[2010/01/07 02:22:56 | 00,000,000 | -HSD | C] -- C:\Users\n2rga\Application Data
[2010/01/07 02:22:56 | 00,000,000 | -HSD | C] -- C:\Users\n2rga\AppData\Local\Application Data
[2010/01/07 02:22:55 | 00,000,000 | --SD | C] -- C:\Users\n2rga\AppData\Roaming\Microsoft
[2010/01/07 02:22:55 | 00,000,000 | R--D | C] -- C:\Users\n2rga\Videos
[2010/01/07 02:22:55 | 00,000,000 | R--D | C] -- C:\Users\n2rga\Saved Games
[2010/01/07 02:22:55 | 00,000,000 | R--D | C] -- C:\Users\n2rga\Pictures
[2010/01/07 02:22:55 | 00,000,000 | R--D | C] -- C:\Users\n2rga\Music
[2010/01/07 02:22:55 | 00,000,000 | R--D | C] -- C:\Users\n2rga\Links
[2010/01/07 02:22:55 | 00,000,000 | R--D | C] -- C:\Users\n2rga\Favorites
[2010/01/07 02:22:55 | 00,000,000 | R--D | C] -- C:\Users\n2rga\Downloads
[2010/01/07 02:22:55 | 00,000,000 | R--D | C] -- C:\Users\n2rga\Documents
[2010/01/07 02:22:55 | 00,000,000 | R--D | C] -- C:\Users\n2rga\Desktop
[2010/01/07 02:22:55 | 00,000,000 | -H-D | C] -- C:\Users\n2rga\AppData
[2010/01/07 02:22:55 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Local\Temp
[2010/01/07 02:22:55 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Local\Microsoft
[2010/01/07 02:22:55 | 00,000,000 | ---D | C] -- C:\Users\n2rga\AppData\Roaming\Media Center Programs
[2010/01/07 02:21:23 | 00,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2010/01/07 02:21:23 | 00,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2010/01/07 02:21:23 | 00,000,000 | -HSD | C] -- C:\Recovery
[2010/01/07 02:21:23 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2010/01/07 02:21:23 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2010/01/07 02:21:23 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2010/01/07 02:21:23 | 00,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2010/01/07 02:21:23 | 00,000,000 | -HSD | C] -- C:\Documents and Settings
[2010/01/07 02:21:23 | 00,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2010/01/07 02:21:23 | 00,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010/01/07 02:21:23 | 00,000,000 | -HSD | C] -- C:\ProgramData\Application Data

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/01/20 21:43:38 | 01,835,008 | -HS- | M] () -- C:\Users\n2rga\NTUSER.DAT
[2010/01/20 21:37:18 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\n2rga\Desktop\OTL.exe
[2010/01/20 21:18:18 | 00,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/20 21:18:18 | 00,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/20 21:15:08 | 00,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/20 21:15:08 | 00,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/20 21:15:08 | 00,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/20 21:10:53 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2010/01/20 21:10:50 | 00,051,200 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2010/01/20 21:10:49 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/20 21:10:47 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/20 21:10:40 | 26,160,16896 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/19 23:06:49 | 02,875,081 | -H-- | M] () -- C:\Users\n2rga\AppData\Local\IconCache.db
[2010/01/19 20:41:30 | 00,000,194 | ---- | M] () -- C:\Users\n2rga\AppData\Roaming\default.rss
[2010/01/19 20:20:41 | 00,293,376 | ---- | M] () -- C:\Users\n2rga\Desktop\jnuompdm.exe
[2010/01/17 22:12:33 | 00,002,617 | ---- | M] () -- C:\Users\n2rga\Desktop\Attach.zip
[2010/01/17 21:59:47 | 00,000,856 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/12 01:09:18 | 00,000,492 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for n2rga.job
[2010/01/12 01:00:11 | 00,000,478 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for n2rga.job
[2010/01/11 23:53:13 | 00,006,722 | ---- | M] () -- C:\Users\n2rga\AppData\Local\Temp20.html
[2010/01/11 23:53:12 | 00,004,837 | ---- | M] () -- C:\Users\n2rga\AppData\Local\Temp16.html
[2010/01/11 23:52:55 | 00,001,293 | ---- | M] () -- C:\Users\n2rga\AppData\Local\Temp1.html
[2010/01/11 12:25:00 | 00,000,000 | ---- | M] () -- C:\Users\n2rga\Desktop\settings.dat
[2010/01/11 12:23:22 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2010/01/11 12:22:40 | 00,472,064 | ---- | M] ( ) -- C:\Users\n2rga\Desktop\RootRepeal.exe
[2010/01/11 11:01:08 | 00,000,121 | ---- | M] () -- C:\Users\Public\Documents\bleepingcomputer.url
[2010/01/11 11:01:08 | 00,000,121 | ---- | M] () -- C:\Users\n2rga\Desktop\bleepingcomputer.url
[2010/01/11 08:50:48 | 00,002,039 | ---- | M] () -- C:\Users\n2rga\Desktop\HijackThis.lnk
[2010/01/10 23:00:18 | 00,001,216 | ---- | M] () -- C:\Users\n2rga\Desktop\Spybot - Search & Destroy.lnk
[2010/01/09 19:25:49 | 00,002,213 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2010/01/08 02:04:48 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/01/08 02:04:48 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/01/08 02:04:48 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/01/08 02:04:48 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/01/07 23:18:37 | 00,148,696 | ---- | M] () -- C:\Users\n2rga\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/07 23:17:27 | 02,420,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/07 22:13:42 | 00,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/01/07 21:56:21 | 00,000,952 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/07 10:22:11 | 13,122,835 | ---- | M] () -- C:\Users\n2rga\Documents\Firefox 3.5.7 (en-US) - 2010-01-07.pcv
[2010/01/07 08:57:44 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/01/07 08:41:30 | 00,051,200 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2010/01/07 08:36:44 | 00,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/07 05:14:10 | 00,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/01/07 05:10:12 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/01/07 03:31:53 | 00,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Command & Conquer Generals Zero Hour .lnk
[2010/01/07 03:31:00 | 00,000,981 | ---- | M] () -- C:\Windows\eReg.dat
[2010/01/07 03:03:41 | 00,524,288 | -HS- | M] () -- C:\Users\n2rga\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/01/07 03:03:41 | 00,524,288 | -HS- | M] () -- C:\Users\n2rga\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/01/07 03:03:41 | 00,065,536 | -HS- | M] () -- C:\Users\n2rga\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/01/07 02:36:23 | 00,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/01/07 02:33:41 | 00,108,059 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010/01/07 02:33:41 | 00,095,259 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010/01/07 02:24:52 | 00,013,160 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\Upgrd.exe
[2010/01/07 02:22:56 | 00,000,020 | -HS- | M] () -- C:\Users\n2rga\ntuser.ini
[2010/01/07 02:22:55 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2010/01/07 02:21:28 | 00,204,528 | RHS- | M] () -- C:\GRLDR

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/01/19 20:41:30 | 00,000,194 | ---- | C] () -- C:\Users\n2rga\AppData\Roaming\default.rss
[2010/01/19 20:20:15 | 00,293,376 | ---- | C] () -- C:\Users\n2rga\Desktop\jnuompdm.exe
[2010/01/11 23:53:12 | 00,004,837 | ---- | C] () -- C:\Users\n2rga\AppData\Local\Temp16.html
[2010/01/11 20:27:37 | 00,006,722 | ---- | C] () -- C:\Users\n2rga\AppData\Local\Temp20.html
[2010/01/11 20:24:27 | 00,001,293 | ---- | C] () -- C:\Users\n2rga\AppData\Local\Temp1.html
[2010/01/11 12:25:00 | 00,000,000 | ---- | C] () -- C:\Users\n2rga\Desktop\settings.dat
[2010/01/11 12:23:22 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2010/01/11 12:16:58 | 00,002,617 | ---- | C] () -- C:\Users\n2rga\Desktop\Attach.zip
[2010/01/11 12:00:10 | 00,000,121 | ---- | C] () -- C:\Users\n2rga\Desktop\bleepingcomputer.url
[2010/01/11 11:02:25 | 00,000,121 | ---- | C] () -- C:\Users\Public\Documents\bleepingcomputer.url
[2010/01/11 08:50:48 | 00,002,039 | ---- | C] () -- C:\Users\n2rga\Desktop\HijackThis.lnk
[2010/01/10 23:00:18 | 00,001,216 | ---- | C] () -- C:\Users\n2rga\Desktop\Spybot - Search & Destroy.lnk
[2010/01/09 19:20:08 | 00,002,213 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2010/01/07 21:54:27 | 00,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/01/07 10:29:35 | 13,122,835 | ---- | C] () -- C:\Users\n2rga\Documents\Firefox 3.5.7 (en-US) - 2010-01-07.pcv
[2010/01/07 08:57:44 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/01/07 08:38:36 | 00,000,492 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for n2rga.job
[2010/01/07 08:38:26 | 00,000,478 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for n2rga.job
[2010/01/07 08:36:44 | 00,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/07 05:11:48 | 00,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2010/01/07 05:11:09 | 26,160,16896 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/07 05:11:08 | 00,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2010/01/07 05:10:12 | 00,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010/01/07 05:10:10 | 00,383,562 | RHS- | C] () -- C:\bootmgr
[2010/01/07 03:29:40 | 00,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Command & Conquer Generals Zero Hour .lnk
[2010/01/07 03:21:56 | 00,000,981 | ---- | C] () -- C:\Windows\eReg.dat
[2010/01/07 03:19:13 | 69,578,756 | ---- | C] () -- C:\Users\n2rga\Documents\amateur_radio_today.mpg
[2010/01/07 03:19:13 | 00,052,209 | ---- | C] () -- C:\Users\n2rga\Documents\7 upgrade.htm
[2010/01/07 03:19:13 | 00,050,688 | ---- | C] () -- C:\Users\n2rga\Documents\amandasresume.doc
[2010/01/07 03:18:43 | 14,756,427 | ---- | C] () -- C:\Users\n2rga\Documents\Katrina.wmv
[2010/01/07 03:18:43 | 13,746,181 | ---- | C] () -- C:\Users\n2rga\Documents\Hello-Movie.wmv
[2010/01/07 03:18:41 | 43,224,076 | ---- | C] () -- C:\Users\n2rga\Documents\HELLO-LONG-PROGRAM.mpg
[2010/01/07 03:18:41 | 00,839,607 | ---- | C] () -- C:\Users\n2rga\Documents\Backup-(2009-10-30).ipd
[2010/01/07 03:18:41 | 00,001,492 | ---- | C] () -- C:\Users\n2rga\Documents\Dell™ Inspiron™ 9400 Service Manual.lnk
[2010/01/07 03:18:41 | 00,001,466 | ---- | C] () -- C:\Users\n2rga\Documents\Dell™ Inspiron™ 9400E1705 Owner's Manual.lnk
[2010/01/07 02:33:41 | 00,108,059 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/01/07 02:33:41 | 00,095,259 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/01/07 02:22:56 | 00,524,288 | -HS- | C] () -- C:\Users\n2rga\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/01/07 02:22:56 | 00,524,288 | -HS- | C] () -- C:\Users\n2rga\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/01/07 02:22:56 | 00,065,536 | -HS- | C] () -- C:\Users\n2rga\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/01/07 02:22:56 | 00,000,020 | -HS- | C] () -- C:\Users\n2rga\ntuser.ini
[2010/01/07 02:22:55 | 01,835,008 | -HS- | C] () -- C:\Users\n2rga\NTUSER.DAT
[2010/01/07 02:21:28 | 00,204,528 | RHS- | C] () -- C:\GRLDR
[2009/11/13 21:07:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/07/13 18:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2006/04/13 11:30:06 | 01,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll
[2005/05/06 19:06:00 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/13 20:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 20:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/13 20:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 20:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/13 20:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 20:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/13 20:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 20:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/13 20:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 20:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/13 20:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 20:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/13 20:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 20:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

< End of report >



CODE
OTL Extras logfile created on: 1/20/2010 9:42:03 PM - Run 1
OTL by OldTimer - Version 3.1.25.3     Folder = C:\Users\n2rga\Desktop
Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296.04 Gb Total Space | 233.65 Gb Free Space | 78.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: N2RGA-LAPTOP_PC
Current User Name: n2rga
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{44ed91b4-5a9a-429b-97f7-da2a8c9732fd}" = Nero 9 Trial
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{601BE80D-247B-4084-94C7-7A54369DB7A2}" = Hallmark Card Studio 2010 Deluxe
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7589FAD3-B7AB-4154-A7D3-49A69A6B1F8A}" = SmartFTP Client
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{88FA5D68-E2D3-43ED-93BB-1A3CA7E120BF}" = Macrium Reflect
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}" = Microsoft Streets & Trips 2010
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"HijackThis" = HijackThis 2.0.2
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"LimeWire" = LimeWire PRO 4.18.8
"Magic ISO Maker v5.3 (build 0216)" = Magic ISO Maker v5.3 (build 0216)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NVIDIA Drivers" = NVIDIA Drivers
"PremiumSoft Navicat MySQL_is1" = PremiumSoft Navicat MySQL 7.2
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Logo Creator v5.2" = The Logo Creator v5.2
"WebDesigner" = Microsoft Expression Web
"WinRAR archiver" = WinRAR archiver

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 1/8/2010 2:11:24 AM | Computer Name = n2rga-Laptop_PC | Source = Application Error | ID = 1000
Description = Faulting application name: Keymaker.Nero.9.4.26.0 v5.55.exe, version:
5.5.5.0, time stamp: 0x4acdc33d  Faulting module name: Keymaker.Nero.9.4.26.0 v5.55.exe,
version: 5.5.5.0, time stamp: 0x4acdc33d  Exception code: 0xc0000005  Fault offset:
0x00001b59  Faulting process id: 0xa60  Faulting application start time: 0x01ca9028d0442fb0
Faulting
application path: C:\Users\n2rga\Downloads\Keymaker.for.Nero.9.4.26.0.by.me\Keymaker.Nero.9.4.26.0
v5.55.exe  Faulting module path: C:\Users\n2rga\Downloads\Keymaker.for.Nero.9.4.26.0.by.me\Keymaker.Nero.9.4.26.0
v5.55.exe  Report Id: a5aeebad-fc1c-11de-bf1b-00197edd8499

Error - 1/8/2010 2:17:28 AM | Computer Name = n2rga-Laptop_PC | Source = Application Error | ID = 1000
Description = Faulting application name: Keymaker.Nero.9.4.26.0 v5.55.exe, version:
5.5.5.0, time stamp: 0x4acdc33d  Faulting module name: unknown, version: 0.0.0.0,
time stamp: 0x00000000  Exception code: 0xc0000005  Fault offset: 0x20288403  Faulting
process id: 0xdc4  Faulting application start time: 0x01ca902a0e673681  Faulting application
path: C:\Users\n2rga\Downloads\Keymaker.for.Nero.9.4.26.0.by.me\Keymaker.Nero.9.4.26.0
v5.55.exe  Faulting module path: unknown  Report Id: 7e5cc848-fc1d-11de-bf1b-00197edd8499

Error - 1/8/2010 2:46:43 AM | Computer Name = n2rga-Laptop_PC | Source = VSS | ID = 8194
Description =

Error - 1/8/2010 8:23:35 PM | Computer Name = n2rga-Laptop_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 1/9/2010 11:47:42 AM | Computer Name = n2rga-Laptop_PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3642 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.    Process ID: 9c0    Start
Time: 01ca9142a13f3b40    Termination Time: 40    Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe    Report Id: 4f8e4ac4-fd36-11de-8f6c-00197edd8499  

Error - 1/9/2010 7:30:17 PM | Computer Name = n2rga-Laptop_PC | Source = Application Hang | ID = 1002
Description = The program WinRAR.exe version 3.90.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel.    Process ID: e20    Start Time:
01ca9182cdb72b7a    Termination Time: 0    Application Path: C:\Program Files\WinRAR\WinRAR.exe

Report
Id: acf51cf4-fd76-11de-8fd7-00197edd8499  

Error - 1/9/2010 9:04:11 PM | Computer Name = n2rga-Laptop_PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3642 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.    Process ID: f54    Start
Time: 01ca91901cd1e9b9    Termination Time: 14    Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe    Report Id: 0c5bcbae-fd84-11de-8fd7-00197edd8499  

Error - 1/10/2010 9:32:35 AM | Computer Name = n2rga-Laptop_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 1/11/2010 10:29:56 AM | Computer Name = n2rga-Laptop_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 1/11/2010 10:30:54 AM | Computer Name = n2rga-Laptop_PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 1/7/2010 4:45:34 AM | Computer Name = n2rga-Laptop_PC | Source = Service Control Manager | ID = 7030
Description = The Akamai NetSession Interface service is marked as an interactive
service.  However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 1/7/2010 9:37:18 PM | Computer Name = n2rga-Laptop_PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 1/7/2010 10:26:46 PM | Computer Name = n2rga-Laptop_PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:37:45 PM on ?1/?7/?2010 was unexpected.

Error - 1/8/2010 9:49:22 PM | Computer Name = n2rga-Laptop_PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition.  Please check for updated firmware for your system.

Error - 1/9/2010 8:48:38 PM | Computer Name = n2rga-Laptop_PC | Source = srv | ID = 2017
Description = The server was unable to allocate from the system nonpaged pool because
the server reached the configured limit for nonpaged pool allocations.

Error - 1/11/2010 12:34:23 AM | Computer Name = n2rga-Laptop_PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition.  Please check for updated firmware for your system.


< End of report >



#9 n2rga

n2rga
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 21 January 2010 - 11:00 PM

Close out topic I had to redo laptop This time with out my friends help and files.
Never do that again

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:52 AM

Posted 22 January 2010 - 03:07 PM

Since this issue appears to be resolved ... this Topic has been closed.

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users