Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help. blue screen error confirmed and i think viruses are there


  • This topic is locked This topic is locked
2 replies to this topic

#1 ramesh help

ramesh help

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 30 August 2011 - 02:16 PM

malware anti bytes log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7611

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

8/30/2011 11:58:41 PM
mbam-log-2011-08-30 (23-58-41).txt

Scan type: Quick scan
Objects scanned: 164366
Time elapsed: 12 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



gmer log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-31 01:01:58
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250827AS rev.3.AAA
Running: sdrxh1y7.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8EC42D50]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8EC44F8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8EC45208]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8EC4547E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8EC43664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8EC44498]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8EC449E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8EC43940]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8EC448C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8EC4293E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8EC4479C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8EC42AE6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8EC44B02]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8EC432EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8EC433E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x8EC456C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8EC44832]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8EC461F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x8EC43DC2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8EC473FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8EC43BD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8EC462E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8EC46A4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8EC44A78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8EC436E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8EC44958]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8EC42F8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8EC467E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8EC44B98]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8EC42E7E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8EC45782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8EC46D84]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8EC46676]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x8EC415F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8EC44EFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8EC44DC2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8EC45F8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x8EC41970]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8EC472A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x8EC41590]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8EC441DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8EC43506]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8EC45824]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8EC46480]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8EC46ED4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8EC46FC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8EC47100]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8EC46114]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8EC43134]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8EC4308A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8EC46C28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8EC43220]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C7E349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB7D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82CBED8C 4 Bytes [50, 2D, C4, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82CBEDB4 8 Bytes [8E, 4F, C4, 8E, 08, 52, C4, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82CBEDF8 4 Bytes [7E, 54, C4, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82CBEE24 4 Bytes [64, 36, C4, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82CBEE48 4 Bytes [98, 44, C4, 8E]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtCreateFile + 6 776E55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtCreateFile + B 776E55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + B 776E5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenFile + 6 776E5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenFile + B 776E5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcess + 6 776E5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcess + B 776E5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessToken + B 776E5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessTokenEx + 6 776E5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessTokenEx + B 776E5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThread + 6 776E5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThread + B 776E5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadToken + 6 776E5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadToken + B 776E5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadTokenEx + B 776E5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryAttributesFile + 6 776E5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryAttributesFile + B 776E5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryFullAttributesFile + B 776E5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationFile + 6 776E663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationFile + B 776E6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationThread + 6 776E669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationThread + B 776E66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + B 776E69C3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtCreateFile + 6 776E55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtCreateFile + B 776E55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtMapViewOfSection + B 776E5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenFile + 6 776E5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenFile + B 776E5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenProcess + 6 776E5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenProcess + B 776E5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenProcessToken + B 776E5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenProcessTokenEx + 6 776E5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenProcessTokenEx + B 776E5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenThread + 6 776E5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenThread + B 776E5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenThreadToken + 6 776E5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenThreadToken + B 776E5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenThreadTokenEx + B 776E5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtQueryAttributesFile + 6 776E5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtQueryAttributesFile + B 776E5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtQueryFullAttributesFile + B 776E5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtSetInformationFile + 6 776E663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtSetInformationFile + B 776E6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtSetInformationThread + 6 776E669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtSetInformationThread + B 776E66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtUnmapViewOfSection + B 776E69C3 1 Byte [E2]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] kernel32.dll!LockResource 770302D9 5 Bytes JMP 280A77E0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] kernel32.dll!FindResourceExW 770343B2 5 Bytes JMP 280A7520 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] kernel32.dll!FindResourceW 770354CF 5 Bytes JMP 280A74A0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] kernel32.dll!SizeofResource 770354ED 5 Bytes JMP 280A7770 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] kernel32.dll!LoadResource 77039C72 5 Bytes JMP 280A76C0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] kernel32.dll!FindResourceExA 7703A3AD 7 Bytes JMP 280A7630 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] kernel32.dll!FindResourceA 7703A475 5 Bytes JMP 280A75A0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] kernel32.dll!CreateEventW 7703D7BC 5 Bytes JMP 280A7080 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] ADVAPI32.dll!CryptDecrypt 77873178 5 Bytes JMP 280A6840 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] ADVAPI32.dll!CryptDeriveKey 77873188 5 Bytes JMP 280A67E0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!SetWindowPlacement 77337F78 5 Bytes JMP 280AC6E0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!SetWindowRgn 773399EC 7 Bytes JMP 280AC780 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!CreateWindowExW 7733EC7C 5 Bytes JMP 280A8DC0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!LoadIconW 7733F142 5 Bytes JMP 280AD000 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!LoadImageW 773412EB 5 Bytes JMP 280ACE80 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!GetWindowLongW 773461B8 7 Bytes JMP 280AD130 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!PeekMessageW 7734634A 5 Bytes JMP 280A9AA0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!TrackPopupMenuEx 77364832 5 Bytes JMP 280AA1A0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!CreateDialogParamW 77365630 5 Bytes JMP 280AC830 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!MessageBoxIndirectW 7738E963 5 Bytes JMP 280ACA60 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] SHELL32.dll!Shell_NotifyIconW 763C01C1 5 Bytes JMP 280A8400 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] ole32.dll!CoRegisterClassObject 771E21E1 5 Bytes JMP 280A7B40 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] ole32.dll!CoInitializeEx 772109AD 5 Bytes JMP 280A7A40 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] ole32.dll!CoCreateInstance 77219D0B 5 Bytes JMP 280A7DC0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] WININET.dll!InternetCloseHandle 760FAB39 5 Bytes JMP 280B0900 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] WININET.dll!InternetReadFile 760FB3F6 5 Bytes JMP 280B07C0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] WININET.dll!HttpOpenRequestA 76104C75 5 Bytes JMP 280B0660 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] WININET.dll!HttpSendRequestA 761719B0 5 Bytes JMP 280B0860 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtCreateFile + 6 776E55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtCreateFile + B 776E55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtMapViewOfSection + B 776E5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenFile + 6 776E5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenFile + B 776E5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcess + 6 776E5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcess + B 776E5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcessToken + B 776E5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcessTokenEx + 6 776E5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcessTokenEx + B 776E5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThread + 6 776E5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThread + B 776E5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThreadToken + 6 776E5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThreadToken + B 776E5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThreadTokenEx + B 776E5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtQueryAttributesFile + 6 776E5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtQueryAttributesFile + B 776E5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtQueryFullAttributesFile + B 776E5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtSetInformationFile + 6 776E663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtSetInformationFile + B 776E6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtSetInformationThread + 6 776E669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtSetInformationThread + B 776E66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtUnmapViewOfSection + B 776E69C3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtCreateFile + 6 776E55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtCreateFile + B 776E55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtMapViewOfSection + B 776E5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtOpenFile + 6 776E5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtOpenFile + B 776E5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtOpenProcess + 6 776E5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtOpenProcess + B 776E5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtOpenProcessToken + B 776E5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtOpenProcessTokenEx + 6 776E5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtOpenProcessTokenEx + B 776E5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtOpenThread + 6 776E5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtOpenThread + B 776E5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtOpenThreadToken + 6 776E5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtOpenThreadToken + B 776E5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtOpenThreadTokenEx + B 776E5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtQueryAttributesFile + 6 776E5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtQueryAttributesFile + B 776E5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtQueryFullAttributesFile + B 776E5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtSetInformationFile + 6 776E663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtSetInformationFile + B 776E6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtSetInformationThread + 6 776E669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtSetInformationThread + B 776E66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3188] ntdll.dll!NtUnmapViewOfSection + B 776E69C3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtCreateFile + 6 776E55CE 4 Bytes [28, 00, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtCreateFile + B 776E55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 4 Bytes [28, 03, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtMapViewOfSection + B 776E5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenFile + 6 776E5CDE 4 Bytes [68, 00, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenFile + B 776E5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcess + 6 776E5D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcess + B 776E5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcessToken + B 776E5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcessTokenEx + 6 776E5DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcessTokenEx + B 776E5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThread + 6 776E5E0E 4 Bytes [68, 01, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThread + B 776E5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThreadToken + 6 776E5E1E 4 Bytes [68, 02, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThreadToken + B 776E5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThreadTokenEx + B 776E5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtQueryAttributesFile + 6 776E5F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtQueryAttributesFile + B 776E5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtQueryFullAttributesFile + B 776E5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtSetInformationFile + 6 776E663E 4 Bytes [28, 01, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtSetInformationFile + B 776E6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtSetInformationThread + 6 776E669E 4 Bytes [28, 02, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtSetInformationThread + B 776E66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 4 Bytes [68, 03, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtUnmapViewOfSection + B 776E69C3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtCreateFile + 6 776E55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtCreateFile + B 776E55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + B 776E5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenFile + 6 776E5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenFile + B 776E5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcess + 6 776E5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcess + B 776E5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessToken + B 776E5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessTokenEx + 6 776E5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessTokenEx + B 776E5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThread + 6 776E5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThread + B 776E5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadToken + 6 776E5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadToken + B 776E5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadTokenEx + B 776E5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryAttributesFile + 6 776E5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryAttributesFile + B 776E5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryFullAttributesFile + B 776E5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationFile + 6 776E663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationFile + B 776E6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationThread + 6 776E669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationThread + B 776E66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + B 776E69C3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtCreateFile + 6 776E55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtCreateFile + B 776E55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtMapViewOfSection + B 776E5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenFile + 6 776E5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenFile + B 776E5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcess + 6 776E5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcess + B 776E5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcessToken + B 776E5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcessTokenEx + 6 776E5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcessTokenEx + B 776E5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThread + 6 776E5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThread + B 776E5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThreadToken + 6 776E5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThreadToken + B 776E5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThreadTokenEx + B 776E5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtQueryAttributesFile + 6 776E5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtQueryAttributesFile + B 776E5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtQueryFullAttributesFile + B 776E5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtSetInformationFile + 6 776E663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtSetInformationFile + B 776E6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtSetInformationThread + 6 776E669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtSetInformationThread + B 776E66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtUnmapViewOfSection + B 776E69C3 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[5880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7572FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5880] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7572FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5880] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7572FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5880] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7572FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5880] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7572FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5880] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7572FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ee6bba0
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ee6bba0@c87e75ce3505 0xD4 0x5B 0x26 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ee6bba0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ee6bba0@c87e75ce3505 0xD4 0x5B 0x26 0x71 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1

---- Files - GMER 1.0.15 ----

File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA56.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA57.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA58.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA68.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA69.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA6A.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA7B.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA7C.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA7D.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA8E.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA8F.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA90.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CAA0.tmp 150798 bytes

---- EOF - GMER 1.0.15 ----



dds logs

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by User at 2:07:45 on 2011-08-31
Microsoft Windows 7 Professional 6.1.7601.1.936.86.1033.18.1978.805 [GMT 8:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
TB: {B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - No File
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Thunder] "c:\program files\thunder\Thunder.exe" /s
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: 那1車???角℅???? - c:\program files\thunder network\thunder\program\geturl.htm
IE: 那1車???角℅????豕?2?芍∩?車 - c:\program files\thunder network\thunder\program\getallurl.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{27635490-DBD2-47F6-B73C-3279E109F85B} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{27635490-DBD2-47F6-B73C-3279E109F85B}\3686F677 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{27635490-DBD2-47F6-B73C-3279E109F85B}\8686C696D6D277966696 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{27635490-DBD2-47F6-B73C-3279E109F85B}\94943435 : DhcpNameServer = 172.16.8.200 172.16.8.206
TCP: Interfaces\{27635490-DBD2-47F6-B73C-3279E109F85B}\E474026416D696C697 : DhcpNameServer = 192.168.1.2
TCP: Interfaces\{3B830DD2-5B0F-4B5C-AAFC-15005D678324} : NameServer = 192.168.1.1,192.168.1.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\oiaxax5i.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-4-29 54784]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-9-9 99216]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
R4 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-14 196912]
R4 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-8-30 2358656]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-7-1 352976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-9 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-30 41272]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-6 1343400]
S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-08-30 16:24:55 -------- d-----w- c:\windows\pss
2011-08-30 15:45:03 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2011-08-30 15:44:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-30 15:44:49 -------- d-----w- c:\programdata\Malwarebytes
2011-08-30 15:44:46 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 15:44:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-30 15:29:33 -------- d-----w- c:\program files\TeamViewer
2011-08-30 08:34:14 -------- d-----w- c:\users\user\appdata\local\{05B44EE4-3F4A-4668-8D83-DCF0637F66CB}
2011-08-30 08:34:00 -------- d-----w- c:\users\user\appdata\local\{59E27EDE-91D8-4AFA-928C-853CE0BAA58A}
2011-08-30 03:35:46 -------- d-----w- c:\users\user\appdata\local\{8643F747-2FB4-4E41-B0AD-8A26F039A307}
2011-08-30 03:35:30 -------- d-----w- c:\users\user\appdata\local\{E68DAC86-C814-4370-8196-91B9B04DE6F2}
2011-08-29 10:07:35 -------- d-----w- c:\users\user\appdata\local\{BE6710C4-179F-4920-AECE-854E2B0AD282}
2011-08-29 10:07:21 -------- d-----w- c:\users\user\appdata\local\{C54D7CB7-F755-4A5E-BA17-B82B7C9526FA}
2011-08-29 08:42:16 -------- d-----w- c:\users\user\appdata\local\{FADE9AE2-4CE3-48C5-A4FF-4AEEA2B6524B}
2011-08-29 08:42:03 -------- d-----w- c:\users\user\appdata\local\{0EE78424-B268-46CF-9C66-A45D64D83B03}
2011-08-29 03:57:05 -------- d-----w- c:\users\user\appdata\local\{584AEBFD-04F6-4D6A-9567-61DE6E41961E}
2011-08-29 03:56:50 -------- d-----w- c:\users\user\appdata\local\{2BFA32C4-2BA0-42ED-9D41-346EF38ED47E}
2011-08-28 17:09:30 -------- d-----w- c:\users\user\appdata\local\{C65EB3E3-9D8A-4530-8ECA-EE04B796840C}
2011-08-28 17:09:13 -------- d-----w- c:\users\user\appdata\local\{28F09449-2788-4611-8EA7-FB7EA27FA887}
2011-08-28 05:50:18 -------- d-----w- c:\users\user\appdata\local\{7777A3C2-5D85-43B1-802A-8D649D6A4D39}
2011-08-28 05:50:00 -------- d-----w- c:\users\user\appdata\local\{0F9D7B4C-6B44-4432-8543-BECC8BB50D54}
2011-08-27 16:31:26 -------- d-----w- c:\users\user\appdata\local\{4BAD084B-B921-4CCD-8D2E-EFE016951349}
2011-08-27 16:31:09 -------- d-----w- c:\users\user\appdata\local\{85867886-D407-4EFD-BD21-44F4AD0F9999}
2011-08-27 03:19:33 -------- d-----w- c:\users\user\appdata\local\{1157DD02-BABC-4C6A-810D-9386665BC685}
2011-08-27 03:19:16 -------- d-----w- c:\users\user\appdata\local\{FB1576DA-1F3E-438F-BC56-142B5BC9F00A}
2011-08-26 08:37:59 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f6e3717b-d502-4912-ba63-7a197f01625d}\mpengine.dll
2011-08-26 08:33:46 -------- d-----w- c:\users\user\appdata\local\{25A4C872-6652-4256-93FD-F3B6055D2BA9}
2011-08-26 08:33:32 -------- d-----w- c:\users\user\appdata\local\{41C8C494-17F6-4138-91FB-C4496824470F}
2011-08-25 13:58:40 -------- d-----w- c:\users\user\appdata\local\{5C16F70D-BF6B-4A57-A571-0339CF4723B3}
2011-08-25 13:58:25 -------- d-----w- c:\users\user\appdata\local\{8304B35B-DC7C-47CF-8631-4E29DEA6DE38}
2011-08-25 09:07:17 -------- d-----w- c:\users\user\appdata\local\{ED85A39A-5CC7-4E73-B2C3-379B54607EF8}
2011-08-25 09:07:03 -------- d-----w- c:\users\user\appdata\local\{D498E31D-E194-4743-9C82-1612EC763657}
2011-08-25 02:22:44 -------- d-----w- c:\users\user\appdata\local\{3667A78C-A062-4B64-B85B-944BEA03184F}
2011-08-25 02:22:30 -------- d-----w- c:\users\user\appdata\local\{8F796F45-3DB4-4DF0-A456-14DD80C04650}
2011-08-24 15:03:55 -------- d-----w- c:\users\user\appdata\local\{8728F98F-A90F-46BB-A58F-4FDE5A12E515}
2011-08-24 15:03:40 -------- d-----w- c:\users\user\appdata\local\{C1270F18-4989-48F0-8156-255A889B4932}
2011-08-24 07:55:13 -------- d-----w- c:\users\user\appdata\local\{E30D8CDE-36B0-4355-A61C-9722A68EA712}
2011-08-24 07:54:57 -------- d-----w- c:\users\user\appdata\local\{E6A08D19-0787-40DD-AB4E-12E81155EB20}
2011-08-24 07:46:48 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 04:16:05 -------- d-----w- c:\users\user\appdata\local\{E2FD273E-9794-4AC6-9788-110B386FA6A0}
2011-08-24 04:15:34 -------- d-----w- c:\users\user\appdata\local\{BBE05F91-A5AE-409A-87C8-F60879B76F69}
2011-08-23 13:59:02 -------- d-----w- c:\users\user\appdata\local\{83744ED9-780C-4ADD-8306-BCBCD1D4AF00}
2011-08-23 13:58:36 -------- d-----w- c:\users\user\appdata\local\{B42993E1-3CC5-423B-8B3E-E54F2AAC37CE}
2011-08-23 11:07:04 -------- d-----w- c:\users\user\appdata\local\{17F1A1E0-4D23-4034-B98C-6BE2546DBD5D}
2011-08-23 11:06:46 -------- d-----w- c:\users\user\appdata\local\{ACAC7796-56E3-402D-9DAA-0B2C36E7A04F}
2011-08-23 10:49:40 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-08-23 10:49:40 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-08-23 10:49:36 -------- d-----w- c:\users\user\appdata\local\{A3ADC3F9-9A25-4F24-9079-86D47D378387}
2011-08-23 10:49:22 -------- d-----w- c:\users\user\appdata\local\{DFC12AC8-B037-4342-9B97-023842C5C487}
2011-08-23 09:20:20 -------- d-----w- c:\users\user\appdata\local\{5D37F8C8-1371-407D-A2DC-42B38F08085A}
2011-08-23 09:20:06 -------- d-----w- c:\users\user\appdata\local\{3E5B502D-8318-40B8-BBAC-8DD97B481601}
2011-08-22 13:58:08 -------- d-----w- c:\users\user\appdata\local\{E30E031A-8100-4280-87FB-2D07BD56CD77}
2011-08-22 13:57:54 -------- d-----w- c:\users\user\appdata\local\{5AFA891D-C3C1-4121-BFE2-02DCBBAECC94}
2011-08-22 09:01:45 -------- d-----w- c:\users\user\appdata\local\{9EFF3963-941D-4F2E-9672-3B1C0744CAC1}
2011-08-22 09:01:29 -------- d-----w- c:\users\user\appdata\local\{5D3DDD0F-7C9C-493A-9499-47A223AF32A7}
2011-08-21 12:38:24 -------- d-----w- c:\users\user\appdata\local\{39124D38-00CD-4E99-90AC-16AE19E08BD1}
2011-08-21 12:37:43 -------- d-----w- c:\users\user\appdata\local\{61F894D2-5CA4-40DD-B351-3A6D68BC2EC8}
2011-08-21 05:17:49 -------- d-----w- c:\users\user\appdata\local\{B269769C-576F-4CFC-B1A8-8FDAE484DBCF}
2011-08-21 05:17:33 -------- d-----w- c:\users\user\appdata\local\{EF42019D-76C8-403D-9C34-493CC6B5FE02}
2011-08-20 05:25:54 -------- d-----w- c:\users\user\appdata\local\{70D6C72C-CF93-44C0-974B-01C2943AEEA2}
2011-08-20 05:25:38 -------- d-----w- c:\users\user\appdata\local\{56CA64AC-0658-4B31-AA7C-E95EAA8CEF8E}
2011-08-19 13:16:58 -------- d-----w- c:\users\user\appdata\local\{F66C4A50-B75A-4356-889A-DDEFF0A1F1F6}
2011-08-19 13:16:35 -------- d-----w- c:\users\user\appdata\local\{68262DCF-9F79-40FB-A622-6E2F79632CA5}
2011-08-19 08:44:44 -------- d-----w- c:\users\user\appdata\local\{B94C80D6-BE22-412E-B7DF-607605C6E85F}
2011-08-19 08:44:09 -------- d-----w- c:\users\user\appdata\local\{B6147FDB-10C9-493E-9A97-7C8274FE2014}
2011-08-18 10:25:49 -------- d-----w- c:\users\user\appdata\local\{91C751FE-7A25-433F-8093-2E76DB20516A}
2011-08-18 10:25:19 -------- d-----w- c:\users\user\appdata\local\{2AAFFA02-A08B-43AF-B69A-1FC7DF79BE3B}
2011-08-17 16:31:03 -------- d-----w- c:\users\user\appdata\local\{C6096C74-ED54-4B08-B59D-5A4E8EA0277F}
2011-08-17 16:30:46 -------- d-----w- c:\users\user\appdata\local\{FF319F28-766D-44CB-829F-F2A63AC01B4E}
2011-08-17 04:38:52 -------- d-----w- c:\users\user\appdata\local\{19FA7AE3-E620-4CF4-8DBF-937CC482E489}
2011-08-17 04:38:38 -------- d-----w- c:\users\user\appdata\local\{61E86EF4-3A49-4135-86DB-786A0F5FABCA}
2011-08-16 14:28:00 -------- d-----w- c:\users\user\appdata\local\{3D3904C5-A28A-4536-B727-3212E59CD34C}
2011-08-16 14:27:45 -------- d-----w- c:\users\user\appdata\local\{136B01A6-B381-4408-93DC-24FB624A89FF}
2011-08-15 15:03:44 -------- d-----w- c:\users\user\appdata\local\{5F9F0906-8D64-4A93-85BE-033DD0E8AFFB}
2011-08-15 15:03:18 -------- d-----w- c:\users\user\appdata\local\{F02C5128-D15B-4C8A-9C83-81B81546CEC7}
2011-08-15 09:06:54 -------- d-----w- c:\users\user\appdata\local\{4E987FCF-D513-4251-80D3-E8AABBFFA30D}
2011-08-15 09:06:37 -------- d-----w- c:\users\user\appdata\local\{B96F3BE4-D8B1-4642-B9A0-A95339D65583}
2011-08-14 11:02:40 -------- d-----w- c:\users\user\appdata\local\{71DA9D3F-FA65-481C-BD91-11D4AE42BBD8}
2011-08-14 11:02:26 -------- d-----w- c:\users\user\appdata\local\{8FD8F060-EC0C-4155-9036-6CDE67F9F0A5}
2011-08-14 03:43:43 -------- d-----w- c:\users\user\appdata\local\{86AF3C00-BB45-49CE-8CED-5F11D7F4F362}
2011-08-14 03:43:25 -------- d-----w- c:\users\user\appdata\local\{0ED092AA-312B-4061-922D-E8D626559D5D}
2011-08-13 17:25:50 -------- d-----w- c:\users\user\appdata\local\{EDCB5AAE-BFC5-4C62-ACD3-0D3EB20EC450}
2011-08-13 17:25:33 -------- d-----w- c:\users\user\appdata\local\{2AE99219-8482-417B-8C50-9A98983A6951}
2011-08-13 14:29:50 -------- d-----w- c:\users\user\appdata\local\{33581722-2582-457D-A99E-27A65DC4D1C9}
2011-08-13 14:29:35 -------- d-----w- c:\users\user\appdata\local\{7AB52121-390D-473A-B5E8-21B8E4B7959E}
2011-08-13 05:50:39 -------- d-----w- c:\users\user\appdata\local\{F9511DDA-E997-4528-A5F8-45F2759AEB97}
2011-08-13 05:50:20 -------- d-----w- c:\users\user\appdata\local\{29FEFEB4-ED66-4DA6-83CF-2C961A993F35}
2011-08-12 14:59:54 -------- d-----w- c:\users\user\appdata\roaming\PhotoScape
2011-08-12 14:58:26 -------- d-----w- c:\program files\PhotoScape
2011-08-12 07:03:03 -------- d-----w- c:\users\user\appdata\local\{DE766688-D7D9-443C-9227-848B71D50E77}
2011-08-12 07:02:39 -------- d-----w- c:\users\user\appdata\local\{B941E2C0-774F-4F76-8E2C-0C1ED5EAD272}
2011-08-12 06:55:25 -------- d-----w- c:\users\user\appdata\local\{2751C6EC-7676-4367-BFE8-CEF5AA759111}
2011-08-12 06:55:09 -------- d-----w- c:\users\user\appdata\local\{D8969089-0F7D-421D-ACDB-FAA3C3F0619D}
2011-08-12 06:44:02 -------- d-----w- c:\users\user\appdata\local\{EDDC9570-D11D-4838-831C-F06DD02E323C}
2011-08-12 06:24:59 -------- d-----w- c:\users\user\appdata\local\{3CEB214B-6117-4D86-8B37-3D2EA1E438D7}
2011-08-12 06:24:41 -------- d-----w- c:\users\user\appdata\local\{F0F77677-A6D4-4828-BB68-9556C18FC9F3}
2011-08-11 03:50:09 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 03:50:07 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 03:50:06 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 02:05:11 -------- d-----w- c:\users\user\appdata\local\{58269196-4CE8-45CB-890C-A2775FA8A8E8}
2011-08-11 02:04:56 -------- d-----w- c:\users\user\appdata\local\{5329D92F-9B05-4003-9E3C-AC7B4D4A59FB}
2011-08-10 08:25:01 -------- d-----w- c:\users\user\appdata\local\{31123807-26E7-4DF2-B186-0D5824743443}
2011-08-10 08:24:15 -------- d-----w- c:\users\user\appdata\local\{82C5EEEB-E467-4A23-B06A-38EBD942E58E}
2011-08-09 02:28:07 -------- d-----w- c:\users\user\appdata\local\{3F4AE51D-4437-44A4-B398-7DB93E1AC7D5}
2011-08-09 02:27:52 -------- d-----w- c:\users\user\appdata\local\{9F4351D6-FA78-4EB4-802D-62B8E75BDAFD}
2011-08-08 06:01:59 -------- d-----w- c:\users\user\appdata\local\{1EA99FCD-D1AB-492C-93EA-0C12006B8150}
2011-08-08 06:01:45 -------- d-----w- c:\users\user\appdata\local\{920D6F5E-72FA-449E-89DC-B8547B11C087}
2011-08-07 07:22:34 -------- d-----w- c:\users\user\appdata\local\{034378E3-EE46-435E-A4F7-8DD4088EB815}
2011-08-07 07:21:52 -------- d-----w- c:\users\user\appdata\local\{19C5101B-1D66-4F30-A37B-F2A75CC646DC}
2011-08-06 18:21:39 -------- d-----w- c:\users\user\appdata\local\{8B0B88A0-5EDD-4949-9D81-A2DC9F244969}
2011-08-06 18:21:25 -------- d-----w- c:\users\user\appdata\local\{57DA1AE3-6789-4B47-864A-DDA3908E4E8F}
2011-08-06 06:37:44 -------- d-----w- c:\users\user\appdata\local\{A90E1984-2F24-4437-8692-879738884BD2}
2011-08-06 06:37:28 -------- d-----w- c:\users\user\appdata\local\{6D5E42D8-BFC9-4E89-91BB-F2F1941FB88B}
2011-08-05 07:16:18 -------- d-----w- c:\users\user\appdata\local\{9D112371-F62E-46FD-8B4A-B47CFB87CDDA}
2011-08-04 17:23:26 -------- d-----w- c:\users\user\appdata\local\{FEC74CC3-75D0-4071-A52E-D3A2B55AAC10}
2011-08-04 05:22:58 -------- d-----w- c:\users\user\appdata\local\{604A4A36-C7B0-4314-AEA1-A7A5E7709A12}
2011-08-03 06:04:48 -------- d-----w- c:\users\user\appdata\local\{D8F9D211-BF02-411F-B996-59EBF1AFE3CD}
2011-08-02 16:25:39 -------- d-----w- c:\users\user\appdata\local\{BC46B0BB-D68C-4546-898F-101A6E263D5A}
2011-08-02 04:25:26 -------- d-----w- c:\users\user\appdata\local\{6270DA00-7556-4EB1-AEEA-8E8093A12214}
2011-08-01 16:24:49 -------- d-----w- c:\users\user\appdata\local\{C58A1FA6-58E3-47F5-A5EF-4444FD485832}
2011-08-01 04:24:14 -------- d-----w- c:\users\user\appdata\local\{1F9C14F7-4985-40E9-BE94-C8B3685A6BD7}
.
==================== Find3M ====================
.
2011-08-13 05:50:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-07 14:52:12 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-21 05:34:23 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-21 05:28:33 981504 ----a-w- c:\windows\system32\wininet.dll
2011-06-15 08:55:19 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 2:08:13.26 ===============


attached logs

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/2/2011 7:38:03 PM
System Uptime: 8/30/2011 4:32:39 PM (9 hours ago)
.
Motherboard: Acer | | Aspire 4935
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz | uPGA-478 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 15.628 GiB free.
D: is FIXED (NTFS) - 184 GiB total, 75.624 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP165: 8/30/2011 5:54:56 PM - Scheduled Checkpoint
RP166: 8/31/2011 12:37:08 AM - Removed Adobe Community Help
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acer Crystal Eye Webcam
Adobe AIR
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 10 Plugin
Adobe Media Player
ALPS Touch Pad Driver
D3DX10
EasyBits GO
EdenEternal
Google Chrome
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 26
JMicron JMB38X Flash Media Controller
Junk Mail filter update
Kaspersky Anti-Virus 2011
Malwarebytes' Anti-Malware version 1.51.1.1800
Mesh Runtime
Messenger Companion
Messenger Plus! 5
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
Nitro PDF Reader
PDF Settings CS5
PhotoScape
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2553010)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype? 5.3
SPlayer
Synaptics Pointing Device Driver
TeamViewer 6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
Winamp
Winamp Detector Plug-in
Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
8/30/2011 12:27:41 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
8/28/2011 12:41:01 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
8/28/2011 12:39:29 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
8/24/2011 12:14:46 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{27635490-DBD2-47F6-B73C-3279E109F85B} because another computer on the network has the same name. The server could not start.
8/24/2011 12:14:46 PM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 192.168.0.102. The computer with the IP address 192.168.0.104 did not allow the name to be claimed by this computer.
8/24/2011 1:06:54 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 192.168.0.102. The computer with the IP address 192.168.0.104 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================



asw log file

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-08-31 01:23:48
-----------------------------
01:23:48.985 OS Version: Windows 6.1.7601 Service Pack 1
01:23:48.985 Number of processors: 2 586 0x170A
01:23:48.987 ComputerName: USER-PC UserName: User
01:23:51.177 Initialize success
01:28:33.500 AVAST engine defs: 11083001
01:29:13.803 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:29:13.807 Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 11
01:29:15.900 Disk 0 MBR read successfully
01:29:15.903 Disk 0 MBR scan
01:29:15.909 Disk 0 Windows 7 default MBR code
01:29:15.978 Disk 0 scanning sectors +488376000
01:29:16.243 Disk 0 scanning C:\Windows\system32\drivers
01:31:02.867 Service scanning
01:31:03.705 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
01:31:03.710 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
01:31:03.716 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
01:31:03.722 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
01:31:04.431 Modules scanning
01:33:34.838 Disk 0 trace - called modules:
01:33:34.911
01:33:35.497 AVAST engine scan C:\Windows
01:34:01.407 AVAST engine scan C:\Windows\system32
01:37:46.669 AVAST engine scan C:\Windows\system32\drivers
01:38:04.747 AVAST engine scan C:\Users\User
01:46:21.540 AVAST engine scan C:\ProgramData
01:51:59.709 Scan finished successfully
01:53:28.051 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
01:53:28.058 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

BC AdBot (Login to Remove)

 


#2 ramesh help

ramesh help
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 01 September 2011 - 07:42 PM

i don't need any help with that machine. thanks anyways :)

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,994 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:59 PM

Posted 01 September 2011 - 11:51 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users