Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect and some other issues


  • Please log in to reply
9 replies to this topic

#1 WhyDoComputersSuck

WhyDoComputersSuck

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 07 January 2012 - 10:39 AM

About a week ago I was hit with the XP Antispyware 2012 malware, and followed the instructions on this site to remove it. Since then I have been having some other redirect type issues: new tabs opening at random intervals pointing to some news7 type site, and also whole new firefox browser windows opening with about 10-20 tabs going to various parked ad type sites.

I installed the trial version of Kaspersky's AV product and scanned and found and quarantined a variety of trojans, I also ran MalwareBytes and removed some things that way. I'm still seeing these issues, and subsequent scans are coming up with nothing.

Occasionally my machine gets very sluggish as well. This morning Kaspersky reported finding this: HEUR:Trojan.Script.Iframer infecting my ping.exe, but beyond denying it, it doesn't appear to have removed the problem.

--

I followed instructions from Broni and ran some scans as directed (logs can be found here: http://www.bleepingcomputer.com/forums/topic436373.html). Below are some new logs after following his instructions:

======================================================================================================================================================
= DDS.txt
======================================================================================================================================================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Nick at 9:09:06 on 2012-01-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3054.1735 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Kaspersky PURE *Enabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE
C:\Documents and Settings\Nick\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky pure\ievkbd.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WorkForce 610(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S7B.tmp" /EF "HKCU"
uRun: [SansaDispatch] c:\documents and settings\nick\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure\avp.exe"
StartupFolder: c:\docume~1\nick\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky pure\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1322329631154
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8F700B84-D169-4091-BB7E-F92C35394705} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: ACNotify - ACNotify.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nick\application data\mozilla\firefox\profiles\sn1ymkk8.default\
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2012-1-3 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-26 64512]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2012-1-3 39352]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-1-3 315408]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AVP;Kaspersky PURE;c:\program files\kaspersky lab\kaspersky pure\avp.exe [2010-10-1 348760]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\common files\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 253952]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 37312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-4-30 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-07 00:42:40 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-07 00:42:40 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-06 01:04:57 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-01-05 02:04:22 -------- d-----w- c:\documents and settings\nick\application data\SUPERAntiSpyware.com
2012-01-05 02:02:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-05 02:02:01 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-01-03 12:41:07 162392 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2012-01-03 12:40:57 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-01-03 12:40:57 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-01-03 12:39:52 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-01-03 12:39:45 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-01-03 12:37:51 -------- d-----w- c:\program files\common files\InfoWatch
2012-01-03 12:37:48 -------- d-----w- c:\program files\Kaspersky Lab
2012-01-03 12:37:48 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2012-01-03 12:36:33 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files
2012-01-03 12:19:25 -------- d-----w- C:\Autoruns
2012-01-02 15:00:13 -------- d-----w- c:\documents and settings\nick\local settings\application data\Google
2012-01-02 14:49:44 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-01-02 14:49:43 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-02 14:49:43 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-02 14:49:43 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-02 14:49:43 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-02 14:47:08 -------- d-----w- c:\windows\system32\appmgmt
2012-01-02 14:30:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-02 14:26:55 -------- d-----w- c:\documents and settings\nick\local settings\application data\Secunia PSI
2012-01-02 14:26:44 -------- d-----w- c:\program files\Secunia
2012-01-02 13:33:14 -------- d-----w- c:\documents and settings\nick\application data\Malwarebytes
2012-01-02 13:33:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-02 13:32:59 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 13:32:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-30 00:03:19 -------- d-----w- c:\documents and settings\nick\.thumbnails
2011-12-30 00:02:42 -------- d-----w- c:\documents and settings\nick\.gimp-2.6
2011-12-30 00:01:49 -------- d-----w- c:\program files\GIMP-2.0
2011-12-29 23:55:04 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-12-29 23:55:04 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-12-29 23:55:04 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-12-29 23:55:04 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2011-12-14 00:19:52 4448256 ----a-w- c:\windows\system32\GPhotos.scr
.
==================== Find3M ====================
.
2012-01-05 12:28:21 26112 ----a-w- c:\windows\system32\userinit.exe
2012-01-02 15:13:11 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2012-01-02 15:12:30 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2012-01-02 15:09:38 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2012-01-02 15:09:38 129784 ------w- c:\windows\system32\pxafs.dll
2012-01-02 15:09:38 118520 ------w- c:\windows\system32\pxinsi64.exe
2012-01-02 15:09:38 116472 ------w- c:\windows\system32\pxcpyi64.exe
2012-01-02 14:39:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-02 14:30:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-26 20:06:39 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-26 19:21:27 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2011-11-26 18:58:48 21393 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-11-26 18:58:48 21393 ----a-w- c:\windows\AegisP.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 17:06:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 9:10:22.06 ===============

Attached Files


Edited by WhyDoComputersSuck, 07 January 2012 - 10:44 AM.


BC AdBot (Login to Remove)

 


#2 WhyDoComputersSuck

WhyDoComputersSuck
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 07 January 2012 - 10:40 AM

======================================================================================================================================================
= ark.txt
======================================================================================================================================================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-07 10:30:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HITACHI_ rev.DCDZ
Running: x1ycvf1i.exe; Driver: C:\DOCUME~1\Nick\LOCALS~1\Temp\kwkcrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB3B0D598]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB3B0DE18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB3B0E92E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB3B0EEA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xB3B0E0FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xB3B0C442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB3B0ED78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB3B0D19E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB3B0EC34]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB3B0D35A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB3B0EFD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB3B10C14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xB3B0DAB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB3B0ECD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB3B10606]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB3B0CA06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB3B0CD94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB3B0E582]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB3B115D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB3B0CED6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB3B0CF80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xB3B0E38E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB3B10698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB3B0C41E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB3B0C430]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB3B10CC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB3B0D0CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB3B0EF42]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xB3B0DE9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xB3B0C5E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB3B0EE10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB3B0D79E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB3B10C3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB3B0F074]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB3B0D6C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB3B0D02A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB3B0CC52]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB3B10FE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB3B0C8A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB3B1092E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB3B0CB1A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB3B0C2BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB3B0F3FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB3B0F2C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB3B103A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB3B13E38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB3B114B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB3B0C254]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB3B0E668]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB3B0DCD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB3B0FC56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xB3B10792]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB3B11120]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB3B0C72A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB3B11204]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB3B1132C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB3B10532]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB2A49640]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB3B0D86C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB3B10E96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB3B0D9F6]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B3B024DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B3B028B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C60 805044FC 4 Bytes JMP CF34F8B1
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 16 Bytes [5A, D3, B0, B3, D2, EF, B0, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [98, 06, B1, B3, 1E, C4, B0, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DC0 8050465C 8 Bytes CALL 9103F726
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 16 Bytes [1A, CB, B0, B3, BC, C2, B0, ...]
.text ...
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7FCD360, 0x30A257, 0xE8000020]
? C:\DOCUME~1\Nick\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[252] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[252] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[252] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 38, 6D]
.text C:\WINDOWS\system32\SearchIndexer.exe[480] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
? C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[920] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[920] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[920] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 38, 6D]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4516] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106C3A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4516] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106C3A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4516] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1046C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4516] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1046CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0138B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5800] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009E0001
.text C:\Program Files\Mozilla Firefox\firefox.exe[5800] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A50F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5800] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A20F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5800] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5800] WS2_32.dll!send 71AB4C27 6 Bytes JMP 719F0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5800] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71960F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5800] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5800] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 71990F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5800] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71930F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 klmouflt.sys (KLMOUFLT Mouse Device Filter [fre_wnet_x86]/Kaspersky Lab)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \FileSystem\Fastfat \Fat A4283D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat tvtumon.sys (Windows Update Monitor Driver/Lenovo)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 17803 bytes
File C:\RRbackups\common\SAM 28672 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 53248 bytes
File C:\RRbackups\common\settings.dat 28672 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 16640 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500\f0fd6cf4-d03a-4922-a312-00c22ddd2c10 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500\ed7c78c0-3f76-40a7-92ba-ab8c4ba80187 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\3640db8912e4e3c4eb1f79f871f92f7c_eb368bab-7b7f-4a7b-b473-65144d99406a 1273 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_eb368bab-7b7f-4a7b-b473-65144d99406a 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6b29ae44e85efac3c72ff4d1865d73f1_eb368bab-7b7f-4a7b-b473-65144d99406a 53 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_eb368bab-7b7f-4a7b-b473-65144d99406a 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_eb368bab-7b7f-4a7b-b473-65144d99406a 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\b973ec0ff915c48a18fe09064ce3a22d_eb368bab-7b7f-4a7b-b473-65144d99406a 56 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_eb368bab-7b7f-4a7b-b473-65144d99406a 893 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500\f0fd6cf4-d03a-4922-a312-00c22ddd2c10 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500\ed7c78c0-3f76-40a7-92ba-ab8c4ba80187 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Kate 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3489753496-2937959677-369318739-1006 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3489753496-2937959677-369318739-1006\6b29ae44e85efac3c72ff4d1865d73f1_eb368bab-7b7f-4a7b-b473-65144d99406a 53 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3489753496-2937959677-369318739-1006\83aa4cc77f591dfc2374580bbd95f6ba_eb368bab-7b7f-4a7b-b473-65144d99406a 45 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500\f0fd6cf4-d03a-4922-a312-00c22ddd2c10 388 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-3489753496-2937959677-369318739-1006 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-3489753496-2937959677-369318739-1006\d4f478fb-2593-4f00-857d-221b30ed0f79 388 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-3489753496-2937959677-369318739-1006\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500\ed7c78c0-3f76-40a7-92ba-ab8c4ba80187 388 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Nick 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3489753496-2937959677-369318739-1005 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3489753496-2937959677-369318739-1005\6b29ae44e85efac3c72ff4d1865d73f1_eb368bab-7b7f-4a7b-b473-65144d99406a 53 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3489753496-2937959677-369318739-1005\83aa4cc77f591dfc2374580bbd95f6ba_eb368bab-7b7f-4a7b-b473-65144d99406a 45 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3489753496-2937959677-369318739-1005\8f71098770f72c7a67cd8f1151619865_eb368bab-7b7f-4a7b-b473-65144d99406a 54 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500\f0fd6cf4-d03a-4922-a312-00c22ddd2c10 388 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-3489753496-2937959677-369318739-1005 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-3489753496-2937959677-369318739-1005\12e430e6-3184-4d7a-a5d4-fc83b288950e 388 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-3489753496-2937959677-369318739-1005\9bb115ac-6b0c-423a-b67b-7f813a9662e6 388 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-3489753496-2937959677-369318739-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500\ed7c78c0-3f76-40a7-92ba-ab8c4ba80187 388 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\FR 0 bytes
File C:\RRbackups\FR\KernelFileDigest.dat 17562 bytes
File C:\RRbackups\FR\UF 0 bytes
File C:\RRbackups\FR\UF\boot.ini 211 bytes
File C:\RRbackups\FR\UF\documents and settings 0 bytes
File C:\RRbackups\FR\UF\documents and settings\default user 0 bytes
File C:\RRbackups\FR\UF\documents and settings\default user\ntuser.dat 1048576 bytes
File C:\RRbackups\FR\UF\NTDETECT.COM 47564 bytes
File C:\RRbackups\FR\UF\NTLDR 250048 bytes
File C:\RRbackups\FR\UF\Windows 0 bytes
File C:\RRbackups\FR\UF\Windows\explorer.exe 1033728 bytes executable
File C:\RRbackups\FR\UF\Windows\Fonts 0 bytes
File C:\RRbackups\FR\UF\Windows\Fonts\mangal.ttf 143864 bytes
File C:\RRbackups\FR\UF\Windows\Fonts\marlett.ttf 24124 bytes
File C:\RRbackups\FR\UF\Windows\Fonts\micross.ttf 461672 bytes
File C:\RRbackups\FR\UF\Windows\Fonts\mvboli.ttf 40500 bytes
File C:\RRbackups\FR\UF\Windows\Fonts\vgaoem.fon 5168 bytes
File C:\RRbackups\FR\UF\Windows\system32 0 bytes
File C:\RRbackups\FR\UF\Windows\system32\advapi32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\advpack.dll 128512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\authz.dll 62464 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\autochk.exe 588800 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\basesrv.dll 52736 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\bootvid.dll 12288 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\browseui.dll 1025024 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\chkdsk.exe 11776 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\cmd.exe 389120 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\comctl32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\comdlg32.dll 276992 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\config 0 bytes
File C:\RRbackups\FR\UF\Windows\system32\config\default 262144 bytes
File C:\RRbackups\FR\UF\Windows\system32\config\SAM 262144 bytes
File C:\RRbackups\FR\UF\Windows\system32\config\SECURITY 262144 bytes
File C:\RRbackups\FR\UF\Windows\system32\config\software 24117248 bytes
File C:\RRbackups\FR\UF\Windows\system32\config\system 5767168 bytes
File C:\RRbackups\FR\UF\Windows\system32\config\userdiff 262144 bytes
File C:\RRbackups\FR\UF\Windows\system32\crypt32.dll 599040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\cryptdll.dll 33280 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\cryptui.dll 512512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\cscdll.dll 101888 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\csrsrv.dll 33280 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\csrss.exe 6144 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\c_1252.nls 66082 bytes
File C:\RRbackups\FR\UF\Windows\system32\c_936.nls 196642 bytes
File C:\RRbackups\FR\UF\Windows\system32\dnsapi.dll 149504 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\doskey.exe 10752 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\dpcdll.dll 102912 bytes
File C:\RRbackups\FR\UF\Windows\system32\drivers 0 bytes
File C:\RRbackups\FR\UF\Windows\system32\drivers\acpi.sys 187776 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\acpiec.sys 11648 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\afd.sys 138496 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\amdk6.sys 37376 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\amdk7.sys 37760 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\arp1394.sys 60800 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\asyncmac.sys 14336 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\atapi.sys 96512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\atmarpc.sys 59904 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\atmepvc.sys 31360 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\atmlane.sys 55808 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\atmuni.sys 352256 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\audstub.sys 3072 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\beep.sys 4224 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\bridge.sys 71552 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cbidf2k.sys 13952 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cdaudio.sys 18688 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cdfs.sys 63744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cdrom.sys 62976 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\classpnp.sys 49536 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cpqdap01.sys 11776 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\crusoe.sys 36736 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\disk.sys 36352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\diskdump.sys 14208 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dmboot.sys 799744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dmio.sys 153344 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dmload.sys 5888 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dxapi.sys 10496 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dxg.sys 71168 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dxgthk.sys 3328 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fastfat.sys 143744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fdc.sys 27392 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fips.sys 44544 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\flpydisk.sys 20480 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fltMgr.sys 129792 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fsvga.sys 12160 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fs_rec.sys 7936 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ftdisk.sys 125056 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\hidclass.sys 36864 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\hidparse.sys 24960 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\hidusb.sys 10368 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\http.sys 265728 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\i8042prt.sys 52480 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\imapi.sys 42112 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\intelppm.sys 36352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ip6fw.sys 36608 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ipfltdrv.sys 32896 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ipinip.sys 20864 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ipnat.sys 152832 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ipsec.sys 75264 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\irenum.sys 11264 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\isapnp.sys 37248 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\kbdclass.sys 24576 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ks.sys 141056 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ksecdd.sys 92928 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mcd.sys 7680 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mnmdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\modem.sys 30080 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mouclass.sys 23040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mouhid.sys 12160 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mountmgr.sys 42368 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mrxdav.sys 180608 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mrxsmb.sys 456320 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\msfs.sys 19072 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\msgpc.sys 35072 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mssmbios.sys 15488 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mup.sys 105472 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ndis.sys 182656 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ndistapi.sys 10496 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ndisuio.sys 14592 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ndiswan.sys 91520 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ndproxy.sys 40960 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\netbios.sys 34688 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\netbt.sys 162816 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nikedrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nmnt.sys 40320 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\npfs.sys 30848 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ntfs.sys 574976 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\null.sys 2944 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nwlnkflt.sys 12416 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nwlnkfwd.sys 32512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nwlnkipx.sys 88320 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nwlnknb.sys 63232 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nwlnkspx.sys 55936 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\oprghdlr.sys 3456 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\p3.sys 42752 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\parport.sys 80128 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\partmgr.sys 19712 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\parvdm.sys 6784 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\pci.sys 68224 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\pciide.sys 3328 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\pciidex.sys 24960 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\processr.sys 35840 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\psched.sys 69120 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ptilink.sys 17792 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rasacd.sys 8832 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rasl2tp.sys 51328 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\raspppoe.sys 41472 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\raspptp.sys 48384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\raspti.sys 16512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rawwan.sys 34432 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rdbss.sys 175744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rdpcdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rdpdr.sys 196224 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rdpwd.sys 139656 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\redbook.sys 57600 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rio8drv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\riodrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\RMCast.sys 203136 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rndismp.sys 30592 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rootmdm.sys 5888 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cinemst2.sys 262528 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\gm.dls 3440660 bytes
File C:\RRbackups\FR\UF\Windows\system32\drivers\mf.sys 63744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nic1394.sys 61824 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\pcmcia.sys 120192 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\scsiport.sys 96384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tdtcp.sys 21896 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sdbus.sys 79232 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\secdrv.sys 20480 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\serenum.sys 15744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\serial.sys 64512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sffdisk.sys 11904 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sffp_sd.sys 11008 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sfloppy.sys 11392 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\smclib.sys 14592 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sonydcam.sys 25344 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sr.sys 73472 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\srv.sys 357888 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\stream.sys 49408 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\swenum.sys 4352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\syntp.sys 177664 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tape.sys 14976 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tcpip.sys 361600 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tcpip6.sys 226880 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tdi.sys 19072 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tdpipe.sys 12040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\termdd.sys 40840 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tosdvd.sys 51712 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tsbvcap.sys 21376 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tunmp.sys 12288 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\udfs.sys 66048 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\update.sys 384768 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usb8023.sys 12800 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbcamd.sys 25600 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbcamd2.sys 25728 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbd.sys 4736 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbehci.sys 30208 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbhub.sys 59520 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbintel.sys 15872 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbport.sys 143872 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbstor.sys 26368 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbuhci.sys 20608 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\vdmindvd.sys 58112 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\vga.sys 20992 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\videoprt.sys 81664 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\volsnap.sys 52352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\wanarp.sys 34560 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\wmilib.sys 4352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ws2ifsl.sys 12032 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\duser.dll 304128 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\eventlog.dll 56320 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\faultrep.dll 80384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\feclient.dll 21504 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\filemgmt.dll 337920 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fldrclnr.dll 87552 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fltlib.dll 16896 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fmifs.dll 16384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fontext.dll 382976 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fontsub.dll 81920 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\framebuf.dll 9344 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fsusd.dll 81408 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fwcfg.dll 60416 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\gdi32.dll 286720 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\hal.dll 134400 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\imagehlp.dll 144384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\imm32.dll 110080 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\iphlpapi.dll 94720 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\kdcom.dll 7040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\kernel32.dll 989696 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\licdll.dll 423936 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\locale.nls 265948 bytes
File C:\RRbackups\FR\UF\Windows\system32\logonui.exe 514560 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\lsasrv.dll 730112 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\lsass.exe 13312 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\lz32.dll 2560 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\l_intl.nls 7046 bytes
File C:\RRbackups\FR\UF\Windows\system32\mfc42.dll 978944 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\mfc42u.dll 974848 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\mmc.exe 1414656 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\mobsync.dll 207360 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msasn1.dll 58880 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msgina.dll 997376 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msimg32.dll 4608 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msprivs.dll 48128 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msv1_0.dll 136192 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msvcp60.dll 413696 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msvcrt.dll 343040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ncobjapi.dll 36352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\nddeapi.dll 17920 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\netapi32.dll 337408 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\netrap.dll 11776 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\notepad.exe 69120 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ntdll.dll 718336 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ntdsapi.dll 67072 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ntoskrnl.exe 2148864 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ntsdexts.dll 36864 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\odbc32.dll 249856 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\odbcint.dll 94208 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\oembios.dat 4547 bytes
File C:\RRbackups\FR\UF\Windows\system32\oembios.sig 7208 bytes
File C:\RRbackups\FR\UF\Windows\system32\ole32.dll 1288704 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\oleacc.dll 220160 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\oleaccrc.dll 20480 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\oleaut32.dll 551936 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\profmap.dll 27648 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\psapi.dll 23040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\regapi.dll 49664 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\rpcrt4.dll 590848 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\rpcss.dll 401408 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\rsaenh.dll 208384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\rundll32.exe 33280 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\samlib.dll 64000 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\samsrv.dll 415744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\scesrv.dll 314880 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\secupd.dat 4569 bytes
File C:\RRbackups\FR\UF\Windows\system32\secupd.sig 7208 bytes
File C:\RRbackups\FR\UF\Windows\system32\services.exe 110592 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\setupapi.dll 985088 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\sfc.dll 5120 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\sfc_os.dll 140288 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shdocvw.dll 1499136 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shell32.dll 8462336 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shfolder.dll 25088 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shgina.dll 68096 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shlwapi.dll 474112 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shsvcs.dll 135168 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\smss.exe 50688 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\sortkey.nls 262148 bytes
File C:\RRbackups\FR\UF\Windows\system32\sorttbls.nls 23044 bytes
File C:\RRbackups\FR\UF\Windows\system32\svchost.exe 14336 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\sxs.dll 713216 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\umpnpmgr.dll 123392 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\unicode.nls 89588 bytes
File C:\RRbackups\FR\UF\Windows\system32\usbmon.dll 16896 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ctype.nls 8386 bytes
File C:\RRbackups\FR\UF\Windows\system32\ftsrch.dll 176128 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\mpr.dll 59904 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\oembios.bin 13107200 bytes
File C:\RRbackups\FR\UF\Windows\system32\secur32.dll 56832 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\usbui.dll 74240 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\user32.dll 578560 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\userenv.dll 727040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\userinit.exe 26112 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\uxtheme.dll 218624 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\version.dll 18944 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\vga.dll 9344 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\vga.drv 2176 bytes
File C:\RRbackups\FR\UF\Windows\system32\watchdog.sys 17664 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\win32k.sys 1859584 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\wininet.dll 916992 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winlogon.exe 507904 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winmm.dll 176128 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winspool.drv 146432 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winspool.exe 2112 bytes
File C:\RRbackups\FR\UF\Windows\system32\winsrv.dll 293376 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winsta.dll 53760 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winstrm.dll 18944 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\wintrust.dll 177664 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\wldap32.dll 172032 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ws2help.dll 19968 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ws2_32.dll 82432 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\wsock32.dll 22528 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat 7232 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest 1819 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.cat 7238 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest 1784 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.cat 7433 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest 1862 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest 494 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.cat 7433 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.Manifest 500 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.cat 7236 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest 391 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.cat 7431 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.Manifest 397 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.cat 10678 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.cat 10678 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest 1187 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.cat 7236 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest 640 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.cat 10680 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest 1237 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.cat 7238 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest 1883 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.cat 7431 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.Policy 605 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.cat 10680 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy 625 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.cat 7429 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy 621 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.cat 7433 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.Policy 623 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll 74802 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll 995383 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll 995384 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll 401462 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 921088 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 1050624 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll 50688 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll 54784 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll 343040 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll 1700352 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll 1712128 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll 853504 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll 991232 bytes executable
File C:\RRbackups\FR\UpdatingFiles.dat 17 bytes
File C:\WINDOWS\$NtUninstallKB5536$\1584299710 0 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380 0 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\bckfg.tmp 863 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\cfg.ini 198 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\keywords 169 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\L 0 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\L\hvmonmrs 52480 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\U 0 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\U\80000000.@ 11264 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\U\80000032.@ 77312 bytes

---- EOF - GMER 1.0.15 ----

#3 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:01 AM

Posted 07 January 2012 - 03:38 PM

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

unite_blue.png

Please post the final results, good or bad. We like to know!


#4 WhyDoComputersSuck

WhyDoComputersSuck
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 08 January 2012 - 06:04 PM

I ran combofix. Early on it warned me that it found Rootkit.zero Access and rebooted the computer. The log is below.

ComboFix 12-01-07.03 - Nick 01/08/2012 17:28:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3054.2389 [GMT -5:00]
Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe
AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kate\gotomypc_626.exe
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\AccessibleMarshal.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\components\browsercomps.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\crashreporter.exe
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\D3DCompiler_43.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\d3dx9_43.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\firefox.exe
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\freebl3.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\libEGL.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\libGLESv2.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\mozalloc.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\mozcpp19.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\mozcrt19.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\mozjs.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\mozsqlite3.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\nspr4.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\nss3.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\nssckbi.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\nssdbm3.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\nssutil3.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\plc4.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\plds4.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\plugin-container.exe
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\smime3.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\softokn3.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\ssl3.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\uninstall\helper.exe
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\updater.exe
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\xpcom.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\core\xul.dll
c:\documents and settings\Nick\Local Settings\Temp\7zS7F.tmp\setup.exe
c:\documents and settings\Nick\Local Settings\Temp\AdobeUpdater12345.exe
c:\documents and settings\Nick\Local Settings\Temp\F3.tmp
c:\documents and settings\Nick\Local Settings\Temp\nst81.tmp\InstallOptions.dll
c:\documents and settings\Nick\Local Settings\Temp\nst81.tmp\System.dll
c:\documents and settings\Nick\Local Settings\Temp\SansaUpdater\english.dll
c:\documents and settings\Nick\Local Settings\Temp\SUPERSetup\setup.dll
c:\documents and settings\Nick\Local Settings\Temp\SymLCSVC.EXE
C:\mydnswatch
c:\windows\$NtUninstallKB5536$
c:\windows\$NtUninstallKB5536$\1584299710
c:\windows\$NtUninstallKB5536$\2563542380\@
c:\windows\$NtUninstallKB5536$\2563542380\bckfg.tmp
c:\windows\$NtUninstallKB5536$\2563542380\cfg.ini
c:\windows\$NtUninstallKB5536$\2563542380\Desktop.ini
c:\windows\$NtUninstallKB5536$\2563542380\keywords
c:\windows\$NtUninstallKB5536$\2563542380\kwrd.dll
c:\windows\$NtUninstallKB5536$\2563542380\L\hvmonmrs
c:\windows\$NtUninstallKB5536$\2563542380\lsflt7.ver
c:\windows\$NtUninstallKB5536$\2563542380\U\00000001.@
c:\windows\$NtUninstallKB5536$\2563542380\U\00000002.@
c:\windows\$NtUninstallKB5536$\2563542380\U\00000004.@
c:\windows\$NtUninstallKB5536$\2563542380\U\80000000.@
c:\windows\$NtUninstallKB5536$\2563542380\U\80000004.@
c:\windows\$NtUninstallKB5536$\2563542380\U\80000032.@
c:\windows\system32\Thumbs.db
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2011-12-08 to 2012-01-08 )))))))))))))))))))))))))))))))
.
.
2012-01-07 21:13 . 2012-01-07 21:13 -------- d--h--w- c:\windows\PIF
2012-01-07 00:42 . 2012-01-07 00:42 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-07 00:38 . 2012-01-07 00:42 -------- d-s---w- c:\documents and settings\TEMP
2012-01-06 01:04 . 2011-11-26 20:06 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-01-05 02:04 . 2012-01-05 02:04 -------- d-----w- c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com
2012-01-05 02:02 . 2012-01-05 02:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-05 02:02 . 2012-01-05 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-03 12:41 . 2010-10-02 03:05 162392 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2012-01-03 12:40 . 2012-01-03 12:53 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-01-03 12:40 . 2012-01-03 12:53 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-01-03 12:39 . 2009-12-14 17:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-01-03 12:39 . 2009-12-14 17:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-01-03 12:37 . 2012-01-03 12:37 -------- d-----w- c:\program files\Common Files\InfoWatch
2012-01-03 12:37 . 2012-01-08 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2012-01-03 12:37 . 2012-01-03 12:37 -------- d-----w- c:\program files\Kaspersky Lab
2012-01-03 12:36 . 2012-01-03 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2012-01-03 12:19 . 2012-01-03 12:19 -------- d-----w- C:\Autoruns
2012-01-02 15:00 . 2012-01-02 15:09 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Google
2012-01-02 14:49 . 2011-12-21 07:24 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-01-02 14:49 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-02 14:49 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-02 14:49 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-02 14:49 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-02 14:36 . 2012-01-02 14:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-01-02 14:30 . 2012-01-02 14:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-02 14:26 . 2012-01-02 14:26 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Secunia PSI
2012-01-02 14:26 . 2012-01-02 14:26 -------- d-----w- c:\program files\Secunia
2012-01-02 13:36 . 2012-01-02 13:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-01-02 13:36 . 2012-01-02 13:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\adawaretb
2012-01-02 13:33 . 2012-01-02 13:33 -------- d-----w- c:\documents and settings\Nick\Application Data\Malwarebytes
2012-01-02 13:33 . 2012-01-02 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-02 13:32 . 2012-01-02 13:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-02 13:32 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-31 01:56 . 2011-12-31 01:56 -------- d-----w- c:\windows\Sun
2011-12-30 00:03 . 2011-12-30 00:03 -------- d-----w- c:\documents and settings\Nick\.thumbnails
2011-12-30 00:02 . 2011-12-30 00:13 -------- d-----w- c:\documents and settings\Nick\.gimp-2.6
2011-12-30 00:01 . 2011-12-30 00:01 -------- d-----w- c:\program files\GIMP-2.0
2011-12-29 23:55 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-12-29 23:55 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-12-29 23:55 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2011-12-29 23:55 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-12-19 15:37 . 2011-12-19 15:37 -------- d-----w- c:\documents and settings\Kate\Application Data\adawaretb
2011-12-19 15:36 . 2011-12-19 15:36 -------- d-----w- c:\documents and settings\Kate\Application Data\Intel
2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\system32\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-05 12:28 . 2006-04-30 06:56 26112 ----a-w- c:\windows\system32\userinit.exe
2012-01-02 15:13 . 2011-11-26 19:22 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2012-01-02 15:12 . 2011-11-26 19:12 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2012-01-02 15:09 . 2011-11-26 19:22 129784 ------w- c:\windows\system32\pxafs.dll
2012-01-02 15:09 . 2011-11-26 19:22 118520 ------w- c:\windows\system32\pxinsi64.exe
2012-01-02 15:09 . 2011-11-26 19:22 116472 ------w- c:\windows\system32\pxcpyi64.exe
2012-01-02 15:09 . 2006-09-27 21:53 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2012-01-02 14:39 . 2011-11-26 22:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-02 14:30 . 2011-11-26 22:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-26 20:06 . 2011-11-26 20:06 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-26 19:21 . 2011-11-26 19:21 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2011-11-26 18:58 . 2011-11-26 18:58 21393 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-11-26 18:58 . 2011-11-26 18:58 21393 ----a-w- c:\windows\AegisP.sys
2011-11-23 13:25 . 2006-04-30 06:55 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2006-04-30 06:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-04-30 06:55 385024 ------w- c:\windows\system32\html.iec
2011-11-03 17:06 . 2011-11-26 20:01 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-01 16:07 . 2006-04-30 06:55 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-04-30 06:55 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2006-04-30 06:55 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2006-04-30 06:55 186880 ----a-w- c:\windows\system32\encdec.dll
2011-12-21 07:24 . 2012-01-02 14:49 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-02 03:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorkForce 610(Network)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE" [2009-01-26 199680]
"SansaDispatch"="c:\documents and settings\Nick\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-11-28 79872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TpShocks"="TpShocks.exe" [2007-11-22 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-10 8495104]
"nwiz"="nwiz.exe" [2007-12-10 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-10 81920]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-04 2630968]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-02 348760]
.
c:\documents and settings\Nick\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-11-26 50688]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
"c:\\Program Files\\gnucash\\bin\\gnucash.exe"=
"c:\\Program Files\\gnucash\\bin\\gconfd-2.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [1/3/2012 7:39 AM 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/26/2011 3:01 PM 64512]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 9:32 PM 19504]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [1/3/2012 7:39 AM 39352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 5:50 AM 46144]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [12/21/2009 5:34 PM 743992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 1:01 AM 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 1:01 AM 399416]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/14/2008 4:25 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 5:50 AM 253952]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 6:59 PM 37312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/30/2006 1:56 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2012-01-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 23:54]
.
2012-01-08 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-11-26 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\sn1ymkk8.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
Notify-ACNotify - ACNotify.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-08 17:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Nick\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?<?/?b?o?d?y?>? ? ?<?/?h?t?m?l?>???>? ? ?????b?o????????? ?<?/?h?t?m?l?>???<?/?b?????y?>?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1556)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
- - - - - - - > 'explorer.exe'(2860)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\windows\system32\nview.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Lenovo\Logger\logmon.exe
.
**************************************************************************
.
Completion time: 2012-01-08 18:00:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-08 23:00
.
Pre-Run: 125,846,249,472 bytes free
Post-Run: 126,499,794,944 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9E313A3814C9B55ADC341D1F44357E58

#5 WhyDoComputersSuck

WhyDoComputersSuck
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 09 January 2012 - 07:55 AM

My computer seems to be running fine for the most part, but I am still getting a "Microsoft Windows Search Indexer has encountered a problem and needs to close" error message every so often.

Thanks!

#6 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:01 AM

Posted 09 January 2012 - 07:58 AM

That looks a lot better! :thumbup2:

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

unite_blue.png

Please post the final results, good or bad. We like to know!


#7 WhyDoComputersSuck

WhyDoComputersSuck
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 09 January 2012 - 09:40 PM

Did as instructed. If its relevant the error about Microsoft Windows Search Indexer appeared a few times during the MBAM scan.

Here is the log:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Nick :: LENOVO-F64097DC [administrator]

1/9/2012 9:32:30 PM
mbam-log-2012-01-09 (21-32-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198566
Time elapsed: 6 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:01 AM

Posted 10 January 2012 - 09:57 AM

I'm quite sure the indexer problem isn't being caused by malware, but we can try fixing it though.

Right click on the eyeglass in your task notification area
Select Windows Search Options
Select Advanced
Click Rebuild
Restart your computer

Does that fix it?





Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:

unite_blue.png

Please post the final results, good or bad. We like to know!


#9 WhyDoComputersSuck

WhyDoComputersSuck
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 13 January 2012 - 06:47 AM

I still haven't gotten around to following the cleanup steps (busy week) but I have had another problem, unsure if its related.

Sometimes when I log in after booting up my desktop and settings disappear (and a warning pops up to tell me so). I Attempt a system restore, and when I boot back up everything is back to normal but a message tells me that it was unable to do the system restore.

Thanks.

#10 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:01 AM

Posted 13 January 2012 - 09:02 AM

That doesn't sound like a malware related problem to me. Neither do I know a possible solution to it.

I'm specialized at solving malware problems. 'Normal' Windows problems are a lot harder to solve for me. If you want, you can start a new topic about your problem here. :thumbup2:

unite_blue.png

Please post the final results, good or bad. We like to know!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users