Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

My PC is a mess!


Bobc11
 Share

Recommended Posts

I have a dual boot PC with windows XP and Windows 7. Windows XP is supposedly infected. the attached logs are the ones i was able to get. Kaspersky says i keep finding a Trojan.

Edited by Bobc11
Link to post
Share on other sites

I took a quick look at the log. The only think I noticed was some entry from relevantknowledge program

f:\program files\relevantknowledge\rlls.dll

However no executable seems to be present.

But you should wait for more experienced users help you.

Meanwhile I think you should give more details on your situation, for example:

Do you get any error message when you try to run gmer and malwarebytes?

What is Kaspersky detecting - It can be a false positive.

Have you tried running the applications in safemode or reinstalling them?

relevantknowledge program

i know, thanks for telling me the information i need. I will post more info.

Link to post
Share on other sites

Do you get any error message when you try to run gmer and malwarebytes?

No. The screen on them turns white and after waiting about five minutes i click and it gives me the end now window.

What is Kaspersky detecting - It can be a false positive.

Trojan program Trojan-Downloader.Win32.Agent.cfp

and

Trojan.Win32.BHO.acvs

Link to post
Share on other sites

Hi Bobc11,

@rasd, please do not post help in the HJT Log Forum. You are not authorized to do so.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Link to post
Share on other sites

OTL logfile created on: 1/11/2010 3:54:08 PM - Run 2

OTL by OldTimer - Version 3.1.23.0 Folder = F:\Documents and Settings\Spencer\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): f:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files

Drive C: | 208.68 Gb Total Space | 141.41 Gb Free Space | 67.76% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 29.32 Gb Total Space | 29.20 Gb Free Space | 99.59% Space Free | Partition Type: NTFS

Drive F: | 48.80 Gb Total Space | 33.79 Gb Free Space | 69.23% Space Free | Partition Type: NTFS

Drive G: | 11.28 Gb Total Space | 1.60 Gb Free Space | 14.15% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

Drive I: | 24.76 Gb Total Space | 4.71 Gb Free Space | 19.03% Space Free | Partition Type: NTFS

Drive J: | 31.12 Gb Total Space | 31.04 Gb Free Space | 99.73% Space Free | Partition Type: NTFS

Computer Name: BOB-9FE64D5806E

Current User Name: Spencer

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/11 07:11:49 | 00,543,744 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Spencer\Desktop\OTL.exe

PRC - [2010/01/10 07:55:26 | 00,908,248 | ---- | M] (Mozilla Corporation) -- F:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/12/02 07:08:21 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009/12/02 07:08:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2009/10/28 17:19:44 | 00,300,656 | ---- | M] (Speedbit Ltd.) -- F:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe

PRC - [2009/10/28 17:19:44 | 00,140,920 | ---- | M] (Speedbit Ltd.) -- F:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

PRC - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

PRC - [2009/10/20 20:34:38 | 00,207,376 | ---- | M] (Kaspersky Lab) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe

PRC - [2009/09/30 21:58:42 | 00,026,464 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2009/09/05 03:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- F:\Program Files\QuickTime\QTTask.exe

PRC - [2009/04/03 12:28:00 | 00,573,440 | ---- | M] (Audiovox Electronics Corp.) -- F:\Documents and Settings\Spencer\My Documents\RCA easyRip\EZDock.exe

PRC - [2009/03/28 00:10:56 | 00,014,336 | ---- | M] (LSI Corporation) -- F:\Program Files\LSI SoftModem\agrsmsvc.exe

PRC - [2009/02/19 15:10:54 | 00,238,968 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2009/02/19 15:09:53 | 03,220,856 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

PRC - [2009/02/19 15:08:48 | 00,308,600 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

PRC - [2009/02/03 12:32:14 | 18,085,888 | ---- | M] (Realtek Semiconductor Corp.) -- F:\WINDOWS\RTHDCPL.EXE

PRC - [2009/01/09 11:40:26 | 00,942,592 | ---- | M] (Audiovox Electronics Corp.) -- F:\Documents and Settings\Spencer\My Documents\RCA Detective\RCADetective.exe

PRC - [2008/09/18 01:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\system32\nvsvc32.exe

PRC - [2008/04/14 07:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe

PRC - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- F:\Program Files\Canon\CAL\CALMAIN.exe

========== Modules (SafeList) ==========

MOD - [2010/01/11 07:11:49 | 00,543,744 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Spencer\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/12/02 07:08:21 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- F:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009/10/28 17:19:44 | 00,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- F:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)

SRV - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)

SRV - [2009/10/07 05:31:18 | 00,035,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\aspnet_state.exe -- (aspnet_state)

SRV - [2009/10/07 02:44:58 | 00,752,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2009/10/07 02:44:58 | 00,129,856 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe -- (clr_optimization_v4.0.21006_32)

SRV - [2009/10/07 02:44:58 | 00,124,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2009/03/28 00:10:56 | 00,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- F:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2009/02/19 15:10:54 | 00,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2009/02/19 15:09:53 | 03,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)

SRV - [2008/09/18 01:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- F:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)

SRV - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- F:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 6B 00 1E 00 8E CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010/01/10 07:55:32 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010/01/10 07:55:32 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/01/09 18:05:41 | 00,000,000 | ---D | M]

[2010/01/08 17:39:17 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Spencer\Application Data\Mozilla\Extensions

[2010/01/10 18:48:09 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\akq5obba.default\extensions

[2010/01/10 18:48:09 | 00,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions

[2010/01/09 18:06:06 | 00,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: (371233 bytes) - F:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 12798 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe ARM] F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] F:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVP] F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [Easy Dock] F:\Documents and Settings\Spencer\My Documents\RCA easyRip\EZDock.exe (Audiovox Electronics Corp.)

O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] F:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] F:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QuickTime Task] F:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RTHDCPL] F:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sprint SmartView] F:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)

O4 - HKLM..\Run: [sunJavaUpdateSched] F:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe File not found

O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-link AirPlus G DWL-G120 Wireless USB.lnk = F:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe (D-Link)

O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = F:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O4 - Startup: F:\Documents and Settings\Spencer\Start Menu\Programs\Startup\RCA Detective.lnk = F:\Documents and Settings\Spencer\My Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Anti-Banner - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()

O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - F:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - F:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - F:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Symantec Script Runner Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1256692888000 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.191.50.10 206.222.97.82

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - F:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (F:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (F:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - F:\WINDOWS\system32\klogon.dll - F:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O20 - Winlogon\Notify\NavLogon: DllName - F:\WINDOWS\system32\NavLogon.dll - F:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O20 - Winlogon\Notify\RelevantKnowledge: DllName - F:\Program Files\RelevantKnowledge\rlls.dll - F:\Program Files\RelevantKnowledge\rlls.dll File not found

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - F:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2009/06/10 16:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/09/06 11:00:48 | 00,000,047 | -H-- | M] () - I:\Autorun.inf -- [ NTFS ]

O33 - MountPoints2\{09304a52-fa36-11de-a04c-0026186443c4}\Shell\AutoRun\command - "" = I:\Launch.exe -- [2005/05/03 22:25:00 | 00,126,976 | ---- | M] (InstallShield Software Corporation)

O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\AutoRun\command - "" = H:\rcaeasyrip_setup.exe -- File not found

O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\install\command - "" = H:\rcaeasyrip_setup.exe -- File not found

O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\usermanualEnglish\command - "" = H:\rcaeasyrip_setup.exe -- File not found

O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\usermanualFrench\command - "" = H:\rcaeasyrip_setup.exe -- File not found

O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\usermanualSpanish\command - "" = H:\rcaeasyrip_setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - F:\WINDOWS\system32\ias [2009/12/08 15:11:34 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (17736428226084864)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/11 07:11:49 | 00,543,744 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Spencer\Desktop\OTL.exe

[2010/01/10 17:47:06 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\My Documents\RCA Detective

[2010/01/10 17:46:47 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\My Documents\RCA easyRip

[2010/01/10 08:06:41 | 00,000,000 | -H-D | C] -- F:\WINDOWS\PIF

[2010/01/09 19:13:29 | 00,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/01/09 19:05:42 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\My Documents\Gateway 400SD4

[2010/01/09 19:03:50 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Local Settings\Application Data\Adobe

[2010/01/09 19:02:35 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Adobe

[2010/01/09 19:02:31 | 00,000,000 | ---D | C] -- F:\Program Files\Common Files\Adobe

[2010/01/09 19:02:31 | 00,000,000 | ---D | C] -- F:\Program Files\Adobe

[2010/01/09 18:05:21 | 00,000,000 | ---D | C] -- F:\Program Files\Kaspersky Lab

[2010/01/09 18:05:21 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Kaspersky Lab

[2010/01/09 18:05:06 | 00,315,408 | ---- | C] (Kaspersky Lab) -- F:\WINDOWS\System32\drivers\klif.sys

[2010/01/09 18:03:29 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

[2010/01/09 17:58:44 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Local Settings\Application Data\Temporary Projects

[2010/01/09 17:57:26 | 00,000,000 | ---D | C] -- F:\Program Files\Microsoft Help

[2010/01/09 17:42:47 | 00,000,000 | ---D | C] -- F:\Program Files\Microsoft SQL Server

[2010/01/09 17:42:39 | 00,000,000 | ---D | C] -- F:\Program Files\Microsoft Synchronization Services

[2010/01/09 17:42:39 | 00,000,000 | ---D | C] -- F:\Program Files\Microsoft SQL Server Compact Edition

[2010/01/09 17:42:09 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\My Documents\Visual Studio 2010

[2010/01/09 17:41:05 | 00,000,000 | ---D | C] -- F:\Program Files\Microsoft Visual Studio 10.0

[2010/01/09 17:41:05 | 00,000,000 | ---D | C] -- F:\Program Files\Microsoft SDKs

[2010/01/09 17:37:08 | 00,000,000 | ---D | C] -- F:\Program Files\Microsoft.NET

[2010/01/09 17:03:15 | 00,000,000 | ---D | C] -- F:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP

[2010/01/09 17:01:44 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Application Data\Malwarebytes

[2010/01/08 19:00:42 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Application Data\Windows Search

[2010/01/08 17:45:41 | 00,951,104 | ---- | C] (Teebo Software Solutions) -- F:\WINDOWS\System32\tssOfficeMenu1d.ocx

[2010/01/08 17:45:41 | 00,233,472 | ---- | C] (vbAccelerator) -- F:\WINDOWS\System32\vbalTbar6.ocx

[2010/01/08 17:45:41 | 00,231,139 | ---- | C] (Innovasys) -- F:\WINDOWS\System32\BtnPlus1.ocx

[2010/01/08 17:45:41 | 00,208,896 | ---- | C] ( ) -- F:\WINDOWS\System32\SoftGuard6.ocx

[2010/01/08 17:45:41 | 00,178,889 | ---- | C] (Innovasys) -- F:\WINDOWS\System32\FraPlus1.ocx

[2010/01/08 17:45:41 | 00,114,688 | ---- | C] (Lebans Holdings 1999 Ltd) -- F:\WINDOWS\System32\AnimatedGif.ocx

[2010/01/08 17:45:41 | 00,072,704 | ---- | C] (Teebo Software Solutions) -- F:\WINDOWS\System32\tssProgressBarXP.ocx

[2010/01/08 17:45:40 | 05,476,352 | ---- | C] (MapWindow Open Source Team - www.MapWindow.org) -- F:\WINDOWS\System32\MapWinGIS.ocx

[2010/01/08 17:45:40 | 01,093,632 | ---- | C] (FreeImage) -- F:\WINDOWS\System32\FreeImage.dll

[2010/01/08 17:45:40 | 00,344,064 | ---- | C] (Interactive Studios Inc.) -- F:\WINDOWS\System32\islicense30.dll

[2010/01/08 17:45:40 | 00,124,952 | ---- | C] (Perfection Bytes Inc.) -- F:\WINDOWS\System32\PBBalloon2.ocx

[2010/01/08 17:45:40 | 00,090,112 | ---- | C] (Storm Alert Inc) -- F:\WINDOWS\System32\EnhSliderXP.ocx

[2010/01/08 17:45:40 | 00,040,960 | ---- | C] (vbAccelerator) -- F:\WINDOWS\System32\SSubTmr6.dll

[2010/01/08 17:45:37 | 00,000,000 | ---D | C] -- F:\Program Files\StormLab

[2010/01/08 17:42:14 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\My Documents\Downloads

[2010/01/08 17:39:10 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Local Settings\Application Data\Mozilla

[2010/01/08 17:39:10 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Application Data\Mozilla

[2010/01/07 17:53:17 | 00,000,000 | -HSD | C] -- F:\Documents and Settings\Spencer\IECompatCache

[2010/01/06 18:16:42 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Local Settings\Application Data\WMTools Downloaded Files

[2010/01/06 07:10:50 | 00,000,000 | R--D | C] -- F:\Documents and Settings\Spencer\My Documents\My Videos

[2010/01/06 07:09:24 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\My Documents\Vidoes

[2010/01/05 16:30:36 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\My Documents\My Received Files

[2010/01/05 16:28:35 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Tracing

[2010/01/05 16:26:53 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Desktop\Normal

[2010/01/05 07:14:56 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Application Data\Sun

[2010/01/05 07:11:24 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Application Data\Macromedia

[2010/01/05 07:10:59 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Application Data\Adobe

[2010/01/05 07:10:49 | 00,000,000 | -HSD | C] -- F:\Documents and Settings\Spencer\PrivacIE

[2010/01/05 07:10:10 | 00,000,000 | R-SD | C] -- F:\Documents and Settings\Spencer\My Documents\My Stationery

[2010/01/05 07:10:00 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Local Settings\Application Data\Identities

[2010/01/05 07:09:58 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Application Data\Windows Desktop Search

[2010/01/05 07:09:55 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Local Settings\Application Data\Symantec

[2010/01/05 07:09:44 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Application Data\Identities

[2010/01/05 07:09:42 | 00,000,000 | R--D | C] -- F:\Documents and Settings\Spencer\My Documents\My Pictures

[2010/01/05 07:09:42 | 00,000,000 | R--D | C] -- F:\Documents and Settings\Spencer\My Documents\My Music

[2010/01/05 07:09:41 | 00,000,000 | -HSD | C] -- F:\Documents and Settings\Spencer\IETldCache

[2010/01/05 07:09:36 | 00,000,000 | --SD | C] -- F:\Documents and Settings\Spencer\Application Data\Microsoft

[2010/01/05 07:09:36 | 00,000,000 | RH-D | C] -- F:\Documents and Settings\Spencer\SendTo

[2010/01/05 07:09:36 | 00,000,000 | RH-D | C] -- F:\Documents and Settings\Spencer\Recent

[2010/01/05 07:09:36 | 00,000,000 | RH-D | C] -- F:\Documents and Settings\Spencer\Application Data

[2010/01/05 07:09:36 | 00,000,000 | R--D | C] -- F:\Documents and Settings\Spencer\Start Menu

[2010/01/05 07:09:36 | 00,000,000 | R--D | C] -- F:\Documents and Settings\Spencer\My Documents

[2010/01/05 07:09:36 | 00,000,000 | R--D | C] -- F:\Documents and Settings\Spencer\Favorites

[2010/01/05 07:09:36 | 00,000,000 | -HSD | C] -- F:\Documents and Settings\Spencer\Cookies

[2010/01/05 07:09:36 | 00,000,000 | -H-D | C] -- F:\Documents and Settings\Spencer\Templates

[2010/01/05 07:09:36 | 00,000,000 | -H-D | C] -- F:\Documents and Settings\Spencer\PrintHood

[2010/01/05 07:09:36 | 00,000,000 | -H-D | C] -- F:\Documents and Settings\Spencer\NetHood

[2010/01/05 07:09:36 | 00,000,000 | -H-D | C] -- F:\Documents and Settings\Spencer\Local Settings

[2010/01/05 07:09:36 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Local Settings\Application Data\Microsoft

[2010/01/05 07:09:36 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Desktop

[2009/12/27 09:50:40 | 00,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/12/27 09:50:40 | 00,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Application Data\Adobe

[2009/11/19 20:52:07 | 00,000,000 | --SD | M] -- F:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/10/27 16:02:16 | 00,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/10/27 15:59:28 | 00,000,000 | --SD | M] -- F:\Documents and Settings\NetworkService\Application Data\Microsoft

[8 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

[1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/11 15:56:00 | 00,000,422 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{DA6F3B6B-5263-46A5-94BF-29E47624F09A}.job

[2010/01/11 15:53:11 | 00,000,426 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{6C7C8B0F-972F-4227-91FF-F201A448F5CC}.job

[2010/01/11 15:53:00 | 00,000,424 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{BE9A7F4B-3D82-46B6-9705-20AA498D5FBD}.job

[2010/01/11 15:52:00 | 00,000,438 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{7D9ACCDB-0551-4DD6-9731-D5FD9E85200B}.job

[2010/01/11 15:44:54 | 00,001,062 | ---- | M] () -- F:\Documents and Settings\Spencer\Desktop\Shortcut to HP Adjustment Pattern.exe.lnk

[2010/01/11 15:25:00 | 00,000,278 | -H-- | M] () -- F:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

[2010/01/11 15:02:00 | 00,000,240 | -H-- | M] () -- F:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010/01/11 07:11:49 | 00,543,744 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Spencer\Desktop\OTL.exe

[2010/01/10 18:54:48 | 03,145,728 | -H-- | M] () -- F:\Documents and Settings\Spencer\NTUSER.DAT

[2010/01/10 17:51:27 | 00,000,098 | ---- | M] () -- F:\WINDOWS\EasyRip.ini

[2010/01/10 17:47:06 | 00,000,734 | ---- | M] () -- F:\Documents and Settings\Spencer\Start Menu\Programs\Startup\RCA Detective.lnk

[2010/01/10 17:47:01 | 00,000,717 | ---- | M] () -- F:\Documents and Settings\Spencer\Desktop\RCA easyRip.lnk

[2010/01/10 17:46:38 | 00,001,125 | ---- | M] () -- F:\Documents and Settings\Spencer\Desktop\User_Manual_English_Pearl.pdf.lnk

[2010/01/10 08:21:42 | 00,012,620 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl

[2010/01/10 08:20:37 | 00,232,216 | ---- | M] () -- F:\WINDOWS\System32\NvApps.xml

[2010/01/10 08:20:23 | 00,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT

[2010/01/10 08:20:18 | 00,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat

[2010/01/10 08:06:01 | 00,000,000 | ---- | M] () -- F:\Documents and Settings\Spencer\defogger_reenable

[2010/01/09 18:13:58 | 00,315,408 | ---- | M] (Kaspersky Lab) -- F:\WINDOWS\System32\drivers\klif.sys

[2010/01/09 18:06:01 | 00,108,059 | ---- | M] () -- F:\WINDOWS\System32\drivers\klin.dat

[2010/01/09 18:06:01 | 00,095,259 | ---- | M] () -- F:\WINDOWS\System32\drivers\klick.dat

[2010/01/09 17:53:33 | 00,000,178 | -HS- | M] () -- F:\Documents and Settings\Spencer\ntuser.ini

[2010/01/09 17:44:29 | 00,000,165 | ---- | M] () -- F:\WINDOWS\System32\spupdsvc.inf

[2010/01/09 17:44:06 | 00,001,355 | ---- | M] () -- F:\WINDOWS\imsins.BAK

[2010/01/09 17:39:50 | 00,611,800 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI

[2010/01/09 17:39:50 | 00,524,872 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat

[2010/01/09 17:39:50 | 00,095,318 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat

[2010/01/09 17:04:23 | 00,027,048 | ---- | M] () -- F:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate

[2010/01/09 10:41:42 | 00,013,824 | ---- | M] () -- F:\Documents and Settings\Spencer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/08 17:45:58 | 05,367,616 | -H-- | M] () -- F:\Documents and Settings\Spencer\Local Settings\Application Data\IconCache.db

[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys

[2010/01/05 18:29:32 | 00,371,233 | R--- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts.msn

[2010/01/05 18:29:32 | 00,371,233 | R--- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts

[2010/01/05 07:10:21 | 00,023,720 | ---- | M] () -- F:\Documents and Settings\Spencer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[8 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

[1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/11 15:44:54 | 00,001,062 | ---- | C] () -- F:\Documents and Settings\Spencer\Desktop\Shortcut to HP Adjustment Pattern.exe.lnk

[2010/01/10 17:47:06 | 00,000,734 | ---- | C] () -- F:\Documents and Settings\Spencer\Start Menu\Programs\Startup\RCA Detective.lnk

[2010/01/10 17:47:01 | 00,000,717 | ---- | C] () -- F:\Documents and Settings\Spencer\Desktop\RCA easyRip.lnk

[2010/01/10 17:46:38 | 00,001,125 | ---- | C] () -- F:\Documents and Settings\Spencer\Desktop\User_Manual_English_Pearl.pdf.lnk

[2010/01/10 08:06:01 | 00,000,000 | ---- | C] () -- F:\Documents and Settings\Spencer\defogger_reenable

[2010/01/09 18:06:01 | 00,108,059 | ---- | C] () -- F:\WINDOWS\System32\drivers\klin.dat

[2010/01/09 18:06:01 | 00,095,259 | ---- | C] () -- F:\WINDOWS\System32\drivers\klick.dat

[2010/01/09 17:44:29 | 00,000,165 | ---- | C] () -- F:\WINDOWS\System32\spupdsvc.inf

[2010/01/09 17:03:15 | 00,027,048 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate

[2010/01/08 17:45:41 | 00,028,672 | ---- | C] () -- F:\WINDOWS\System32\MsgHoo32.ocx

[2010/01/08 17:45:40 | 00,102,400 | ---- | C] () -- F:\WINDOWS\System32\libbzip2.dll

[2010/01/08 17:45:40 | 00,057,344 | ---- | C] () -- F:\WINDOWS\System32\unlzw.dll

[2010/01/07 17:53:06 | 00,000,426 | -H-- | C] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{6C7C8B0F-972F-4227-91FF-F201A448F5CC}.job

[2010/01/06 07:10:20 | 00,013,824 | ---- | C] () -- F:\Documents and Settings\Spencer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/05 07:09:37 | 00,000,178 | -HS- | C] () -- F:\Documents and Settings\Spencer\ntuser.ini

[2010/01/05 07:09:36 | 03,145,728 | -H-- | C] () -- F:\Documents and Settings\Spencer\NTUSER.DAT

[2009/12/28 10:25:23 | 00,000,588 | ---- | C] () -- F:\WINDOWS\cdplayer.ini

[2009/12/27 16:24:44 | 00,000,098 | ---- | C] () -- F:\WINDOWS\EasyRip.ini

[2009/12/02 06:55:25 | 00,307,200 | ---- | C] () -- F:\WINDOWS\System32\AscSQLite.dll

[2009/11/05 06:59:01 | 00,000,410 | ---- | C] () -- F:\WINDOWS\BRWMARK.INI

[2009/10/31 12:35:16 | 00,000,000 | ---- | C] () -- F:\WINDOWS\vpc32.INI

[2009/10/27 16:22:59 | 00,000,244 | ---- | C] () -- F:\WINDOWS\ODBC.INI

[2008/10/15 14:58:34 | 00,024,840 | ---- | C] () -- F:\WINDOWS\System32\drivers\swmsflt.sys

[2008/08/02 01:48:00 | 01,724,416 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll

[2008/08/02 01:48:00 | 01,503,232 | ---- | C] () -- F:\WINDOWS\System32\nview.dll

[2008/08/02 01:48:00 | 01,101,824 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll

[2008/08/02 01:48:00 | 00,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll

[2008/08/02 01:48:00 | 00,286,720 | ---- | C] () -- F:\WINDOWS\System32\nvnt4cpl.dll

[2007/09/27 12:51:02 | 00,020,698 | ---- | C] () -- F:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 12:48:48 | 00,030,628 | ---- | C] () -- F:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 12:48:28 | 00,031,698 | ---- | C] () -- F:\WINDOWS\System32\gthrctr.ini

[2000/09/18 17:12:40 | 00,023,040 | ---- | C] () -- F:\WINDOWS\System32\CSSMS_IN.DLL

========== LOP Check ==========

[2009/12/28 10:42:58 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\4TN1yM8yOli8Ir5E

[2009/10/29 20:47:44 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\IM

[2009/10/29 20:46:31 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\IncrediMail

[2009/11/08 10:54:17 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\PhotoMail

[2009/11/21 10:29:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Prism

[2009/10/28 17:19:48 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Speedbit

[2009/11/21 10:21:41 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Sprint

[2009/12/23 08:09:56 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\StormPredator

[2009/12/25 17:29:33 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TEMP

[2010/01/05 07:09:58 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Spencer\Application Data\Windows Desktop Search

[2010/01/08 19:00:42 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Spencer\Application Data\Windows Search

[2010/01/11 15:53:11 | 00,000,426 | -H-- | M] () -- F:\WINDOWS\Tasks\User_Feed_Synchronization-{6C7C8B0F-972F-4227-91FF-F201A448F5CC}.job

[2010/01/11 15:52:00 | 00,000,438 | -H-- | M] () -- F:\WINDOWS\Tasks\User_Feed_Synchronization-{7D9ACCDB-0551-4DD6-9731-D5FD9E85200B}.job

[2010/01/11 15:53:00 | 00,000,424 | -H-- | M] () -- F:\WINDOWS\Tasks\User_Feed_Synchronization-{BE9A7F4B-3D82-46B6-9705-20AA498D5FBD}.job

[2010/01/11 15:56:00 | 00,000,422 | -H-- | M] () -- F:\WINDOWS\Tasks\User_Feed_Synchronization-{DA6F3B6B-5263-46A5-94BF-29E47624F09A}.job

[2010/01/11 15:02:00 | 00,000,240 | -H-- | M] () -- F:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010/01/11 15:25:00 | 00,000,278 | -H-- | M] () -- F:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/04/14 07:00:00 | 20,056,462 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008/04/14 03:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >

[2008/04/14 07:00:00 | 20,056,462 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/04/14 07:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/14 07:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\dllcache\eventlog.dll

[2008/04/14 07:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\eventlog.dll

< MD5 for: LOGEVENT.DLL >

[2008/04/14 08:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\logevent.dll

< MD5 for: NETLOGON.DLL >

[2008/04/14 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\dllcache\netlogon.dll

[2008/04/14 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\netlogon.dll

< MD5 for: NVGTS.SYS >

[2008/08/19 05:54:24 | 00,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- F:\WINDOWS\system32\drivers\nvgts.sys

< MD5 for: SCECLI.DLL >

[2008/04/14 07:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\dllcache\scecli.dll

[2008/04/14 07:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2008/04/14 07:00:00 | 01,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\WINDOWS\system32\msvbvm60.dll

[1 F:\WINDOWS\system32\*.tmp files -> F:\WINDOWS\system32\*.tmp -> ]

< End of report >

It produces no extras?

Link to post
Share on other sites

Run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O33 - MountPoints2\{09304a52-fa36-11de-a04c-0026186443c4}\Shell\AutoRun\command - "" = I:\Launch.exe -- [2005/05/03 22:25:00 | 00,126,976 | ---- | M] (InstallShield Software Corporation)
    O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\AutoRun\command - "" = H:\rcaeasyrip_setup.exe -- File not found
    O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\install\command - "" = H:\rcaeasyrip_setup.exe -- File not found
    O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\usermanualEnglish\command - "" = H:\rcaeasyrip_setup.exe -- File not found
    O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\usermanualFrench\command - "" = H:\rcaeasyrip_setup.exe -- File not found
    O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\usermanualSpanish\command - "" = H:\rcaeasyrip_setup.exe -- File not found

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Run ESET Online Scan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

      You can refer to this animation by neomage if needed.
Link to post
Share on other sites

C:\Program Files\HP Games\Farm Mania\Farm-WT.exe a variant of Win32/Kryptik.SH trojan cleaned by deleting - quarantined

C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan deleted - quarantined

C:\System Volume Information\_restore{CAF0AE69-5EEE-4258-8581-FAB27CFEED1B}\RP42\A0008004.exe a variant of Win32/Kryptik.SH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{CAF0AE69-5EEE-4258-8581-FAB27CFEED1B}\RP42\A0008005.exe a variant of Win32/Kryptik.SH trojan deleted - quarantined

C:\Users\Bob\AppData\Local\IM\Identities\{3FB9A64A-8B9F-473A-B6F0-333558862F87}\Message Store\Attachments\New Compressed (zipped) Folder.zip probably unknown NewHeur_PE virus deleted - quarantined

C:\Users\Bob\AppData\Local\IM\Identities\{3FB9A64A-8B9F-473A-B6F0-333558862F87}\Message Store\Attachments\{5AF67C73-C7CC-482E-88B2-B26984C9254E}\New Compressed (zipped) Folder.zip probably unknown NewHeur_PE virus deleted - quarantined

C:\Users\Bob\AppData\Local\IM\Identities\{3FB9A64A-8B9F-473A-B6F0-333558862F87}\Message Store\Attachments\{D16C6124-E729-4D4C-86A2-08AAF29AF430}\New Compressed (zipped) Folder.zip probably unknown NewHeur_PE virus deleted - quarantined

C:\Users\Bob\AppData\Local\IM\Identities\{3FB9A64A-8B9F-473A-B6F0-333558862F87}\Message Store\Attachments\{EAF3EA7C-028E-4AD4-BC14-7794D36FF160}\New Compressed (zipped) Folder.zip probably unknown NewHeur_PE virus deleted - quarantined

C:\Users\Bob\AppData\Local\IM\Identities\{3FB9A64A-8B9F-473A-B6F0-333558862F87}\Message Store\Attachments\{ECEADEC5-865D-4075-81C0-0EA8F598F34C}\New Compressed (zipped) Folder.zip probably unknown NewHeur_PE virus deleted - quarantined

F:\Documents and Settings\Spencer\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (Do 2f1\Sent items\349C730A-00000150.eml probably unknown NewHeur_PE virus contained infected files

Malwarebytes' Anti-Malware 1.44

Database version: 3557

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/13/2010 8:47:43 PM

mbam-log-2010-01-13 (20-47-43).txt

Scan type: Quick Scan

Objects scanned: 120556

Time elapsed: 21 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\{F9197A7E-CE10-458e-85F8-5B0CE6DF2BBE} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

F:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Infected:

F:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

F:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09304a52-fa36-11de-a04c-0026186443c4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09304a52-fa36-11de-a04c-0026186443c4}\ not found.

I:\Launch.exe moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2100cd9-c381-11de-924d-0026186443c4}\ not found.

File H:\rcaeasyrip_setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2100cd9-c381-11de-924d-0026186443c4}\ not found.

File H:\rcaeasyrip_setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2100cd9-c381-11de-924d-0026186443c4}\ not found.

File H:\rcaeasyrip_setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2100cd9-c381-11de-924d-0026186443c4}\ not found.

File H:\rcaeasyrip_setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2100cd9-c381-11de-924d-0026186443c4}\ not found.

File H:\rcaeasyrip_setup.exe not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Fix Pcs

->Temp folder emptied: 676309 bytes

->Temporary Internet Files folder emptied: 22041966 bytes

->FireFox cache emptied: 3663314 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 66404 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 49854 bytes

User: Normal

User: Spencer

->Temp folder emptied: 112572311 bytes

->Temporary Internet Files folder emptied: 13001486 bytes

->Java cache emptied: 14077021 bytes

->FireFox cache emptied: 34204053 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 4586343 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 43669940 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 120824 bytes

Total Files Cleaned = 237.00 mb

OTL by OldTimer - Version 3.1.23.0 log created on 01132010_195012

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Link to post
Share on other sites

Logfile of random's system information tool 1.06 (written by random/random)

Run by Spencer at 2010-01-17 21:12:18

Microsoft Windows XP Professional Service Pack 3

System drive F: has 34 GB (69%) free of 50 GB

Total RAM: 2942 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:12:37 PM, on 1/17/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\nvsvc32.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\Explorer.EXE

F:\Program Files\Common Files\Symantec Shared\ccApp.exe

F:\Program Files\QuickTime\QTTask.exe

F:\WINDOWS\system32\RUNDLL32.EXE

F:\Program Files\Java\jre6\bin\jusched.exe

F:\WINDOWS\RTHDCPL.EXE

F:\Program Files\Mozilla Firefox\firefox.exe

F:\Documents and Settings\Spencer\My Documents\RCA easyRip\EZDock.exe

F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

F:\Program Files\Windows Live\Messenger\msnmsgr.exe

F:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe

F:\Program Files\Windows Desktop Search\WindowsSearch.exe

F:\Documents and Settings\Spencer\My Documents\RCA Detective\RCADetective.exe

F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe

F:\Program Files\LSI SoftModem\agrsmsvc.exe

F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

F:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

F:\Program Files\Java\jre6\bin\jqs.exe

F:\WINDOWS\system32\svchost.exe

F:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

F:\WINDOWS\system32\SearchIndexer.exe

F:\Program Files\Canon\CAL\CALMAIN.exe

F:\WINDOWS\system32\wuauclt.exe

F:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

F:\WINDOWS\system32\SearchProtocolHost.exe

F:\Documents and Settings\Spencer\Desktop\RSIT.exe

F:\Program Files\trend micro\Spencer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sprint SmartView] "F:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [Easy Dock] F:\Documents and Settings\Spencer\My Documents\RCA easyRip\EZDock.exe

O4 - HKLM\..\Run: [AVP] "F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: RCA Detective.lnk = F:\Documents and Settings\Spencer\My Documents\RCA Detective\RCADetective.exe

O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ?

O4 - Global Startup: Windows Search.lnk = F:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Add to Anti-Banner - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: f:\progra~1\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: f:\progra~1\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: f:\progra~1\speedb~1\sblsp.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1256692888000

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: F:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,F:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O20 - Winlogon Notify: RelevantKnowledge - F:\Program Files\RelevantKnowledge\rlls.dll (file missing)

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - F:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc. - F:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - F:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - F:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--

End of file - 8660 bytes

======Scheduled tasks folder======

F:\WINDOWS\tasks\User_Feed_Synchronization-{6C7C8B0F-972F-4227-91FF-F201A448F5CC}.job

F:\WINDOWS\tasks\User_Feed_Synchronization-{7D9ACCDB-0551-4DD6-9731-D5FD9E85200B}.job

F:\WINDOWS\tasks\User_Feed_Synchronization-{BE9A7F4B-3D82-46B6-9705-20AA498D5FBD}.job

F:\WINDOWS\tasks\User_Feed_Synchronization-{DA6F3B6B-5263-46A5-94BF-29E47624F09A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - F:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

IEVkbdBHO Class - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - F:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]

FilterBHO Class - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-02 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"nwiz"=nwiz.exe /install []

"NvCplDaemon"=F:\WINDOWS\system32\NvCpl.dll [2008-09-18 13574144]

"ccApp"=F:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-10-04 48752]

"QuickTime Task"=F:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

"NvMediaCenter"=F:\WINDOWS\system32\NvMcTray.dll [2008-09-18 86016]

"Sprint SmartView"=F:\Program Files\Sprint\Sprint SmartView\SprintSV.exe [2008-10-15 17664]

"SunJavaUpdateSched"=F:\Program Files\Java\jre6\bin\jusched.exe [2009-12-02 149280]

"RTHDCPL"=F:\WINDOWS\RTHDCPL.EXE [2009-02-03 18085888]

"Alcmtr"=F:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

"vptray"=F:\PROGRA~1\SYMANT~1\VPTray.exe []

"Easy Dock"=F:\Documents and Settings\Spencer\My Documents\RCA easyRip\EZDock.exe [2009-04-03 573440]

"AVP"=F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]

"Adobe Reader Speed Launcher"=F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

"Adobe ARM"=F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"=F:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup

D-link AirPlus G DWL-G120 Wireless USB.lnk - F:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe

Windows Search.lnk - F:\Program Files\Windows Desktop Search\WindowsSearch.exe

F:\Documents and Settings\Spencer\Start Menu\Programs\Startup

RCA Detective.lnk - F:\Documents and Settings\Spencer\My Documents\RCA Detective\RCADetective.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="F:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,F:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

F:\WINDOWS\system32\klogon.dll [2009-10-20 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

F:\WINDOWS\system32\NavLogon.dll [2005-11-15 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge]

F:\Program Files\RelevantKnowledge\rlls.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

F:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=F:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"F:\WINDOWS\system32\dpvsetup.exe"="F:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"F:\WINDOWS\system32\rundll32.exe"="F:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"F:\Program Files\Windows Live\Messenger\wlcsdk.exe"="F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"F:\Program Files\Windows Live\Messenger\msnmsgr.exe"="F:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"F:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\incredimail_installer.exe"="F:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"F:\Program Files\IncrediMail\Bin\IncMail.exe"="F:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail"

"F:\Program Files\IncrediMail\Bin\ImApp.exe"="F:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail"

"F:\Program Files\IncrediMail\Bin\ImpCnt.exe"="F:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail"

"F:\Program Files\Magentic\bin\MgImp.exe"="F:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"

"F:\Program Files\Magentic\bin\Magentic.exe"="F:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic"

"F:\Program Files\Magentic\bin\MgApp.exe"="F:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"

"F:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe"="F:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux"

"F:\Program Files\Java\jre6\bin\java.exe"="F:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary"

"F:\WINDOWS\system32\dxdiag.exe"="F:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"

"F:\WINDOWS\system32\dpnsvr.exe"="F:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"

"f:\program files\relevantknowledge\rlvknlg.exe"="f:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"

"F:\Documents and Settings\Spencer\Local Settings\Temp\7zS88A.tmp\SymNRT.exe"="F:\Documents and Settings\Spencer\Local Settings\Temp\7zS88A.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"F:\Program Files\Windows Live\Messenger\wlcsdk.exe"="F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"F:\Program Files\Windows Live\Messenger\msnmsgr.exe"="F:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-01-17 21:12:18 ----D---- F:\rsit

2010-01-17 21:12:18 ----D---- F:\Program Files\trend micro

2010-01-17 20:47:28 ----A---- F:\New Text Document.txt

2010-01-16 13:43:43 ----D---- F:\Program Files\RCTFiles

2010-01-14 20:14:04 ----D---- F:\Program Files\Adobe

2010-01-13 20:52:35 ----D---- F:\Program Files\ESET

2010-01-13 19:50:12 ----D---- F:\_OTL

2010-01-13 19:12:58 ----HDC---- F:\WINDOWS\$NtUninstallKB972270$

2010-01-12 18:07:43 ----D---- F:\Program Files\Blue Coat K9 Web Protection

2010-01-10 08:06:41 ----HD---- F:\WINDOWS\PIF

2010-01-09 19:02:35 ----D---- F:\Documents and Settings\All Users\Application Data\Adobe

2010-01-09 19:02:31 ----D---- F:\Program Files\Common Files\Adobe

2010-01-09 18:05:21 ----D---- F:\Program Files\Kaspersky Lab

2010-01-09 18:05:21 ----D---- F:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2010-01-09 18:03:29 ----D---- F:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2010-01-09 17:57:26 ----D---- F:\Program Files\Microsoft Help

2010-01-09 17:44:12 ----HDC---- F:\WINDOWS\$NtUninstallKB958655-v2$

2010-01-09 17:43:34 ----HDC---- F:\WINDOWS\$NtUninstallKB942288-v3$

2010-01-09 17:42:47 ----D---- F:\Program Files\Microsoft SQL Server

2010-01-09 17:42:39 ----D---- F:\Program Files\Microsoft Synchronization Services

2010-01-09 17:42:39 ----D---- F:\Program Files\Microsoft SQL Server Compact Edition

2010-01-09 17:41:05 ----D---- F:\Program Files\Microsoft Visual Studio 10.0

2010-01-09 17:41:05 ----D---- F:\Program Files\Microsoft SDKs

2010-01-09 17:37:08 ----D---- F:\Program Files\Microsoft.NET

2010-01-09 17:01:44 ----D---- F:\Documents and Settings\Spencer\Application Data\Malwarebytes

2010-01-08 19:00:42 ----D---- F:\Documents and Settings\Spencer\Application Data\Windows Search

2010-01-08 17:45:40 ----A---- F:\WINDOWS\system32\unlzw.dll

2010-01-08 17:45:40 ----A---- F:\WINDOWS\system32\SSubTmr6.dll

2010-01-08 17:45:40 ----A---- F:\WINDOWS\system32\libbzip2.dll

2010-01-08 17:45:40 ----A---- F:\WINDOWS\system32\islicense30.dll

2010-01-08 17:45:40 ----A---- F:\WINDOWS\system32\FreeImage.dll

2010-01-08 17:45:37 ----D---- F:\Program Files\StormLab

2010-01-08 17:45:37 ----A---- F:\WINDOWS\system32\msvcr71d.dll

2010-01-08 17:39:10 ----D---- F:\Documents and Settings\Spencer\Application Data\Mozilla

2010-01-05 07:14:56 ----D---- F:\Documents and Settings\Spencer\Application Data\Sun

2010-01-05 07:11:24 ----D---- F:\Documents and Settings\Spencer\Application Data\Macromedia

2010-01-05 07:10:59 ----D---- F:\Documents and Settings\Spencer\Application Data\Adobe

2010-01-05 07:09:58 ----D---- F:\Documents and Settings\Spencer\Application Data\Windows Desktop Search

2010-01-05 07:09:44 ----D---- F:\Documents and Settings\Spencer\Application Data\Identities

2010-01-05 07:09:37 ----ASH---- F:\Documents and Settings\Spencer\Application Data\desktop.ini

2010-01-05 07:09:36 ----SD---- F:\Documents and Settings\Spencer\Application Data\Microsoft

2009-12-28 10:42:58 ----D---- F:\Documents and Settings\All Users\Application Data\4TN1yM8yOli8Ir5E

2009-12-28 10:25:23 ----A---- F:\WINDOWS\cdplayer.ini

2009-12-27 16:24:44 ----A---- F:\WINDOWS\EasyRip.ini

2009-12-27 15:13:22 ----D---- F:\Program Files\AWS

2009-12-27 09:45:49 ----A---- F:\DAD.txt

2009-12-27 08:47:56 ----A---- F:\NEXT.txt

2009-12-25 19:12:29 ----ASH---- F:\Desktop.ini

2009-12-25 19:06:53 ----HDC---- F:\WINDOWS\$NtUninstallKB926141$

2009-12-25 17:49:46 ----D---- F:\Program Files\NavNT

2009-12-25 17:42:02 ----SHD---- F:\Config.Msi

2009-12-25 17:29:33 ----D---- F:\Program Files\Common Files\SourceTec

2009-12-25 17:29:33 ----D---- F:\Documents and Settings\All Users\Application Data\TEMP

2009-12-25 17:29:27 ----D---- F:\Program Files\SourceTec

2009-12-25 17:29:27 ----A---- F:\WINDOWS\system32\wvc1dmod.dll

2009-12-25 16:20:14 ----D---- F:\Program Files\MP3MyMP3 3.0

2009-12-23 08:09:56 ----D---- F:\WINDOWS\StormPredator

2009-12-23 08:09:56 ----D---- F:\Program Files\StormPredator

2009-12-23 08:09:56 ----D---- F:\Documents and Settings\All Users\Application Data\StormPredator

2009-12-22 18:29:05 ----D---- F:\WINDOWS\system32\appmgmt

2009-12-21 16:53:51 ----A---- F:\WINDOWS\system32\xactengine2_10.dll

2009-12-21 16:53:50 ----A---- F:\WINDOWS\system32\xactengine2_9.dll

2009-12-21 16:53:50 ----A---- F:\WINDOWS\system32\d3dx9_36.dll

2009-12-21 16:53:50 ----A---- F:\WINDOWS\system32\d3dx10_36.dll

2009-12-21 16:53:50 ----A---- F:\WINDOWS\system32\d3dx10_35.dll

2009-12-21 16:53:50 ----A---- F:\WINDOWS\system32\D3DCompiler_36.dll

2009-12-21 16:53:50 ----A---- F:\WINDOWS\system32\D3DCompiler_35.dll

2009-12-21 16:53:49 ----A---- F:\WINDOWS\system32\xactengine2_8.dll

2009-12-21 16:53:49 ----A---- F:\WINDOWS\system32\X3DAudio1_2.dll

2009-12-21 16:53:49 ----A---- F:\WINDOWS\system32\d3dx9_35.dll

2009-12-21 16:53:49 ----A---- F:\WINDOWS\system32\d3dx9_34.dll

2009-12-21 16:53:49 ----A---- F:\WINDOWS\system32\d3dx10_34.dll

2009-12-21 16:53:49 ----A---- F:\WINDOWS\system32\D3DCompiler_34.dll

2009-12-21 16:53:48 ----A---- F:\WINDOWS\system32\xinput1_3.dll

2009-12-21 16:53:48 ----A---- F:\WINDOWS\system32\xactengine2_7.dll

2009-12-21 16:53:46 ----A---- F:\WINDOWS\system32\d3dx10_33.dll

2009-12-21 16:53:46 ----A---- F:\WINDOWS\system32\D3DCompiler_33.dll

2009-12-21 16:53:43 ----A---- F:\WINDOWS\system32\xactengine2_6.dll

2009-12-21 16:53:43 ----A---- F:\WINDOWS\system32\xactengine2_5.dll

2009-12-21 16:53:43 ----A---- F:\WINDOWS\system32\xactengine2_4.dll

2009-12-21 16:53:43 ----A---- F:\WINDOWS\system32\x3daudio1_1.dll

2009-12-21 16:53:43 ----A---- F:\WINDOWS\system32\d3dx9_33.dll

2009-12-21 16:53:43 ----A---- F:\WINDOWS\system32\d3dx9_32.dll

2009-12-21 16:53:42 ----A---- F:\WINDOWS\system32\xinput1_2.dll

2009-12-21 16:53:42 ----A---- F:\WINDOWS\system32\xinput1_1.dll

2009-12-21 16:53:42 ----A---- F:\WINDOWS\system32\xactengine2_3.dll

2009-12-21 16:53:42 ----A---- F:\WINDOWS\system32\xactengine2_2.dll

2009-12-21 16:53:42 ----A---- F:\WINDOWS\system32\d3dx9_31.dll

2009-12-21 16:53:41 ----A---- F:\WINDOWS\system32\xactengine2_1.dll

2009-12-21 16:53:35 ----A---- F:\WINDOWS\system32\xactengine2_0.dll

2009-12-21 16:53:35 ----A---- F:\WINDOWS\system32\x3daudio1_0.dll

2009-12-21 16:53:35 ----A---- F:\WINDOWS\system32\d3dx9_30.dll

2009-12-21 16:53:35 ----A---- F:\WINDOWS\system32\d3dx9_29.dll

2009-12-21 16:53:35 ----A---- F:\WINDOWS\system32\d3dx9_28.dll

2009-12-21 16:53:34 ----A---- F:\WINDOWS\system32\xinput9_1_0.dll

2009-12-21 16:53:34 ----A---- F:\WINDOWS\system32\d3dx9_27.dll

2009-12-21 16:53:34 ----A---- F:\WINDOWS\system32\d3dx9_26.dll

2009-12-21 16:53:34 ----A---- F:\WINDOWS\system32\d3dx9_25.dll

2009-12-21 16:53:33 ----A---- F:\WINDOWS\system32\d3dx9_24.dll

2009-12-21 16:52:26 ----D---- F:\Program Files\Best Buy Games

======List of files/folders modified in the last 1 months======

2010-01-17 21:12:23 ----D---- F:\WINDOWS\Prefetch

2010-01-17 21:12:18 ----RD---- F:\Program Files

2010-01-17 21:11:19 ----D---- F:\WINDOWS\Temp

2010-01-17 21:09:59 ----D---- F:\Program Files\Mozilla Firefox

2010-01-17 21:08:19 ----A---- F:\WINDOWS\SchedLgU.Txt

2010-01-16 18:48:35 ----SHD---- F:\WINDOWS\Installer

2010-01-16 15:40:39 ----D---- F:\WINDOWS

2010-01-16 13:47:40 ----SHD---- F:\$RECYCLE.BIN

2010-01-16 13:17:20 ----D---- F:\WINDOWS\system32\CatRoot2

2010-01-16 09:36:32 ----HD---- F:\WINDOWS\inf

2010-01-16 09:29:09 ----D---- F:\Program Files\Common Files\Microsoft Shared

2010-01-15 15:20:15 ----D---- F:\WINDOWS\system32

2010-01-13 20:49:04 ----HDC---- F:\WINDOWS\$NtUninstallKB974318$

2010-01-13 20:49:04 ----D---- F:\WINDOWS\system32\drivers

2010-01-13 20:47:43 ----SD---- F:\WINDOWS\Tasks

2010-01-13 19:55:54 ----D---- F:\Program Files\Malwarebytes' Anti-Malware

2010-01-13 19:13:00 ----RSHDC---- F:\WINDOWS\system32\dllcache

2010-01-13 19:12:53 ----HD---- F:\WINDOWS\$hf_mig$

2010-01-11 18:19:00 ----D---- F:\WINDOWS\system32\ReinstallBackups

2010-01-11 18:01:13 ----D---- F:\WINDOWS\network diagnostic

2010-01-09 21:39:46 ----D---- F:\WINDOWS\Microsoft.NET

2010-01-09 21:39:45 ----RSD---- F:\WINDOWS\assembly

2010-01-09 20:58:49 ----SHD---- F:\RECYCLER

2010-01-09 19:02:31 ----D---- F:\Program Files\Common Files

2010-01-09 18:07:30 ----SHD---- F:\System Volume Information

2010-01-09 17:44:29 ----A---- F:\WINDOWS\imsins.BAK

2010-01-09 17:43:52 ----D---- F:\WINDOWS\system32\mui

2010-01-09 17:42:57 ----D---- F:\WINDOWS\WinSxS

2010-01-09 17:42:09 ----SD---- F:\Documents and Settings\All Users\Application Data\Microsoft

2010-01-09 17:39:50 ----A---- F:\WINDOWS\system32\PerfStringBackup.INI

2010-01-09 17:37:12 ----D---- F:\WINDOWS\system32\en-US

2010-01-06 20:39:32 ----D---- F:\WINDOWS\Media

2010-01-05 18:27:07 ----A---- F:\WINDOWS\OEWABLog.txt

2010-01-05 18:26:57 ----D---- F:\Documents and Settings

2010-01-04 19:17:46 ----A---- F:\WINDOWS\system32\MRT.exe

2009-12-28 10:37:59 ----D---- F:\WINDOWS\system32\Restore

2009-12-28 07:14:17 ----SHD---- F:\WINDOWS\CSC

2009-12-27 15:54:38 ----D---- F:\Program Files\Hewlett-Packard

2009-12-27 09:00:10 ----D---- F:\Program Files\Spybot - Search & Destroy

2009-12-27 07:53:16 ----D---- F:\Program Files\Common Files\Symantec Shared

2009-12-25 19:06:40 ----D---- F:\Program Files\Symantec

2009-12-25 17:54:41 ----A---- F:\WINDOWS\system32\S32EVNT1.DLL

2009-12-25 17:49:51 ----D---- F:\WINDOWS\system32\CBA

2009-12-25 17:49:51 ----A---- F:\WINDOWS\ODBCINST.INI

2009-12-25 17:49:51 ----A---- F:\WINDOWS\ODBC.INI

2009-12-25 17:49:49 ----D---- F:\Documents and Settings\All Users\Application Data\Symantec

2009-12-25 17:45:08 ----D---- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-22 18:28:20 ----D---- F:\Program Files\Mozilla Firefox 3.6 Beta 4

2009-12-21 16:53:30 ----D---- F:\WINDOWS\system32\DirectX

2009-12-21 16:52:23 ----HD---- F:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; F:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]

R1 bckd;bckd; F:\WINDOWS\system32\drivers\bckd.sys [2009-12-11 74088]

R1 kl1;Kl1; \??\F:\WINDOWS\system32\drivers\kl1.sys []

R1 KLIF;Kaspersky Lab Driver; F:\WINDOWS\system32\DRIVERS\klif.sys [2010-01-09 315408]

R1 vmm;Virtual Machine Monitor; \??\F:\WINDOWS\system32\Drivers\vmm.sys []

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; F:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]

R3 AgereSoftModem;Agere Systems Soft Modem; F:\WINDOWS\system32\DRIVERS\AGRSM.sys [2009-08-13 1163328]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; F:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]

R3 hidusb;Microsoft HID Class Driver; F:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); F:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-11 5028352]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; F:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT; F:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]

R3 mouhid;Mouse HID Driver; F:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]

R3 Nmea;Sprint Connection Manager - emulates the NMEA ports; F:\WINDOWS\system32\DRIVERS\pctnullport.sys [2008-10-15 38680]

R3 nv;nv; F:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-18 6132576]

R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; F:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]

R3 nvnetbus;NVIDIA Network Bus Enumerator; F:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]

R3 NWADI;NWADI Bus Enumerator; F:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2008-10-15 222720]

R3 RimVSerPort;RIM Virtual Serial Port v2; F:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; F:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; F:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]

R3 usbhub;USB2 Enabled Hub; F:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; F:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]

R3 usbprint;Microsoft USB PRINTER Class; F:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

R3 VPCNetS2;Virtual Machine Network Services; F:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]

S3 PCASp50;PCASp50 NDIS Protocol Driver; F:\WINDOWS\System32\Drivers\PCASp50.sys [2008-10-15 27072]

S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\F:\WINDOWS\system32\PCTINDIS5.SYS []

S3 PRISM_A02;D-link AirPlus G DWL-G120 WLAN USB Driver; F:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2003-11-11 336800]

S3 swmsflt;swmsflt; F:\WINDOWS\System32\drivers\swmsflt.sys [2008-10-15 24840]

S3 swmx00;Sierra Wireless USB MUX Driver (#00); F:\WINDOWS\system32\DRIVERS\swmx00.sys [2008-10-15 149512]

S3 SWNC5E00;Sierra Wireless MUX NDIS Driver (#00); F:\WINDOWS\system32\DRIVERS\SWNC5E00.sys [2008-10-15 171144]

S3 SymEvent;SymEvent; \??\F:\WINDOWS\system32\Drivers\SYMEVENT.SYS []

S3 usbccgp;Microsoft USB Generic Parent Driver; F:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

S3 usbscan;USB Scanner Driver; F:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]

S3 usbstor;USB Mass Storage Driver; F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; F:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; F:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; F:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; F:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-03-28 14336]

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2009-02-19 238968]

R2 AVP;Kaspersky Internet Security; F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]

R2 bckwfs;Blue Coat K9 Web Protection; F:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2009-12-11 1078632]

R2 CCALib8;Canon Camera Access Library 8; F:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]

R2 JavaQuickStarterService;Java Quick Starter; F:\Program Files\Java\jre6\bin\jqs.exe [2009-12-02 153376]

R2 nvsvc;NVIDIA Display Driver Service; F:\WINDOWS\system32\nvsvc32.exe [2008-09-18 163908]

R2 VideoAcceleratorService;VideoAcceleratorService; F:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2009-10-28 300656]

R2 WSearch;Windows Search; F:\WINDOWS\system32\SearchIndexer.exe [2008-05-27 439808]

S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86; F:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [2009-10-07 129856]

S3 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\aspnet_state.exe [2009-10-07 35144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 LiveUpdate;LiveUpdate; F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2009-02-19 3220856]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; F:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; F:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [2009-10-07 752984]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; F:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; F:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe [2009-10-07 124224]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-01-17 21:12:40

======Uninstall list======

-->"F:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 ActiveX-->F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->F:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}

Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Blue Coat

Link to post
Share on other sites

Run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O20 - Winlogon Notify: RelevantKnowledge - F:\Program Files\RelevantKnowledge\rlls.dll (file missing)

    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge]

    :Files
    F:\Program Files\RelevantKnowledge

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ deleted successfully.

File \Program Files\RelevantKnowledge\rlls.dll not found.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge\ not found.

========== FILES ==========

File\Folder F:\Program Files\RelevantKnowledge not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Fix Pcs

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 49787 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Normal

User: Spencer

->Temp folder emptied: 1169088 bytes

->Temporary Internet Files folder emptied: 5872143 bytes

->Java cache emptied: 832787 bytes

->FireFox cache emptied: 57771361 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 483 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 63.00 mb

OTL by OldTimer - Version 3.1.23.0 log created on 01192010_070559

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.44

Database version: 3617

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/22/2010 4:58:31 PM

mbam-log-2010-01-22 (16-58-31).txt

Scan type: Quick Scan

Objects scanned: 133022

Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 4

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 2

Files Infected: 13

Memory Processes Infected:

C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Unloaded process successfully.

C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Unloaded process successfully.

Memory Modules Infected:

C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot.

C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot.

C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot.

C:\Program Files\RelevantKnowledge\components\rlxg.dll (Spyware.MarketScore) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot.

C:\Program Files\RelevantKnowledge\components (Spyware.MarketScore) -> Delete on reboot.

Files Infected:

C:\Program Files\RelevantKnowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot.

C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot.

C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot.

C:\Program Files\RelevantKnowledge\rlls64.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\rlph.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\rlvknlg64.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\rlxf.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\Program Files\RelevantKnowledge\components\rlxg.dll (Spyware.MarketScore) -> Delete on reboot.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Gamer at 17:01:10.99 on Fri 01/22/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2942.1279 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iWin Games\iWinTrusted.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Norton 360\Engine\4.0.0.117\ccSvcHst.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\dllhost.exe

C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Norton 360\Engine\4.0.0.117\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

C:\Windows\system32\dllhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\msdtc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\iTunes\iTunesHelper.exe

c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files\Norton Ghost\Agent\VProTray.exe

c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Hewlett-Packard\KBD\kbd.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SndVol.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Gamer\Downloads\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Presario&pf=cndt

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Presario&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Presario&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Presario&pf=cndt

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.0.0.117\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.0.0.117\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: MapQuest Toolbar Loader: {bd3fd433-147a-482e-a192-614f26e2310c} - c:\program files\mapquest toolbar\mapquesttb.dll

BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0552.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0552.0\msneshellx.dll

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

TB: MapQuest Toolbar: {9302e698-7e00-43ab-b867-c6e759bc2ada} - c:\program files\mapquest toolbar\mapquesttb.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.0.0.117\coIEPlg.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpsysdrv] c:\program files\hewlett-packard\hp odometer\hpsysdrv.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [updatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [KBD] c:\program files\hewlett-packard\kbd\KbdStub.EXE

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "c:\program files\malwarebytes' anti-malware\mbamext.dll"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mRunOnce: [innoSetupRegFile.0000000001] "c:\windows\is-AV4NG.exe" /REG

mExplorerRun: [<NO NAME>] 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\gamer\appdata\roaming\mozilla\firefox\profiles\3sb96w01.default\

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\program files\relevantknowledge\components\rlxg.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.33\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.33\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\skyhook wireless\loki browser plugin\nploki.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0400000.075\symds.sys [2010-1-22 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0400000.075\symefa.sys [2010-1-22 172592]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.33\definitions\bashdefs\20091102.999\BHDrvx86.sys [2010-1-21 524848]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0400000.075\cchpx86.sys [2010-1-22 500864]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.33\definitions\ipsdefs\20090911.001\IDSVix86.sys [2010-1-21 342576]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0400000.075\ironx86.sys [2010-1-22 116272]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0400000.075\symtdiv.sys [2010-1-22 340016]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-21 102448]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-20 38224]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-24 133104]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2008-10-15 124160]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

=============== Created Last 30 ================

2010-01-22 21:59:59 0 ----a-w- c:\users\gamer\defogger_reenable

2010-01-22 21:58:43 54016 ----a-w- c:\windows\system32\drivers\lcpy.sys

2010-01-22 21:52:00 696832 ----a-w- c:\windows\is-AV4NG.exe

2010-01-22 21:52:00 331 ----a-w- c:\windows\is-AV4NG.lst

2010-01-22 21:52:00 10498 ----a-w- c:\windows\is-AV4NG.msg

2010-01-22 21:51:56 0 d-----w- c:\users\gamer\appdata\roaming\Malwarebytes

2010-01-22 17:40:11 0 d-----w- c:\program files\Audacity

2010-01-22 17:18:24 0 d-----w- c:\program files\RelevantKnowledge

2010-01-22 17:18:02 0 d-----w- c:\program files\MP3MyMP3 3.0

2010-01-22 17:15:33 0 d-----w- c:\program files\Xiph.Org

2010-01-22 17:03:04 0 d-----w- c:\windows\lhsp

2010-01-22 17:03:01 0 d-----w- c:\program files\CFS-Technologies

2010-01-22 14:55:42 0 d-----w- c:\users\gamer\Tracing

2010-01-22 00:58:43 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-01-22 00:58:43 107368 ----a-r- c:\windows\system32\GEARAspi.dll

2010-01-22 00:58:41 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-01-22 00:58:41 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-01-22 00:58:41 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-01-22 00:57:20 0 d-----w- c:\windows\system32\drivers\N360

2010-01-22 00:57:18 0 d-----w- c:\program files\Norton 360

2010-01-22 00:54:32 0 d-----w- c:\program files\NortonInstaller

2010-01-22 00:18:47 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-01-21 23:34:52 977920 ----a-w- c:\windows\system32\wininet.dll

2010-01-18 22:51:45 0 d-----w- c:\users\gamer\.VirtualBox

2010-01-16 18:57:33 0 ----a-w- c:\windows\PowerReg.dat

2010-01-16 18:57:13 0 d-----w- c:\program files\Infogrames Interactive

2010-01-16 18:53:50 0 d-----w- c:\program files\RCT1

2010-01-16 18:32:16 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys

2010-01-16 18:32:16 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2010-01-16 18:24:42 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-01-16 18:24:42 108544 ----a-w- c:\windows\system32\t2embed.dll

2009-12-27 13:13:00 0 d-----w- c:\program files\Skyhook Wireless

2009-12-27 13:12:54 0 d-----w- c:\program files\common files\Software Update Utility

2009-12-27 13:12:50 0 d-----w- c:\programdata\MapQuest Toolbar

2009-12-27 13:12:50 0 d-----w- c:\program files\MapQuest Toolbar

2009-12-25 14:10:15 0 d-----w- c:\programdata\Vivitar Experience Image Manager - TARGET Edition

2009-12-25 14:09:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2009-12-25 14:09:15 0 d-----w- c:\programdata\VivitarTarget

2009-12-25 14:08:35 0 d-----w- c:\program files\Haali

2009-12-25 14:08:32 57344 ----a-w- c:\windows\system32\ff_vfw.dll

2009-12-25 14:08:31 60273 ----a-w- c:\windows\system32\pthreadGC2.dll

2009-12-25 14:08:30 0 d-----w- c:\program files\ffdshow

2009-12-25 14:08:03 0 d-----w- c:\program files\Vivitar Experience Image Manager - TARGET Edition

==================== Find3M ====================

2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-22 22:49:40 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-22 15:54:45 249856 ------w- c:\windows\Setup1.exe

2009-12-22 15:54:44 73216 ----a-w- c:\windows\ST6UNST.EXE

2009-12-19 19:53:30 22476 ----a-w- c:\windows\system32\emptyregdb.dat

2009-11-26 18:36:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2009-11-10 19:54:02 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2009-10-29 07:22:37 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-27 17:08:02 47104 ----a-w- c:\windows\system32\KMVIDC32.DLL

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:03:00.92 ===============

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-01-22 17:36:33

Windows 6.1.7600

Running: 8x9ovmv3.exe; Driver: C:\Users\Gamer\AppData\Local\Temp\pxldqpow.sys

---- System - GMER 1.0.15 ----

SSDT 86849830 ZwAlpcConnectPort

SSDT 86859088 ZwLoadDriver

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83030AF8

INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83030104

INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830303F4

INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830192D8

INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83018898

INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830301DC

INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83030958

INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830306F8

INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83030F2C

INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830311A8

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Thanks for letting me know.

When you return,

Run ESET Online Scan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

      You can refer to this animation by neomage if needed.
Link to post
Share on other sites

  • 2 weeks later...

C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00071c multiple threats deleted - quarantined

C:\Users\Bob\Documents\Downloads\mp3mymp3install.exe multiple threats deleted - quarantined

Link to post
Share on other sites

  • 4 weeks later...
  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.