My PC is a mess!

Bobc11 · January 10, 2010

I have a dual boot PC with windows XP and Windows 7. Windows XP is supposedly infected. the attached logs are the ones i was able to get. Kaspersky says i keep finding a Trojan.

Edited January 10, 2010 by Bobc11

Bobc11 · January 10, 2010

I took a quick look at the log. The only think I noticed was some entry from relevantknowledge program
f:\program files\relevantknowledge\rlls.dll
However no executable seems to be present.
But you should wait for more experienced users help you.
Meanwhile I think you should give more details on your situation, for example:
Do you get any error message when you try to run gmer and malwarebytes?
What is Kaspersky detecting - It can be a false positive.
Have you tried running the applications in safemode or reinstalling them?

relevantknowledge program

i know, thanks for telling me the information i need. I will post more info.

Bobc11 · January 11, 2010

Do you get any error message when you try to run gmer and malwarebytes?

No. The screen on them turns white and after waiting about five minutes i click and it gives me the end now window.

What is Kaspersky detecting - It can be a false positive.

Trojan program Trojan-Downloader.Win32.Agent.cfp

and

Trojan.Win32.BHO.acvs

SpySentinel · January 11, 2010

Hi Bobc11,

@rasd, please do not post help in the HJT Log Forum. You are not authorized to do so.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Bobc11 · January 11, 2010

OTL logfile created on: 1/11/2010 3:54:08 PM - Run 2

OTL by OldTimer - Version 3.1.23.0 Folder = F:\Documents and Settings\Spencer\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): f:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files

Drive C: | 208.68 Gb Total Space | 141.41 Gb Free Space | 67.76% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 29.32 Gb Total Space | 29.20 Gb Free Space | 99.59% Space Free | Partition Type: NTFS

Drive F: | 48.80 Gb Total Space | 33.79 Gb Free Space | 69.23% Space Free | Partition Type: NTFS

Drive G: | 11.28 Gb Total Space | 1.60 Gb Free Space | 14.15% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

Drive I: | 24.76 Gb Total Space | 4.71 Gb Free Space | 19.03% Space Free | Partition Type: NTFS

Drive J: | 31.12 Gb Total Space | 31.04 Gb Free Space | 99.73% Space Free | Partition Type: NTFS

Computer Name: BOB-9FE64D5806E

Current User Name: Spencer

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/11 07:11:49 | 00,543,744 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Spencer\Desktop\OTL.exe

PRC - [2010/01/10 07:55:26 | 00,908,248 | ---- | M] (Mozilla Corporation) -- F:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/12/02 07:08:21 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009/12/02 07:08:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2009/10/28 17:19:44 | 00,300,656 | ---- | M] (Speedbit Ltd.) -- F:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe

PRC - [2009/10/28 17:19:44 | 00,140,920 | ---- | M] (Speedbit Ltd.) -- F:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

PRC - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

PRC - [2009/10/20 20:34:38 | 00,207,376 | ---- | M] (Kaspersky Lab) -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe

PRC - [2009/09/30 21:58:42 | 00,026,464 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2009/09/05 03:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- F:\Program Files\QuickTime\QTTask.exe

PRC - [2009/04/03 12:28:00 | 00,573,440 | ---- | M] (Audiovox Electronics Corp.) -- F:\Documents and Settings\Spencer\My Documents\RCA easyRip\EZDock.exe

PRC - [2009/03/28 00:10:56 | 00,014,336 | ---- | M] (LSI Corporation) -- F:\Program Files\LSI SoftModem\agrsmsvc.exe

PRC - [2009/02/19 15:10:54 | 00,238,968 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2009/02/19 15:09:53 | 03,220,856 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

PRC - [2009/02/19 15:08:48 | 00,308,600 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

PRC - [2009/02/03 12:32:14 | 18,085,888 | ---- | M] (Realtek Semiconductor Corp.) -- F:\WINDOWS\RTHDCPL.EXE

PRC - [2009/01/09 11:40:26 | 00,942,592 | ---- | M] (Audiovox Electronics Corp.) -- F:\Documents and Settings\Spencer\My Documents\RCA Detective\RCADetective.exe

PRC - [2008/09/18 01:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\system32\nvsvc32.exe

PRC - [2008/04/14 07:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe

PRC - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- F:\Program Files\Canon\CAL\CALMAIN.exe

========== Modules (SafeList) ==========

MOD - [2010/01/11 07:11:49 | 00,543,744 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Spencer\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/12/02 07:08:21 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- F:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009/10/28 17:19:44 | 00,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- F:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)

SRV - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)

SRV - [2009/10/07 05:31:18 | 00,035,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\aspnet_state.exe -- (aspnet_state)

SRV - [2009/10/07 02:44:58 | 00,752,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2009/10/07 02:44:58 | 00,129,856 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe -- (clr_optimization_v4.0.21006_32)

SRV - [2009/10/07 02:44:58 | 00,124,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2009/03/28 00:10:56 | 00,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- F:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2009/02/19 15:10:54 | 00,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2009/02/19 15:09:53 | 03,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)

SRV - [2008/09/18 01:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- F:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)

SRV - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- F:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 6B 00 1E 00 8E CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010/01/10 07:55:32 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010/01/10 07:55:32 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/01/09 18:05:41 | 00,000,000 | ---D | M]

[2010/01/08 17:39:17 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Spencer\Application Data\Mozilla\Extensions

[2010/01/10 18:48:09 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\akq5obba.default\extensions

[2010/01/10 18:48:09 | 00,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions

[2010/01/09 18:06:06 | 00,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: (371233 bytes) - F:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 12798 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe ARM] F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] F:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVP] F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [Easy Dock] F:\Documents and Settings\Spencer\My Documents\RCA easyRip\EZDock.exe (Audiovox Electronics Corp.)

O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] F:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] F:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QuickTime Task] F:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RTHDCPL] F:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sprint SmartView] F:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)

O4 - HKLM..\Run: [sunJavaUpdateSched] F:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe File not found

O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-link AirPlus G DWL-G120 Wireless USB.lnk = F:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe (D-Link)

O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = F:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O4 - Startup: F:\Documents and Settings\Spencer\Start Menu\Programs\Startup\RCA Detective.lnk = F:\Documents and Settings\Spencer\My Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Anti-Banner - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()

O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - F:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - F:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - F:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Symantec Script Runner Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1256692888000 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.191.50.10 206.222.97.82

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - F:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (F:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (F:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - F:\WINDOWS\system32\klogon.dll - F:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O20 - Winlogon\Notify\NavLogon: DllName - F:\WINDOWS\system32\NavLogon.dll - F:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O20 - Winlogon\Notify\RelevantKnowledge: DllName - F:\Program Files\RelevantKnowledge\rlls.dll - F:\Program Files\RelevantKnowledge\rlls.dll File not found

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - F:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2009/06/10 16:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/09/06 11:00:48 | 00,000,047 | -H-- | M] () - I:\Autorun.inf -- [ NTFS ]

O33 - MountPoints2\{09304a52-fa36-11de-a04c-0026186443c4}\Shell\AutoRun\command - "" = I:\Launch.exe -- [2005/05/03 22:25:00 | 00,126,976 | ---- | M] (InstallShield Software Corporation)

O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\AutoRun\command - "" = H:\rcaeasyrip_setup.exe -- File not found

O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\install\command - "" = H:\rcaeasyrip_setup.exe -- File not found

O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\usermanualEnglish\command - "" = H:\rcaeasyrip_setup.exe -- File not found

O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\usermanualFrench\command - "" = H:\rcaeasyrip_setup.exe -- File not found

O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\usermanualSpanish\command - "" = H:\rcaeasyrip_setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - F:\WINDOWS\system32\ias [2009/12/08 15:11:34 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (17736428226084864)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/11 07:11:49 | 00,543,744 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Spencer\Desktop\OTL.exe

[2010/01/10 17:47:06 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\My Documents\RCA Detective

[2010/01/10 17:46:47 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\My Documents\RCA easyRip

[2010/01/10 08:06:41 | 00,000,000 | -H-D | C] -- F:\WINDOWS\PIF

[2010/01/09 19:13:29 | 00,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/01/09 19:05:42 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\My Documents\Gateway 400SD4

[2010/01/09 19:03:50 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Local Settings\Application Data\Adobe

[2010/01/09 19:02:35 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Adobe

[2010/01/09 19:02:31 | 00,000,000 | ---D | C] -- F:\Program Files\Common Files\Adobe

[2010/01/09 19:02:31 | 00,000,000 | ---D | C] -- F:\Program Files\Adobe

[2010/01/09 18:05:21 | 00,000,000 | ---D | C] -- F:\Program Files\Kaspersky Lab

[2010/01/09 18:05:21 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Kaspersky Lab

[2010/01/09 18:05:06 | 00,315,408 | ---- | C] (Kaspersky Lab) -- F:\WINDOWS\System32\drivers\klif.sys

[2010/01/09 18:03:29 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

[2010/01/09 17:58:44 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Local Settings\Application Data\Temporary Projects

[2010/01/09 17:57:26 | 00,000,000 | ---D | C] -- F:\Program Files\Microsoft Help

[2010/01/09 17:42:47 | 00,000,000 | ---D | C] -- F:\Program Files\Microsoft SQL Server

[2010/01/09 17:42:39 | 00,000,000 | ---D | C] -- F:\Program Files\Microsoft Synchronization Services

[2010/01/09 17:42:39 | 00,000,000 | ---D | C] -- F:\Program Files\Microsoft SQL Server Compact Edition

[2010/01/09 17:42:09 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\My Documents\Visual Studio 2010

[2010/01/09 17:41:05 | 00,000,000 | ---D | C] -- F:\Program Files\Microsoft Visual Studio 10.0

[2010/01/09 17:41:05 | 00,000,000 | ---D | C] -- F:\Program Files\Microsoft SDKs

[2010/01/09 17:37:08 | 00,000,000 | ---D | C] -- F:\Program Files\Microsoft.NET

[2010/01/09 17:03:15 | 00,000,000 | ---D | C] -- F:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP

[2010/01/09 17:01:44 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Application Data\Malwarebytes

[2010/01/08 19:00:42 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Application Data\Windows Search

[2010/01/08 17:45:41 | 00,951,104 | ---- | C] (Teebo Software Solutions) -- F:\WINDOWS\System32\tssOfficeMenu1d.ocx

[2010/01/08 17:45:41 | 00,233,472 | ---- | C] (vbAccelerator) -- F:\WINDOWS\System32\vbalTbar6.ocx

[2010/01/08 17:45:41 | 00,231,139 | ---- | C] (Innovasys) -- F:\WINDOWS\System32\BtnPlus1.ocx

[2010/01/08 17:45:41 | 00,208,896 | ---- | C] ( ) -- F:\WINDOWS\System32\SoftGuard6.ocx

[2010/01/08 17:45:41 | 00,178,889 | ---- | C] (Innovasys) -- F:\WINDOWS\System32\FraPlus1.ocx

[2010/01/08 17:45:41 | 00,114,688 | ---- | C] (Lebans Holdings 1999 Ltd) -- F:\WINDOWS\System32\AnimatedGif.ocx

[2010/01/08 17:45:41 | 00,072,704 | ---- | C] (Teebo Software Solutions) -- F:\WINDOWS\System32\tssProgressBarXP.ocx

[2010/01/08 17:45:40 | 05,476,352 | ---- | C] (MapWindow Open Source Team - www.MapWindow.org) -- F:\WINDOWS\System32\MapWinGIS.ocx

[2010/01/08 17:45:40 | 01,093,632 | ---- | C] (FreeImage) -- F:\WINDOWS\System32\FreeImage.dll

[2010/01/08 17:45:40 | 00,344,064 | ---- | C] (Interactive Studios Inc.) -- F:\WINDOWS\System32\islicense30.dll

[2010/01/08 17:45:40 | 00,124,952 | ---- | C] (Perfection Bytes Inc.) -- F:\WINDOWS\System32\PBBalloon2.ocx

[2010/01/08 17:45:40 | 00,090,112 | ---- | C] (Storm Alert Inc) -- F:\WINDOWS\System32\EnhSliderXP.ocx

[2010/01/08 17:45:40 | 00,040,960 | ---- | C] (vbAccelerator) -- F:\WINDOWS\System32\SSubTmr6.dll

[2010/01/08 17:45:37 | 00,000,000 | ---D | C] -- F:\Program Files\StormLab

[2010/01/08 17:42:14 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\My Documents\Downloads

[2010/01/08 17:39:10 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Local Settings\Application Data\Mozilla

[2010/01/08 17:39:10 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Application Data\Mozilla

[2010/01/07 17:53:17 | 00,000,000 | -HSD | C] -- F:\Documents and Settings\Spencer\IECompatCache

[2010/01/06 18:16:42 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Local Settings\Application Data\WMTools Downloaded Files

[2010/01/06 07:10:50 | 00,000,000 | R--D | C] -- F:\Documents and Settings\Spencer\My Documents\My Videos

[2010/01/06 07:09:24 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\My Documents\Vidoes

[2010/01/05 16:30:36 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\My Documents\My Received Files

[2010/01/05 16:28:35 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Tracing

[2010/01/05 16:26:53 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Desktop\Normal

[2010/01/05 07:14:56 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Application Data\Sun

[2010/01/05 07:11:24 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Application Data\Macromedia

[2010/01/05 07:10:59 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Application Data\Adobe

[2010/01/05 07:10:49 | 00,000,000 | -HSD | C] -- F:\Documents and Settings\Spencer\PrivacIE

[2010/01/05 07:10:10 | 00,000,000 | R-SD | C] -- F:\Documents and Settings\Spencer\My Documents\My Stationery

[2010/01/05 07:10:00 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Local Settings\Application Data\Identities

[2010/01/05 07:09:58 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Application Data\Windows Desktop Search

[2010/01/05 07:09:55 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Local Settings\Application Data\Symantec

[2010/01/05 07:09:44 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Application Data\Identities

[2010/01/05 07:09:42 | 00,000,000 | R--D | C] -- F:\Documents and Settings\Spencer\My Documents\My Pictures

[2010/01/05 07:09:42 | 00,000,000 | R--D | C] -- F:\Documents and Settings\Spencer\My Documents\My Music

[2010/01/05 07:09:41 | 00,000,000 | -HSD | C] -- F:\Documents and Settings\Spencer\IETldCache

[2010/01/05 07:09:36 | 00,000,000 | --SD | C] -- F:\Documents and Settings\Spencer\Application Data\Microsoft

[2010/01/05 07:09:36 | 00,000,000 | RH-D | C] -- F:\Documents and Settings\Spencer\SendTo

[2010/01/05 07:09:36 | 00,000,000 | RH-D | C] -- F:\Documents and Settings\Spencer\Recent

[2010/01/05 07:09:36 | 00,000,000 | RH-D | C] -- F:\Documents and Settings\Spencer\Application Data

[2010/01/05 07:09:36 | 00,000,000 | R--D | C] -- F:\Documents and Settings\Spencer\Start Menu

[2010/01/05 07:09:36 | 00,000,000 | R--D | C] -- F:\Documents and Settings\Spencer\My Documents

[2010/01/05 07:09:36 | 00,000,000 | R--D | C] -- F:\Documents and Settings\Spencer\Favorites

[2010/01/05 07:09:36 | 00,000,000 | -HSD | C] -- F:\Documents and Settings\Spencer\Cookies

[2010/01/05 07:09:36 | 00,000,000 | -H-D | C] -- F:\Documents and Settings\Spencer\Templates

[2010/01/05 07:09:36 | 00,000,000 | -H-D | C] -- F:\Documents and Settings\Spencer\PrintHood

[2010/01/05 07:09:36 | 00,000,000 | -H-D | C] -- F:\Documents and Settings\Spencer\NetHood

[2010/01/05 07:09:36 | 00,000,000 | -H-D | C] -- F:\Documents and Settings\Spencer\Local Settings

[2010/01/05 07:09:36 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Local Settings\Application Data\Microsoft

[2010/01/05 07:09:36 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Spencer\Desktop

[2009/12/27 09:50:40 | 00,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/12/27 09:50:40 | 00,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Application Data\Adobe

[2009/11/19 20:52:07 | 00,000,000 | --SD | M] -- F:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/10/27 16:02:16 | 00,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/10/27 15:59:28 | 00,000,000 | --SD | M] -- F:\Documents and Settings\NetworkService\Application Data\Microsoft

[8 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

[1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/11 15:56:00 | 00,000,422 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{DA6F3B6B-5263-46A5-94BF-29E47624F09A}.job

[2010/01/11 15:53:11 | 00,000,426 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{6C7C8B0F-972F-4227-91FF-F201A448F5CC}.job

[2010/01/11 15:53:00 | 00,000,424 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{BE9A7F4B-3D82-46B6-9705-20AA498D5FBD}.job

[2010/01/11 15:52:00 | 00,000,438 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{7D9ACCDB-0551-4DD6-9731-D5FD9E85200B}.job

[2010/01/11 15:44:54 | 00,001,062 | ---- | M] () -- F:\Documents and Settings\Spencer\Desktop\Shortcut to HP Adjustment Pattern.exe.lnk

[2010/01/11 15:25:00 | 00,000,278 | -H-- | M] () -- F:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

[2010/01/11 15:02:00 | 00,000,240 | -H-- | M] () -- F:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010/01/11 07:11:49 | 00,543,744 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Spencer\Desktop\OTL.exe

[2010/01/10 18:54:48 | 03,145,728 | -H-- | M] () -- F:\Documents and Settings\Spencer\NTUSER.DAT

[2010/01/10 17:51:27 | 00,000,098 | ---- | M] () -- F:\WINDOWS\EasyRip.ini

[2010/01/10 17:47:06 | 00,000,734 | ---- | M] () -- F:\Documents and Settings\Spencer\Start Menu\Programs\Startup\RCA Detective.lnk

[2010/01/10 17:47:01 | 00,000,717 | ---- | M] () -- F:\Documents and Settings\Spencer\Desktop\RCA easyRip.lnk

[2010/01/10 17:46:38 | 00,001,125 | ---- | M] () -- F:\Documents and Settings\Spencer\Desktop\User_Manual_English_Pearl.pdf.lnk

[2010/01/10 08:21:42 | 00,012,620 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl

[2010/01/10 08:20:37 | 00,232,216 | ---- | M] () -- F:\WINDOWS\System32\NvApps.xml

[2010/01/10 08:20:23 | 00,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT

[2010/01/10 08:20:18 | 00,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat

[2010/01/10 08:06:01 | 00,000,000 | ---- | M] () -- F:\Documents and Settings\Spencer\defogger_reenable

[2010/01/09 18:13:58 | 00,315,408 | ---- | M] (Kaspersky Lab) -- F:\WINDOWS\System32\drivers\klif.sys

[2010/01/09 18:06:01 | 00,108,059 | ---- | M] () -- F:\WINDOWS\System32\drivers\klin.dat

[2010/01/09 18:06:01 | 00,095,259 | ---- | M] () -- F:\WINDOWS\System32\drivers\klick.dat

[2010/01/09 17:53:33 | 00,000,178 | -HS- | M] () -- F:\Documents and Settings\Spencer\ntuser.ini

[2010/01/09 17:44:29 | 00,000,165 | ---- | M] () -- F:\WINDOWS\System32\spupdsvc.inf

[2010/01/09 17:44:06 | 00,001,355 | ---- | M] () -- F:\WINDOWS\imsins.BAK

[2010/01/09 17:39:50 | 00,611,800 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI

[2010/01/09 17:39:50 | 00,524,872 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat

[2010/01/09 17:39:50 | 00,095,318 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat

[2010/01/09 17:04:23 | 00,027,048 | ---- | M] () -- F:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate

[2010/01/09 10:41:42 | 00,013,824 | ---- | M] () -- F:\Documents and Settings\Spencer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/08 17:45:58 | 05,367,616 | -H-- | M] () -- F:\Documents and Settings\Spencer\Local Settings\Application Data\IconCache.db

[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys

[2010/01/05 18:29:32 | 00,371,233 | R--- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts.msn

[2010/01/05 18:29:32 | 00,371,233 | R--- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts

[2010/01/05 07:10:21 | 00,023,720 | ---- | M] () -- F:\Documents and Settings\Spencer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[8 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

[1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/11 15:44:54 | 00,001,062 | ---- | C] () -- F:\Documents and Settings\Spencer\Desktop\Shortcut to HP Adjustment Pattern.exe.lnk

[2010/01/10 17:47:06 | 00,000,734 | ---- | C] () -- F:\Documents and Settings\Spencer\Start Menu\Programs\Startup\RCA Detective.lnk

[2010/01/10 17:47:01 | 00,000,717 | ---- | C] () -- F:\Documents and Settings\Spencer\Desktop\RCA easyRip.lnk

[2010/01/10 17:46:38 | 00,001,125 | ---- | C] () -- F:\Documents and Settings\Spencer\Desktop\User_Manual_English_Pearl.pdf.lnk

[2010/01/10 08:06:01 | 00,000,000 | ---- | C] () -- F:\Documents and Settings\Spencer\defogger_reenable

[2010/01/09 18:06:01 | 00,108,059 | ---- | C] () -- F:\WINDOWS\System32\drivers\klin.dat

[2010/01/09 18:06:01 | 00,095,259 | ---- | C] () -- F:\WINDOWS\System32\drivers\klick.dat

[2010/01/09 17:44:29 | 00,000,165 | ---- | C] () -- F:\WINDOWS\System32\spupdsvc.inf

[2010/01/09 17:03:15 | 00,027,048 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate

[2010/01/08 17:45:41 | 00,028,672 | ---- | C] () -- F:\WINDOWS\System32\MsgHoo32.ocx

[2010/01/08 17:45:40 | 00,102,400 | ---- | C] () -- F:\WINDOWS\System32\libbzip2.dll

[2010/01/08 17:45:40 | 00,057,344 | ---- | C] () -- F:\WINDOWS\System32\unlzw.dll

[2010/01/07 17:53:06 | 00,000,426 | -H-- | C] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{6C7C8B0F-972F-4227-91FF-F201A448F5CC}.job

[2010/01/06 07:10:20 | 00,013,824 | ---- | C] () -- F:\Documents and Settings\Spencer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/05 07:09:37 | 00,000,178 | -HS- | C] () -- F:\Documents and Settings\Spencer\ntuser.ini

[2010/01/05 07:09:36 | 03,145,728 | -H-- | C] () -- F:\Documents and Settings\Spencer\NTUSER.DAT

[2009/12/28 10:25:23 | 00,000,588 | ---- | C] () -- F:\WINDOWS\cdplayer.ini

[2009/12/27 16:24:44 | 00,000,098 | ---- | C] () -- F:\WINDOWS\EasyRip.ini

[2009/12/02 06:55:25 | 00,307,200 | ---- | C] () -- F:\WINDOWS\System32\AscSQLite.dll

[2009/11/05 06:59:01 | 00,000,410 | ---- | C] () -- F:\WINDOWS\BRWMARK.INI

[2009/10/31 12:35:16 | 00,000,000 | ---- | C] () -- F:\WINDOWS\vpc32.INI

[2009/10/27 16:22:59 | 00,000,244 | ---- | C] () -- F:\WINDOWS\ODBC.INI

[2008/10/15 14:58:34 | 00,024,840 | ---- | C] () -- F:\WINDOWS\System32\drivers\swmsflt.sys

[2008/08/02 01:48:00 | 01,724,416 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll

[2008/08/02 01:48:00 | 01,503,232 | ---- | C] () -- F:\WINDOWS\System32\nview.dll

[2008/08/02 01:48:00 | 01,101,824 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll

[2008/08/02 01:48:00 | 00,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll

[2008/08/02 01:48:00 | 00,286,720 | ---- | C] () -- F:\WINDOWS\System32\nvnt4cpl.dll

[2007/09/27 12:51:02 | 00,020,698 | ---- | C] () -- F:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 12:48:48 | 00,030,628 | ---- | C] () -- F:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 12:48:28 | 00,031,698 | ---- | C] () -- F:\WINDOWS\System32\gthrctr.ini

[2000/09/18 17:12:40 | 00,023,040 | ---- | C] () -- F:\WINDOWS\System32\CSSMS_IN.DLL

========== LOP Check ==========

[2009/12/28 10:42:58 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\4TN1yM8yOli8Ir5E

[2009/10/29 20:47:44 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\IM

[2009/10/29 20:46:31 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\IncrediMail

[2009/11/08 10:54:17 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\PhotoMail

[2009/11/21 10:29:50 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Prism

[2009/10/28 17:19:48 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Speedbit

[2009/11/21 10:21:41 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Sprint

[2009/12/23 08:09:56 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\StormPredator

[2009/12/25 17:29:33 | 00,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TEMP

[2010/01/05 07:09:58 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Spencer\Application Data\Windows Desktop Search

[2010/01/08 19:00:42 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Spencer\Application Data\Windows Search

[2010/01/11 15:53:11 | 00,000,426 | -H-- | M] () -- F:\WINDOWS\Tasks\User_Feed_Synchronization-{6C7C8B0F-972F-4227-91FF-F201A448F5CC}.job

[2010/01/11 15:52:00 | 00,000,438 | -H-- | M] () -- F:\WINDOWS\Tasks\User_Feed_Synchronization-{7D9ACCDB-0551-4DD6-9731-D5FD9E85200B}.job

[2010/01/11 15:53:00 | 00,000,424 | -H-- | M] () -- F:\WINDOWS\Tasks\User_Feed_Synchronization-{BE9A7F4B-3D82-46B6-9705-20AA498D5FBD}.job

[2010/01/11 15:56:00 | 00,000,422 | -H-- | M] () -- F:\WINDOWS\Tasks\User_Feed_Synchronization-{DA6F3B6B-5263-46A5-94BF-29E47624F09A}.job

[2010/01/11 15:02:00 | 00,000,240 | -H-- | M] () -- F:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010/01/11 15:25:00 | 00,000,278 | -H-- | M] () -- F:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/04/14 07:00:00 | 20,056,462 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008/04/14 03:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >

[2008/04/14 07:00:00 | 20,056,462 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/04/14 07:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/14 07:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\dllcache\eventlog.dll

[2008/04/14 07:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\eventlog.dll

< MD5 for: LOGEVENT.DLL >

[2008/04/14 08:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\logevent.dll

< MD5 for: NETLOGON.DLL >

[2008/04/14 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\dllcache\netlogon.dll

[2008/04/14 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\netlogon.dll

< MD5 for: NVGTS.SYS >

[2008/08/19 05:54:24 | 00,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- F:\WINDOWS\system32\drivers\nvgts.sys

< MD5 for: SCECLI.DLL >

[2008/04/14 07:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\dllcache\scecli.dll

[2008/04/14 07:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2008/04/14 07:00:00 | 01,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\WINDOWS\system32\msvbvm60.dll

[1 F:\WINDOWS\system32\*.tmp files -> F:\WINDOWS\system32\*.tmp -> ]

< End of report >

It produces no extras?

SpySentinel · January 14, 2010

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O33 - MountPoints2\{09304a52-fa36-11de-a04c-0026186443c4}\Shell\AutoRun\command - "" = I:\Launch.exe -- [2005/05/03 22:25:00 | 00,126,976 | ---- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\AutoRun\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\install\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\usermanualEnglish\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\usermanualFrench\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\Shell\usermanualSpanish\command - "" = H:\rcaeasyrip_setup.exe -- File not found

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
2. Click on to download the ESET Smart Installer. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the button.
13. Push
  
  You can refer to this animation by neomage if needed.

Bobc11 · January 14, 2010

C:\Program Files\HP Games\Farm Mania\Farm-WT.exe a variant of Win32/Kryptik.SH trojan cleaned by deleting - quarantined

C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan deleted - quarantined

C:\System Volume Information\_restore{CAF0AE69-5EEE-4258-8581-FAB27CFEED1B}\RP42\A0008004.exe a variant of Win32/Kryptik.SH trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{CAF0AE69-5EEE-4258-8581-FAB27CFEED1B}\RP42\A0008005.exe a variant of Win32/Kryptik.SH trojan deleted - quarantined

C:\Users\Bob\AppData\Local\IM\Identities\{3FB9A64A-8B9F-473A-B6F0-333558862F87}\Message Store\Attachments\New Compressed (zipped) Folder.zip probably unknown NewHeur_PE virus deleted - quarantined

C:\Users\Bob\AppData\Local\IM\Identities\{3FB9A64A-8B9F-473A-B6F0-333558862F87}\Message Store\Attachments\{5AF67C73-C7CC-482E-88B2-B26984C9254E}\New Compressed (zipped) Folder.zip probably unknown NewHeur_PE virus deleted - quarantined

C:\Users\Bob\AppData\Local\IM\Identities\{3FB9A64A-8B9F-473A-B6F0-333558862F87}\Message Store\Attachments\{D16C6124-E729-4D4C-86A2-08AAF29AF430}\New Compressed (zipped) Folder.zip probably unknown NewHeur_PE virus deleted - quarantined

C:\Users\Bob\AppData\Local\IM\Identities\{3FB9A64A-8B9F-473A-B6F0-333558862F87}\Message Store\Attachments\{EAF3EA7C-028E-4AD4-BC14-7794D36FF160}\New Compressed (zipped) Folder.zip probably unknown NewHeur_PE virus deleted - quarantined

C:\Users\Bob\AppData\Local\IM\Identities\{3FB9A64A-8B9F-473A-B6F0-333558862F87}\Message Store\Attachments\{ECEADEC5-865D-4075-81C0-0EA8F598F34C}\New Compressed (zipped) Folder.zip probably unknown NewHeur_PE virus deleted - quarantined

F:\Documents and Settings\Spencer\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (Do 2f1\Sent items\349C730A-00000150.eml probably unknown NewHeur_PE virus contained infected files

Malwarebytes' Anti-Malware 1.44

Database version: 3557

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/13/2010 8:47:43 PM

mbam-log-2010-01-13 (20-47-43).txt

Scan type: Quick Scan

Objects scanned: 120556

Time elapsed: 21 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\{F9197A7E-CE10-458e-85F8-5B0CE6DF2BBE} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

F:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Infected:

F:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

F:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09304a52-fa36-11de-a04c-0026186443c4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09304a52-fa36-11de-a04c-0026186443c4}\ not found.

I:\Launch.exe moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2100cd9-c381-11de-924d-0026186443c4}\ deleted successfully.