test bcuz there was an error in page

this is for another computer that i need help with.
malware anti bytes log

Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 7611

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

8/30/2011 11:58:41 PM
mbam-log-2011-08-30 (23-58-41).txt

Scan type: Quick scan
Objects scanned: 164366
Time elapsed: 12 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



gmer log

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-08-31 01:01:58
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250827AS rev.3.AAA
Running: sdrxh1y7.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8EC42D50]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8EC44F8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8EC45208]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8EC4547E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8EC43664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8EC44498]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8EC449E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8EC43940]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8EC448C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8EC4293E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8EC4479C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8EC42AE6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8EC44B02]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8EC432EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8EC433E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x8EC456C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8EC44832]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8EC461F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x8EC43DC2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8EC473FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8EC43BD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8EC462E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8EC46A4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8EC44A78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8EC436E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8EC44958]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8EC42F8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8EC467E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8EC44B98]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8EC42E7E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8EC45782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8EC46D84]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8EC46676]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x8EC415F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8EC44EFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8EC44DC2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8EC45F8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x8EC41970]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8EC472A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x8EC41590]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8EC441DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8EC43506]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8EC45824]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8EC46480]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8EC46ED4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8EC46FC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8EC47100]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8EC46114]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8EC43134]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8EC4308A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8EC46C28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8EC43220]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C7E349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB7D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82CBED8C 4 Bytes [50, 2D, C4, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82CBEDB4 8 Bytes [8E, 4F, C4, 8E, 08, 52, C4, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82CBEDF8 4 Bytes [7E, 54, C4, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82CBEE24 4 Bytes [64, 36, C4, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82CBEE48 4 Bytes [98, 44, C4, 8E]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtCreateFile + 6 776E55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtCreateFile + B 776E55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtMapViewOfSection + B 776E5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtOpenFile + 6 776E5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtOpenFile + B 776E5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtOpenProcess + 6 776E5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtOpenProcess + B 776E5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtOpenProcessToken + B 776E5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtOpenProcessTokenEx + 6 776E5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtOpenProcessTokenEx + B 776E5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtOpenThread + 6 776E5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtOpenThread + B 776E5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtOpenThreadToken + 6 776E5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtOpenThreadToken + B 776E5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtOpenThreadTokenEx + B 776E5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtQueryAttributesFile + 6 776E5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtQueryAttributesFile + B 776E5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtQueryFullAttributesFile + B 776E5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtSetInformationFile + 6 776E663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtSetInformationFile + B 776E6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtSetInformationThread + 6 776E669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtSetInformationThread + B 776E66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + B 776E69C3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtCreateFile + 6 776E55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtCreateFile + B 776E55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtMapViewOfSection + B 776E5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtOpenFile + 6 776E5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtOpenFile + B 776E5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtOpenProcess + 6 776E5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtOpenProcess + B 776E5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtOpenProcessToken + B 776E5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtOpenProcessTokenEx + 6 776E5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtOpenProcessTokenEx + B 776E5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtOpenThread + 6 776E5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtOpenThread + B 776E5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtOpenThreadToken + 6 776E5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtOpenThreadToken + B 776E5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtOpenThreadTokenEx + B 776E5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtQueryAttributesFile + 6 776E5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtQueryAttributesFile + B 776E5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtQueryFullAttributesFile + B 776E5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtSetInformationFile + 6 776E663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtSetInformationFile + B 776E6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtSetInformationThread + 6 776E669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtSetInformationThread + B 776E66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2328] ntdll.dll!NtUnmapViewOfSection + B 776E69C3 1 Byte [E2]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] kernel32.dll!LockResource 770302D9 5 Bytes JMP 280A77E0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] kernel32.dll!FindResourceExW 770343B2 5 Bytes JMP 280A7520 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] kernel32.dll!FindResourceW 770354CF 5 Bytes JMP 280A74A0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] kernel32.dll!SizeofResource 770354ED 5 Bytes JMP 280A7770 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] kernel32.dll!LoadResource 77039C72 5 Bytes JMP 280A76C0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] kernel32.dll!FindResourceExA 7703A3AD 7 Bytes JMP 280A7630 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] kernel32.dll!FindResourceA 7703A475 5 Bytes JMP 280A75A0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] kernel32.dll!CreateEventW 7703D7BC 5 Bytes JMP 280A7080 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] ADVAPI32.dll!CryptDecrypt 77873178 5 Bytes JMP 280A6840 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] ADVAPI32.dll!CryptDeriveKey 77873188 5 Bytes JMP 280A67E0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!SetWindowPlacement 77337F78 5 Bytes JMP 280AC6E0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!SetWindowRgn 773399EC 7 Bytes JMP 280AC780 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!CreateWindowExW 7733EC7C 5 Bytes JMP 280A8DC0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!LoadIconW 7733F142 5 Bytes JMP 280AD000 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!LoadImageW 773412EB 5 Bytes JMP 280ACE80 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!GetWindowLongW 773461B8 7 Bytes JMP 280AD130 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!PeekMessageW 7734634A 5 Bytes JMP 280A9AA0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!TrackPopupMenuEx 77364832 5 Bytes JMP 280AA1A0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!CreateDialogParamW 77365630 5 Bytes JMP 280AC830 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] USER32.dll!MessageBoxIndirectW 7738E963 5 Bytes JMP 280ACA60 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] SHELL32.dll!Shell_NotifyIconW 763C01C1 5 Bytes JMP 280A8400 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] ole32.dll!CoRegisterClassObject 771E21E1 5 Bytes JMP 280A7B40 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] ole32.dll!CoInitializeEx 772109AD 5 Bytes JMP 280A7A40 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] ole32.dll!CoCreateInstance 77219D0B 5 Bytes JMP 280A7DC0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] WININET.dll!InternetCloseHandle 760FAB39 5 Bytes JMP 280B0900 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] WININET.dll!InternetReadFile 760FB3F6 5 Bytes JMP 280B07C0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] WININET.dll!HttpOpenRequestA 76104C75 5 Bytes JMP 280B0660 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2648] WININET.dll!HttpSendRequestA 761719B0 5 Bytes JMP 280B0860 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtCreateFile + 6 776E55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtCreateFile + B 776E55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtMapViewOfSection + B 776E5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtOpenFile + 6 776E5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtOpenFile + B 776E5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtOpenProcess + 6 776E5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtOpenProcess + B 776E5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtOpenProcessToken + B 776E5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtOpenProcessTokenEx + 6 776E5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtOpenProcessTokenEx + B 776E5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtOpenThread + 6 776E5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtOpenThread + B 776E5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtOpenThreadToken + 6 776E5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtOpenThreadToken + B 776E5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtOpenThreadTokenEx + B 776E5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtQueryAttributesFile + 6 776E5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtQueryAttributesFile + B 776E5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtQueryFullAttributesFile + B 776E5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtSetInformationFile + 6 776E663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtSetInformationFile + B 776E6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtSetInformationThread + 6 776E669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtSetInformationThread + B 776E66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[2876] ntdll.dll!NtUnmapViewOfSection + B 776E69C3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtCreateFile + 6 776E55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtCreateFile + B 776E55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtMapViewOfSection + B 776E5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtOpenFile + 6 776E5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtOpenFile + B 776E5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtOpenProcess + 6 776E5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtOpenProcess + B 776E5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtOpenProcessToken + B 776E5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtOpenProcessTokenEx + 6 776E5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtOpenProcessTokenEx + B 776E5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtOpenThread + 6 776E5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtOpenThread + B 776E5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtOpenThreadToken + 6 776E5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtOpenThreadToken + B 776E5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtOpenThreadTokenEx + B 776E5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtQueryAttributesFile + 6 776E5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtQueryAttributesFile + B 776E5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtQueryFullAttributesFile + B 776E5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtSetInformationFile + 6 776E663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtSetInformationFile + B 776E6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtSetInformationThread + 6 776E669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtSetInformationThread + B 776E66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3188] ntdll.dll!NtUnmapViewOfSection + B 776E69C3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtCreateFile + 6 776E55CE 4 Bytes [28, 00, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtCreateFile + B 776E55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 4 Bytes [28, 03, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtMapViewOfSection + B 776E5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtOpenFile + 6 776E5CDE 4 Bytes [68, 00, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtOpenFile + B 776E5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtOpenProcess + 6 776E5D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtOpenProcess + B 776E5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtOpenProcessToken + B 776E5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtOpenProcessTokenEx + 6 776E5DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtOpenProcessTokenEx + B 776E5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtOpenThread + 6 776E5E0E 4 Bytes [68, 01, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtOpenThread + B 776E5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtOpenThreadToken + 6 776E5E1E 4 Bytes [68, 02, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtOpenThreadToken + B 776E5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtOpenThreadTokenEx + B 776E5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtQueryAttributesFile + 6 776E5F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtQueryAttributesFile + B 776E5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtQueryFullAttributesFile + B 776E5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtSetInformationFile + 6 776E663E 4 Bytes [28, 01, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtSetInformationFile + B 776E6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtSetInformationThread + 6 776E669E 4 Bytes [28, 02, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtSetInformationThread + B 776E66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 4 Bytes [68, 03, 17, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3492] ntdll.dll!NtUnmapViewOfSection + B 776E69C3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtCreateFile + 6 776E55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtCreateFile + B 776E55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + B 776E5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtOpenFile + 6 776E5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtOpenFile + B 776E5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtOpenProcess + 6 776E5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtOpenProcess + B 776E5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtOpenProcessToken + B 776E5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtOpenProcessTokenEx + 6 776E5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtOpenProcessTokenEx + B 776E5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtOpenThread + 6 776E5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtOpenThread + B 776E5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtOpenThreadToken + 6 776E5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtOpenThreadToken + B 776E5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtOpenThreadTokenEx + B 776E5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtQueryAttributesFile + 6 776E5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtQueryAttributesFile + B 776E5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtQueryFullAttributesFile + B 776E5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtSetInformationFile + 6 776E663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtSetInformationFile + B 776E6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtSetInformationThread + 6 776E669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtSetInformationThread + B 776E66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + B 776E69C3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtCreateFile + 6 776E55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtCreateFile + B 776E55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtMapViewOfSection + 6 776E5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtMapViewOfSection + B 776E5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtOpenFile + 6 776E5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtOpenFile + B 776E5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtOpenProcess + 6 776E5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtOpenProcess + B 776E5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtOpenProcessToken + B 776E5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtOpenProcessTokenEx + 6 776E5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtOpenProcessTokenEx + B 776E5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtOpenThread + 6 776E5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtOpenThread + B 776E5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtOpenThreadToken + 6 776E5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtOpenThreadToken + B 776E5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtOpenThreadTokenEx + B 776E5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtQueryAttributesFile + 6 776E5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtQueryAttributesFile + B 776E5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtQueryFullAttributesFile + B 776E5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtSetInformationFile + 6 776E663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtSetInformationFile + B 776E6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtSetInformationThread + 6 776E669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtSetInformationThread + B 776E66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtUnmapViewOfSection + 6 776E69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe[4636] ntdll.dll!NtUnmapViewOfSection + B 776E69C3 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[5880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7572FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5880] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7572FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5880] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7572FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5880] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7572FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5880] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7572FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5880] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7572FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\00234ee6bba0
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\00234ee6bba0@c87e75ce3505 0xD4 0x5B 0x26 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\00234ee6bba0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\00234ee6bba0@c87e75ce3505 0xD4 0x5B 0x26 0x71 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1

---- Files - GMER 1.0.15 ----

File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA56.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA57.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA58.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA68.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA69.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA6A.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA7B.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA7C.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA7D.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA8E.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA8F.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CA90.tmp 150798 bytes
File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CAA0.tmp 150798 bytes

---- EOF - GMER 1.0.15 ----



dds logs

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by User at 2:07:45 on 2011-08-31
Microsoft Windows 7 Professional 6.1.7601.1.936.86.1033.18.1978.805 [GMT 8:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
TB: {B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - No File
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Thunder] "c:\program files\thunder\Thunder.exe" /s
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: ¨º1¨®???¨¤¡Á???? - c:\program files\thunder network\thunder\program\geturl.htm
IE: ¨º1¨®???¨¤¡Á????¨¨?2?¨¢¡ä?¨® - c:\program files\thunder network\thunder\program\getallurl.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{27635490-DBD2-47F6-B73C-3279E109F85B} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{27635490-DBD2-47F6-B73C-3279E109F85B}\3686F677 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{27635490-DBD2-47F6-B73C-3279E109F85B}\8686C696D6D277966696 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{27635490-DBD2-47F6-B73C-3279E109F85B}\94943435 : DhcpNameServer = 172.16.8.200 172.16.8.206
TCP: Interfaces\{27635490-DBD2-47F6-B73C-3279E109F85B}\E474026416D696C697 : DhcpNameServer = 192.168.1.2
TCP: Interfaces\{3B830DD2-5B0F-4B5C-AAFC-15005D678324} : NameServer = 192.168.1.1,192.168.1.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\prof iles\oiaxax5i.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.6 5\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-4-29 54784]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-9-9 99216]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VS TAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VS TDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\driver s\VSTCNXT3.SYS [2009-7-14 661504]
R4 NitroReaderDriverReadSpool;NitroPDFReaderDriverCre atorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-14 196912]
R4 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-8-30 2358656]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-7-1 352976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssflt r.sys [2011-3-9 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [2011-8-30 41272]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUs bFlt.sys [2011-6-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-6 1343400]
S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-08-30 16:24:55 -------- d-----w- c:\windows\pss
2011-08-30 15:45:03 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2011-08-30 15:44:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-30 15:44:49 -------- d-----w- c:\programdata\Malwarebytes
2011-08-30 15:44:46 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 15:44:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-30 15:29:33 -------- d-----w- c:\program files\TeamViewer
2011-08-30 08:34:14 -------- d-----w- c:\users\user\appdata\local\{05B44EE4-3F4A-4668-8D83-DCF0637F66CB}
2011-08-30 08:34:00 -------- d-----w- c:\users\user\appdata\local\{59E27EDE-91D8-4AFA-928C-853CE0BAA58A}
2011-08-30 03:35:46 -------- d-----w- c:\users\user\appdata\local\{8643F747-2FB4-4E41-B0AD-8A26F039A307}
2011-08-30 03:35:30 -------- d-----w- c:\users\user\appdata\local\{E68DAC86-C814-4370-8196-91B9B04DE6F2}
2011-08-29 10:07:35 -------- d-----w- c:\users\user\appdata\local\{BE6710C4-179F-4920-AECE-854E2B0AD282}
2011-08-29 10:07:21 -------- d-----w- c:\users\user\appdata\local\{C54D7CB7-F755-4A5E-BA17-B82B7C9526FA}
2011-08-29 08:42:16 -------- d-----w- c:\users\user\appdata\local\{FADE9AE2-4CE3-48C5-A4FF-4AEEA2B6524B}
2011-08-29 08:42:03 -------- d-----w- c:\users\user\appdata\local\{0EE78424-B268-46CF-9C66-A45D64D83B03}
2011-08-29 03:57:05 -------- d-----w- c:\users\user\appdata\local\{584AEBFD-04F6-4D6A-9567-61DE6E41961E}
2011-08-29 0350 -------- d-----w- c:\users\user\appdata\local\{2BFA32C4-2BA0-42ED-9D41-346EF38ED47E}
2011-08-28 17:09:30 -------- d-----w- c:\users\user\appdata\local\{C65EB3E3-9D8A-4530-8ECA-EE04B796840C}
2011-08-28 17:09:13 -------- d-----w- c:\users\user\appdata\local\{28F09449-2788-4611-8EA7-FB7EA27FA887}
2011-08-28 05:50:18 -------- d-----w- c:\users\user\appdata\local\{7777A3C2-5D85-43B1-802A-8D649D6A4D39}
2011-08-28 05:50:00 -------- d-----w- c:\users\user\appdata\local\{0F9D7B4C-6B44-4432-8543-BECC8BB50D54}
2011-08-27 16:31:26 -------- d-----w- c:\users\user\appdata\local\{4BAD084B-B921-4CCD-8D2E-EFE016951349}
2011-08-27 16:31:09 -------- d-----w- c:\users\user\appdata\local\{85867886-D407-4EFD-BD21-44F4AD0F9999}
2011-08-27 03:19:33 -------- d-----w- c:\users\user\appdata\local\{1157DD02-BABC-4C6A-810D-9386665BC685}
2011-08-27 03:19:16 -------- d-----w- c:\users\user\appdata\local\{FB1576DA-1F3E-438F-BC56-142B5BC9F00A}
2011-08-26 08:37:59 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f6e3717b-d502-4912-ba63-7a197f01625d}\mpengine.dll
2011-08-26 08:33:46 -------- d-----w- c:\users\user\appdata\local\{25A4C872-6652-4256-93FD-F3B6055D2BA9}
2011-08-26 08:33:32 -------- d-----w- c:\users\user\appdata\local\{41C8C494-17F6-4138-91FB-C4496824470F}
2011-08-25 13:58:40 -------- d-----w- c:\users\user\appdata\local\{5C16F70D-BF6B-4A57-A571-0339CF4723B3}
2011-08-25 13:58:25 -------- d-----w- c:\users\user\appdata\local\{8304B35B-DC7C-47CF-8631-4E29DEA6DE38}
2011-08-25 09:07:17 -------- d-----w- c:\users\user\appdata\local\{ED85A39A-5CC7-4E73-B2C3-379B54607EF8}
2011-08-25 09:07:03 -------- d-----w- c:\users\user\appdata\local\{D498E31D-E194-4743-9C82-1612EC763657}
2011-08-25 02:22:44 -------- d-----w- c:\users\user\appdata\local\{3667A78C-A062-4B64-B85B-944BEA03184F}
2011-08-25 02:22:30 -------- d-----w- c:\users\user\appdata\local\{8F796F45-3DB4-4DF0-A456-14DD80C04650}
2011-08-24 15:03:55 -------- d-----w- c:\users\user\appdata\local\{8728F98F-A90F-46BB-A58F-4FDE5A12E515}
2011-08-24 15:03:40 -------- d-----w- c:\users\user\appdata\local\{C1270F18-4989-48F0-8156-255A889B4932}
2011-08-24 07:55:13 -------- d-----w- c:\users\user\appdata\local\{E30D8CDE-36B0-4355-A61C-9722A68EA712}
2011-08-24 07:54:57 -------- d-----w- c:\users\user\appdata\local\{E6A08D19-0787-40DD-AB4E-12E81155EB20}
2011-08-24 07:46:48 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 04:16:05 -------- d-----w- c:\users\user\appdata\local\{E2FD273E-9794-4AC6-9788-110B386FA6A0}
2011-08-24 04:15:34 -------- d-----w- c:\users\user\appdata\local\{BBE05F91-A5AE-409A-87C8-F60879B76F69}
2011-08-23 13:59:02 -------- d-----w- c:\users\user\appdata\local\{83744ED9-780C-4ADD-8306-BCBCD1D4AF00}
2011-08-23 13:58:36 -------- d-----w- c:\users\user\appdata\local\{B42993E1-3CC5-423B-8B3E-E54F2AAC37CE}
2011-08-23 11:07:04 -------- d-----w- c:\users\user\appdata\local\{17F1A1E0-4D23-4034-B98C-6BE2546DBD5D}
2011-08-23 11:06:46 -------- d-----w- c:\users\user\appdata\local\{ACAC7796-56E3-402D-9DAA-0B2C36E7A04F}
2011-08-23 10:49:40 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-08-23 10:49:40 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-08-23 10:49:36 -------- d-----w- c:\users\user\appdata\local\{A3ADC3F9-9A25-4F24-9079-86D47D378387}
2011-08-23 10:49:22 -------- d-----w- c:\users\user\appdata\local\{DFC12AC8-B037-4342-9B97-023842C5C487}
2011-08-23 09:20:20 -------- d-----w- c:\users\user\appdata\local\{5D37F8C8-1371-407D-A2DC-42B38F08085A}
2011-08-23 09:20:06 -------- d-----w- c:\users\user\appdata\local\{3E5B502D-8318-40B8-BBAC-8DD97B481601}
2011-08-22 13:58:08 -------- d-----w- c:\users\user\appdata\local\{E30E031A-8100-4280-87FB-2D07BD56CD77}
2011-08-22 13:57:54 -------- d-----w- c:\users\user\appdata\local\{5AFA891D-C3C1-4121-BFE2-02DCBBAECC94}
2011-08-22 09:01:45 -------- d-----w- c:\users\user\appdata\local\{9EFF3963-941D-4F2E-9672-3B1C0744CAC1}
2011-08-22 09:01:29 -------- d-----w- c:\users\user\appdata\local\{5D3DDD0F-7C9C-493A-9499-47A223AF32A7}
2011-08-21 12:38:24 -------- d-----w- c:\users\user\appdata\local\{39124D38-00CD-4E99-90AC-16AE19E08BD1}
2011-08-21 12:37:43 -------- d-----w- c:\users\user\appdata\local\{61F894D2-5CA4-40DD-B351-3A6D68BC2EC8}
2011-08-21 05:17:49 -------- d-----w- c:\users\user\appdata\local\{B269769C-576F-4CFC-B1A8-8FDAE484DBCF}
2011-08-21 05:17:33 -------- d-----w- c:\users\user\appdata\local\{EF42019D-76C8-403D-9C34-493CC6B5FE02}
2011-08-20 05:25:54 -------- d-----w- c:\users\user\appdata\local\{70D6C72C-CF93-44C0-974B-01C2943AEEA2}
2011-08-20 05:25:38 -------- d-----w- c:\users\user\appdata\local\{56CA64AC-0658-4B31-AA7C-E95EAA8CEF8E}
2011-08-19 13:16:58 -------- d-----w- c:\users\user\appdata\local\{F66C4A50-B75A-4356-889A-DDEFF0A1F1F6}
2011-08-19 13:16:35 -------- d-----w- c:\users\user\appdata\local\{68262DCF-9F79-40FB-A622-6E2F79632CA5}
2011-08-19 08:44:44 -------- d-----w- c:\users\user\appdata\local\{B94C80D6-BE22-412E-B7DF-607605C6E85F}
2011-08-19 08:44:09 -------- d-----w- c:\users\user\appdata\local\{B6147FDB-10C9-493E-9A97-7C8274FE2014}
2011-08-18 10:25:49 -------- d-----w- c:\users\user\appdata\local\{91C751FE-7A25-433F-8093-2E76DB20516A}
2011-08-18 10:25:19 -------- d-----w- c:\users\user\appdata\local\{2AAFFA02-A08B-43AF-B69A-1FC7DF79BE3B}
2011-08-17 16:31:03 -------- d-----w- c:\users\user\appdata\local\{C6096C74-ED54-4B08-B59D-5A4E8EA0277F}
2011-08-17 16:30:46 -------- d-----w- c:\users\user\appdata\local\{FF319F28-766D-44CB-829F-F2A63AC01B4E}
2011-08-17 04:38:52 -------- d-----w- c:\users\user\appdata\local\{19FA7AE3-E620-4CF4-8DBF-937CC482E489}
2011-08-17 04:38:38 -------- d-----w- c:\users\user\appdata\local\{61E86EF4-3A49-4135-86DB-786A0F5FABCA}
2011-08-16 14:28:00 -------- d-----w- c:\users\user\appdata\local\{3D3904C5-A28A-4536-B727-3212E59CD34C}
2011-08-16 14:27:45 -------- d-----w- c:\users\user\appdata\local\{136B01A6-B381-4408-93DC-24FB624A89FF}
2011-08-15 15:03:44 -------- d-----w- c:\users\user\appdata\local\{5F9F0906-8D64-4A93-85BE-033DD0E8AFFB}
2011-08-15 15:03:18 -------- d-----w- c:\users\user\appdata\local\{F02C5128-D15B-4C8A-9C83-81B81546CEC7}
2011-08-15 09:06:54 -------- d-----w- c:\users\user\appdata\local\{4E987FCF-D513-4251-80D3-E8AABBFFA30D}
2011-08-15 09:06:37 -------- d-----w- c:\users\user\appdata\local\{B96F3BE4-D8B1-4642-B9A0-A95339D65583}
2011-08-14 11:02:40 -------- d-----w- c:\users\user\appdata\local\{71DA9D3F-FA65-481C-BD91-11D4AE42BBD8}
2011-08-14 11:02:26 -------- d-----w- c:\users\user\appdata\local\{8FD8F060-EC0C-4155-9036-6CDE67F9F0A5}
2011-08-14 03:43:43 -------- d-----w- c:\users\user\appdata\local\{86AF3C00-BB45-49CE-8CED-5F11D7F4F362}
2011-08-14 03:43:25 -------- d-----w- c:\users\user\appdata\local\{0ED092AA-312B-4061-922D-E8D626559D5D}
2011-08-13 17:25:50 -------- d-----w- c:\users\user\appdata\local\{EDCB5AAE-BFC5-4C62-ACD3-0D3EB20EC450}
2011-08-13 17:25:33 -------- d-----w- c:\users\user\appdata\local\{2AE99219-8482-417B-8C50-9A98983A6951}
2011-08-13 14:29:50 -------- d-----w- c:\users\user\appdata\local\{33581722-2582-457D-A99E-27A65DC4D1C9}
2011-08-13 14:29:35 -------- d-----w- c:\users\user\appdata\local\{7AB52121-390D-473A-B5E8-21B8E4B7959E}
2011-08-13 05:50:39 -------- d-----w- c:\users\user\appdata\local\{F9511DDA-E997-4528-A5F8-45F2759AEB97}
2011-08-13 05:50:20 -------- d-----w- c:\users\user\appdata\local\{29FEFEB4-ED66-4DA6-83CF-2C961A993F35}
2011-08-12 14:59:54 -------- d-----w- c:\users\user\appdata\roaming\PhotoScape
2011-08-12 14:58:26 -------- d-----w- c:\program files\PhotoScape
2011-08-12 07:03:03 -------- d-----w- c:\users\user\appdata\local\{DE766688-D7D9-443C-9227-848B71D50E77}
2011-08-12 07:02:39 -------- d-----w- c:\users\user\appdata\local\{B941E2C0-774F-4F76-8E2C-0C1ED5EAD272}
2011-08-12 06:55:25 -------- d-----w- c:\users\user\appdata\local\{2751C6EC-7676-4367-BFE8-CEF5AA759111}
2011-08-12 06:55:09 -------- d-----w- c:\users\user\appdata\local\{D8969089-0F7D-421D-ACDB-FAA3C3F0619D}
2011-08-12 06:44:02 -------- d-----w- c:\users\user\appdata\local\{EDDC9570-D11D-4838-831C-F06DD02E323C}
2011-08-12 06:24:59 -------- d-----w- c:\users\user\appdata\local\{3CEB214B-6117-4D86-8B37-3D2EA1E438D7}
2011-08-12 06:24:41 -------- d-----w- c:\users\user\appdata\local\{F0F77677-A6D4-4828-BB68-9556C18FC9F3}
2011-08-11 03:50:09 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 03:50:07 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 03:50:06 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 02:05:11 -------- d-----w- c:\users\user\appdata\local\{58269196-4CE8-45CB-890C-A2775FA8A8E8}
2011-08-11 02:04:56 -------- d-----w- c:\users\user\appdata\local\{5329D92F-9B05-4003-9E3C-AC7B4D4A59FB}
2011-08-10 08:25:01 -------- d-----w- c:\users\user\appdata\local\{31123807-26E7-4DF2-B186-0D5824743443}
2011-08-10 08:24:15 -------- d-----w- c:\users\user\appdata\local\{82C5EEEB-E467-4A23-B06A-38EBD942E58E}
2011-08-09 02:28:07 -------- d-----w- c:\users\user\appdata\local\{3F4AE51D-4437-44A4-B398-7DB93E1AC7D5}
2011-08-09 02:27:52 -------- d-----w- c:\users\user\appdata\local\{9F4351D6-FA78-4EB4-802D-62B8E75BDAFD}
2011-08-08 06:01:59 -------- d-----w- c:\users\user\appdata\local\{1EA99FCD-D1AB-492C-93EA-0C12006B8150}
2011-08-08 06:01:45 -------- d-----w- c:\users\user\appdata\local\{920D6F5E-72FA-449E-89DC-B8547B11C087}
2011-08-07 07:22:34 -------- d-----w- c:\users\user\appdata\local\{034378E3-EE46-435E-A4F7-8DD4088EB815}
2011-08-07 0752 -------- d-----w- c:\users\user\appdata\local\{19C5101B-1D66-4F30-A37B-F2A75CC646DC}
2011-08-06 1839 -------- d-----w- c:\users\user\appdata\local\{8B0B88A0-5EDD-4949-9D81-A2DC9F244969}
2011-08-06 1825 -------- d-----w- c:\users\user\appdata\local\{57DA1AE3-6789-4B47-864A-DDA3908E4E8F}
2011-08-06 06:37:44 -------- d-----w- c:\users\user\appdata\local\{A90E1984-2F24-4437-8692-879738884BD2}
2011-08-06 06:37:28 -------- d-----w- c:\users\user\appdata\local\{6D5E42D8-BFC9-4E89-91BB-F2F1941FB88B}
2011-08-05 07:16:18 -------- d-----w- c:\users\user\appdata\local\{9D112371-F62E-46FD-8B4A-B47CFB87CDDA}
2011-08-04 17:23:26 -------- d-----w- c:\users\user\appdata\local\{FEC74CC3-75D0-4071-A52E-D3A2B55AAC10}
2011-08-04 05:22:58 -------- d-----w- c:\users\user\appdata\local\{604A4A36-C7B0-4314-AEA1-A7A5E7709A12}
2011-08-03 06:04:48 -------- d-----w- c:\users\user\appdata\local\{D8F9D211-BF02-411F-B996-59EBF1AFE3CD}
2011-08-02 16:25:39 -------- d-----w- c:\users\user\appdata\local\{BC46B0BB-D68C-4546-898F-101A6E263D5A}
2011-08-02 04:25:26 -------- d-----w- c:\users\user\appdata\local\{6270DA00-7556-4EB1-AEEA-8E8093A12214}
2011-08-01 16:24:49 -------- d-----w- c:\users\user\appdata\local\{C58A1FA6-58E3-47F5-A5EF-4444FD485832}
2011-08-01 04:24:14 -------- d-----w- c:\users\user\appdata\local\{1F9C14F7-4985-40E9-BE94-C8B3685A6BD7}
.
==================== Find3M ====================
.
2011-08-13 05:50:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-07 14:52:12 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-21 05:34:23 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-21 05:28:33 981504 ----a-w- c:\windows\system32\wininet.dll
2011-06-15 08:55:19 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 2:08:13.26 ===============


attached logs

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/2/2011 7:38:03 PM
System Uptime: 8/30/2011 4:32:39 PM (9 hours ago)
.
Motherboard: Acer | | Aspire 4935
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz | uPGA-478 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 15.628 GiB free.
D: is FIXED (NTFS) - 184 GiB total, 75.624 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP165: 8/30/2011 5:54:56 PM - Scheduled Checkpoint
RP166: 8/31/2011 12:37:08 AM - Removed Adobe Community Help
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acer Crystal Eye Webcam
Adobe AIR
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 10 Plugin
Adobe Media Player
ALPS Touch Pad Driver
D3DX10
EasyBits GO
EdenEternal
Google Chrome
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 26
JMicron JMB38X Flash Media Controller
Junk Mail filter update
Kaspersky Anti-Virus 2011
Malwarebytes' Anti-Malware version 1.51.1.1800
Mesh Runtime
Messenger Companion
Messenger Plus! 5
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
Nitro PDF Reader
PDF Settings CS5
PhotoScape
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2553010)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype? 5.3
SPlayer
Synaptics Pointing Device Driver
TeamViewer 6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
Winamp
Winamp Detector Plug-in
Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
8/30/2011 12:27:41 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
8/28/2011 12:41:01 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
8/28/2011 12:39:29 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
8/24/2011 12:14:46 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{27635490-DBD2-47F6-B73C-3279E109F85B} because another computer on the network has the same name. The server could not start.
8/24/2011 12:14:46 PM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 192.168.0.102. The computer with the IP address 192.168.0.104 did not allow the name to be claimed by this computer.
8/24/2011 1:06:54 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 192.168.0.102. The computer with the IP address 192.168.0.104 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================



asw log file

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-08-31 01:23:48
-----------------------------
01:23:48.985 OS Version: Windows 6.1.7601 Service Pack 1
01:23:48.985 Number of processors: 2 586 0x170A
01:23:48.987 ComputerName: USER-PC UserName: User
01:23:51.177 Initialize success
01:28:33.500 AVAST engine defs: 11083001
01:29:13.803 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:29:13.807 Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 11
01:29:15.900 Disk 0 MBR read successfully
01:29:15.903 Disk 0 MBR scan
01:29:15.909 Disk 0 Windows 7 default MBR code
01:29:15.978 Disk 0 scanning sectors +488376000
01:29:16.243 Disk 0 scanning C:\Windows\system32\drivers
01:31:02.867 Service scanning
01:31:03.705 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
01:31:03.710 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
01:31:03.716 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
01:31:03.722 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
01:31:04.431 Modules scanning
01:33:34.838 Disk 0 trace - called modules:
01:33:34.911
01:33:35.497 AVAST engine scan C:\Windows
01:34:01.407 AVAST engine scan C:\Windows\system32
01:37:46.669 AVAST engine scan C:\Windows\system32\drivers
01:38:04.747 AVAST engine scan C:\Users\User
01:46:21.540 AVAST engine scan C:\ProgramData
01:51:59.709 Scan finished successfully
01:53:28.051 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
01:53:28.058 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

.

What about my question from your other topic about Bleepingcomputer?

cuz i tried posting it here and it didnt work.. its having error. so i tried to post it there and eventually i didnt get help there. could u delete the post over there and help me over here. as u saw my reply on the dal post, this is post is for my 2nd laptop. the other dal post is my 1st laptop. dnt get confused here

I can't delete your topic there, but you must post a note, that you don't need any help with that machine.
Once I see your note we'll continue.

done. check n see

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

ComboFix 11-09-01.03 - User 2/2011 Fri 14:36:09.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.936.86.1033.18.1978.1279 [GMT 8:00]
执行位置: c:\users\User\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
c:\windows\system32\mfc100deu.dll
.
.
((((((((((((((((((((((((( 2011-08-02 至 2011-09-02 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-09-02 06:44 . 2011-09-02 06:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-02 06:27 . 2011-09-02 06:27 -------- d-----w- c:\users\User\AppData\Roaming\TeamViewer
2011-08-31 03:09 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40B4A8E3-31E5-4805-9C26-89092C160A2C}\mpengine.dll
2011-08-30 15:45 . 2011-08-30 15:45 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2011-08-30 15:44 . 2011-07-06 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-30 15:44 . 2011-08-30 15:44 -------- d-----w- c:\programdata\Malwarebytes
2011-08-30 15:44 . 2011-07-06 11:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 15:44 . 2011-08-30 15:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-30 15:29 . 2011-08-30 15:29 -------- d-----w- c:\program files\TeamViewer
2011-08-24 07:46 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 10:49 . 2011-08-23 10:49 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-23 10:49 . 2011-08-23 10:49 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-12 14:59 . 2011-08-17 05:08 -------- d-----w- c:\users\User\AppData\Roaming\PhotoScape
2011-08-12 14:58 . 2011-08-12 14:58 -------- d-----w- c:\program files\PhotoScape
2011-08-11 03:50 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 03:50 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 03:50 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-08-13 05:50 . 2011-06-03 14:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 14:52 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-11 02:29 . 2011-07-13 12:33 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-10 17:58 . 2011-06-10 17:58 81744 ----a-w- c:\windows\system32\mfcm100u.dll
2011-06-10 17:58 . 2011-06-10 17:58 81744 ----a-w- c:\windows\system32\mfcm100.dll
2011-06-10 17:58 . 2011-06-10 17:58 773968 ----a-w- c:\windows\system32\msvcr100.dll
2011-06-10 17:58 . 2011-06-10 17:58 64336 ----a-w- c:\windows\system32\mfc100fra.dll
2011-06-10 17:58 . 2011-06-10 17:58 63824 ----a-w- c:\windows\system32\mfc100esn.dll
2011-06-10 17:58 . 2011-06-10 17:58 62288 ----a-w- c:\windows\system32\mfc100ita.dll
2011-06-10 17:58 . 2011-06-10 17:58 60752 ----a-w- c:\windows\system32\mfc100rus.dll
2011-06-10 17:58 . 2011-06-10 17:58 55120 ----a-w- c:\windows\system32\mfc100enu.dll
2011-06-10 17:58 . 2011-06-10 17:58 51024 ----a-w- c:\windows\system32\vcomp100.dll
2011-06-10 17:58 . 2011-06-10 17:58 4422992 ----a-w- c:\windows\system32\mfc100u.dll
2011-06-10 17:58 . 2011-06-10 17:58 4397384 ----a-w- c:\windows\system32\mfc100.dll
2011-06-10 17:58 . 2011-06-10 17:58 43856 ----a-w- c:\windows\system32\mfc100jpn.dll
2011-06-10 17:58 . 2011-06-10 17:58 43344 ----a-w- c:\windows\system32\mfc100kor.dll
2011-06-10 17:58 . 2011-06-10 17:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2011-06-10 17:58 . 2011-06-10 17:58 36176 ----a-w- c:\windows\system32\mfc100cht.dll
2011-06-10 17:58 . 2011-06-10 17:58 36176 ----a-w- c:\windows\system32\mfc100chs.dll
2011-06-10 17:58 . 2011-06-10 17:58 138056 ----a-w- c:\windows\system32\atl100.dll
2011-08-23 10:49 . 2011-06-03 14:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyN ot.exe" [2009-07-14 354304]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-09 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2010-08-25 170520]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2011-03-08 352976]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-11 221184]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkb d3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming ^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 19:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.e xe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 14:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-03-02 11:45 136176 ----atw- c:\users\User\AppData\Local\Google\Update\GoogleUp date.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 03:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-09 18:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 04:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 05:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-06-18 12:11 1537320 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [2011-07-06 41272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-06 1343400]
R4 NitroReaderDriverReadSpool;NitroPDFReaderDriverCre atorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-01-14 196912]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-03-02 99216]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VS TAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VS TDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVER S\VSTCNXT3.SYS [2009-07-13 661504]
.
.
‘计划任务’ 文件夹 里的内容
.
2011-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903257526-3415451066-1340172733-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUp date.exe [2011-03-02 11:45]
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903257526-3415451066-1340172733-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUp date.exe [2011-03-02 11:45]
.
.
------- 而外的扫描 -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: ê1ó???à×???? - c:\program files\Thunder Network\Thunder\Program\geturl.htm
IE: ê1ó???à×????è?2?á′?ó - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3B830DD2-5B0F-4B5C-AAFC-15005D678324}: NameServer = 192.168.1.1,192.168.1.2
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\oiaxax5i.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - (no file)
HKLM-Run-Thunder - c:\program files\Thunder\Thunder.exe
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2011-09-02 14:49:23
ComboFix-quarantined-files.txt 2011-09-02 06:49
.
Pre-Run: 16,074,338,304 bytes free
Post-Run: 17,264,082,944 bytes free
.
- - End Of File - - 28B79A25E0C3AA992B96C3EC79A56C89

Not much there...

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.