I've been infected by a RAT... I keep disconnecting, Lagging etc

View previous topic View next topic Go down

I've been infected by a RAT... I keep disconnecting, Lagging etc

Post by Marley15 on Sat Aug 21, 2010 10:28 pm

Sup guys,

around 1 month ago I downloaded an .exe file (I don't know anymore which file it was) but anyway, when I opened it the fellowing screen popped up:



Days went on, and I really was in panic because I thought the RAT would kinda destroy my PC and change all my passwords. From the moment I saw the "HACKER" screen popping up, I definitely knew it was a harmful RAT which could control my PC and change my passwords and such.

Things went normal for a couple of days... But after a week or so I actually wanted to hit the emergency button! My computer went crazy lol! Starting up my PC actually took around 3 minutes... before the start up took like a couple of seconds... Loading games also takes an awful amount of minutes... I guess around 5 minutes, before it actually took a couple of seconds...

The second problem (in my opinion the worst one) is that everything keeps disconnecting... everything! Msn, Skype or any online game you could imagine. It basically just keeps disconnecting. I can't even use MSN, SKYPE or play a game for more then 5 minutes... why not? because it keeps disconnecting...

Also my pc is being really really slow... I truefully hope someone can help me, because problems are getting more worse every single day... I hope one day my pc will be as former times... when I could play any game without starting it up very slow, without disconnecting, without lagg... when I could use Msn or Skype without disconnecting...

Thanks for reading guys,

Marley.



Marley15
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2010-08-20
OS OS : Windows 7
Points Points : 23492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

Post by Sneakyone on Sat Aug 21, 2010 11:03 pm

Hi.

Luckily you came to the right place, yes you are correct you are infected with at RAT.

Here are some things a RAT can do:

See your webcam.
Keylog
Delete files
Edit the Registry
See your desktop
And tons more, but the only way they can do this is if you are connected to the internet.

(If you don't want them to see you, I recommend putting tape over your webcam.)

Please download [You must be registered and logged in to see this link.] to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

Post by Marley15 on Sun Aug 22, 2010 12:11 am

Yo sneakyone,

really thanx for helping me. Because it's like my computer is just broken, lol. Loading games takes around 5 minutes as u already saw, before it took around 10 seconds...

Btw my pc is also being very laggy... On warrock (shooter game) I spawn after 1/2 minutes, while you usually have to spawn after 5 seconds, lol... I really hope you can help me out, thanks!

Here's the OTL log (gonna be in partz cuz its 2 big):


OTL logfile created on: 8/22/2010 12:34:15 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\ItsMarley\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.00 Gb Total Space | 101.13 Gb Free Space | 34.99% Space Free | Partition Type: NTFS
Drive D: | 9.09 Gb Total Space | 1.28 Gb Free Space | 14.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARLEYPC
Current User Name: ItsMarley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/20 14:02:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ItsMarley\Desktop\OTL.exe
PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010/08/03 10:55:18 | 000,175,960 | ---- | M] () -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2010/07/27 11:11:24 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/14 20:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/17 20:29:56 | 000,619,784 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/02/08 15:51:32 | 001,015,808 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/26 16:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2009/09/24 00:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/09/24 00:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe


========== Modules (SafeList) ==========

MOD - [2010/08/20 14:02:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ItsMarley\Desktop\OTL.exe
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/07/20 08:17:51 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/30 02:58:55 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/14 20:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/02/24 02:55:00 | 003,506,124 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/26 16:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2009/09/24 00:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/09/24 00:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/08/06 07:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Marley\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/07/29 13:31:26 | 000,136,632 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/07/29 13:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/07/29 13:31:26 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2010/07/29 13:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/06/28 21:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/29 20:51:40 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010/02/27 05:34:18 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/02/27 05:33:56 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/02/25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/21 03:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/12 05:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/09/24 00:04:56 | 000,021,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009/09/24 00:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)
DRV - [2009/09/24 00:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)
DRV - [2009/09/24 00:04:50 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)
DRV - [2009/08/06 07:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (VWiFiFlt)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 94 27 BF AE 3D CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/23 05:50:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.0\extensions\\Components: C:\Program Files\Flock\components
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/08/18 19:31:51 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/08/02 22:21:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] c:\Program Files\RegistryBooster 2\StartRegistryBooster.exe (Uniblue Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} [You must be registered and logged in to see this link.] (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Citrus Alarm Clock.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk - C:\Program Files\GamersFirst\LIVE!\Live.exe - (GamersFirst)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe File not found
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: ManyCam - hkey= - key= - C:\Program Files\ManyCam 2.4\ManyCam.exe File not found
MsConfig - StartUpReg: Raptr - hkey= - key= - C:\PROGRA~1\Raptr\raptrstub.exe File not found
MsConfig - StartUpReg: Steam - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: uTorrent - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "startup" - 1
MsConfig - State: "bootini" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.SRGC - C:\Windows\System32\srgc.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========




Marley15
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2010-08-20
OS OS : Windows 7
Points Points : 23492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

Post by Marley15 on Sun Aug 22, 2010 12:11 am

Part 2:


[2010/08/20 14:02:22 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\ItsMarley\Desktop\OTL.exe
[2010/08/20 13:50:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\ItsMarley\Desktop\TFC.exe
[2010/08/20 13:49:51 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\Desktop\ERUNT
[2010/08/20 02:54:35 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\Desktop\Click Me For Client
[2010/08/20 01:44:34 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\.crisisX_474
[2010/08/20 00:03:31 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\ItsMarley\Desktop\ATF-Cleaner.exe
[2010/08/19 22:13:33 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Local\Google
[2010/08/19 20:58:07 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Local\Adobe
[2010/08/18 19:33:32 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\ESET
[2010/08/18 19:33:32 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Local\ESET
[2010/08/18 19:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/08/18 13:09:48 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\IObit
[2010/08/18 13:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/08/18 09:12:35 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\Opera
[2010/08/18 09:12:35 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Local\Opera
[2010/08/18 09:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/08/18 02:41:07 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\Auslogics
[2010/08/18 02:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/08/18 02:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/08/18 01:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/18 01:43:53 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010/08/18 01:43:52 | 004,241,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010/08/18 01:43:51 | 014,064,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010/08/18 01:43:50 | 000,289,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010/08/18 01:43:49 | 009,333,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010/08/18 01:43:49 | 002,243,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010/08/18 01:43:49 | 001,989,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010/08/18 01:43:48 | 011,381,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010/08/18 01:43:48 | 004,001,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010/08/18 01:43:47 | 001,249,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010/08/18 01:43:47 | 000,076,392 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/08/18 01:43:46 | 011,515,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010/08/18 01:43:46 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010/08/18 01:42:44 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcohda.dll
[2010/08/18 01:42:44 | 000,057,344 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\nvapo32v.dll
[2010/08/18 01:42:43 | 000,066,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2010/08/18 01:42:43 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nvhdap32.dll
[2010/08/18 01:40:29 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1922.dll
[2010/08/18 01:38:18 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\DivX
[2010/08/17 23:19:51 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\Documents\Flawless ClientV2
[2010/08/17 18:10:29 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Local\NVD
[2010/08/17 18:09:46 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Local\SoftGrid Client
[2010/08/17 18:09:40 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\SoftGrid Client
[2010/08/17 17:24:11 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\Malwarebytes
[2010/08/17 17:18:54 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Local\PMB Files
[2010/08/17 17:18:22 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Local\Pando_Temp
[2010/08/17 17:18:18 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Local\GamersFirst LIVE!
[2010/08/17 17:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\GamersFirst
[2010/08/17 16:31:14 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Local\Ares
[2010/08/17 14:54:01 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\Pokemon Online
[2010/08/17 14:26:47 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/08/17 14:26:47 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/08/17 14:26:42 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2010/08/17 14:26:40 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/08/17 14:26:37 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/08/17 14:26:32 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/08/17 14:26:01 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/17 14:26:00 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/08/17 14:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/17 14:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/17 14:11:25 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\Documents\My Webcam Recordings
[2010/08/17 14:10:19 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\skypePM
[2010/08/17 14:09:06 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\Skype
[2010/08/17 03:13:57 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\Tracing
[2010/08/17 03:13:56 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\MessengerDiscovery 2
[2010/08/17 03:02:51 | 000,000,000 | ---D | C] -- C:\Windows\RegistryBooster 2
[2010/08/17 03:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\RegistryBooster 2
[2010/08/17 03:01:57 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\WinRAR
[2010/08/17 02:59:52 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\Uniblue
[2010/08/17 02:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/08/17 02:54:49 | 000,000,000 | ---D | C] -- C:\Organized
[2010/08/17 02:30:40 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\Subversion
[2010/08/17 02:29:06 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\Macromedia
[2010/08/17 02:29:05 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\Adobe
[2010/08/17 02:25:07 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Local\TSVNCache
[2010/08/17 02:25:01 | 000,000,000 | R--D | C] -- C:\Users\ItsMarley\Searches
[2010/08/17 02:25:01 | 000,000,000 | -H-D | C] -- C:\Users\ItsMarley\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/08/17 02:24:56 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\Identities
[2010/08/17 02:24:54 | 000,000,000 | R--D | C] -- C:\Users\ItsMarley\Contacts
[2010/08/17 02:24:50 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Local\VirtualStore
[2010/08/17 02:24:47 | 000,000,000 | --SD | C] -- C:\Users\ItsMarley\AppData\Roaming\Microsoft
[2010/08/17 02:24:47 | 000,000,000 | R--D | C] -- C:\Users\ItsMarley\Videos
[2010/08/17 02:24:47 | 000,000,000 | R--D | C] -- C:\Users\ItsMarley\Saved Games
[2010/08/17 02:24:47 | 000,000,000 | R--D | C] -- C:\Users\ItsMarley\Pictures
[2010/08/17 02:24:47 | 000,000,000 | R--D | C] -- C:\Users\ItsMarley\Music
[2010/08/17 02:24:47 | 000,000,000 | R--D | C] -- C:\Users\ItsMarley\Links
[2010/08/17 02:24:47 | 000,000,000 | R--D | C] -- C:\Users\ItsMarley\Favorites
[2010/08/17 02:24:47 | 000,000,000 | R--D | C] -- C:\Users\ItsMarley\Downloads
[2010/08/17 02:24:47 | 000,000,000 | R--D | C] -- C:\Users\ItsMarley\My Documents
[2010/08/17 02:24:47 | 000,000,000 | R--D | C] -- C:\Users\ItsMarley\Desktop
[2010/08/17 02:24:47 | 000,000,000 | -HSD | C] -- C:\Users\ItsMarley\AppData\Local\Temporary Internet Files
[2010/08/17 02:24:47 | 000,000,000 | -HSD | C] -- C:\Users\ItsMarley\Templates
[2010/08/17 02:24:47 | 000,000,000 | -HSD | C] -- C:\Users\ItsMarley\Start Menu
[2010/08/17 02:24:47 | 000,000,000 | -HSD | C] -- C:\Users\ItsMarley\SendTo
[2010/08/17 02:24:47 | 000,000,000 | -HSD | C] -- C:\Users\ItsMarley\Recent
[2010/08/17 02:24:47 | 000,000,000 | -HSD | C] -- C:\Users\ItsMarley\PrintHood
[2010/08/17 02:24:47 | 000,000,000 | -HSD | C] -- C:\Users\ItsMarley\NetHood
[2010/08/17 02:24:47 | 000,000,000 | -HSD | C] -- C:\Users\ItsMarley\Documents\My Videos
[2010/08/17 02:24:47 | 000,000,000 | -HSD | C] -- C:\Users\ItsMarley\Documents\My Pictures
[2010/08/17 02:24:47 | 000,000,000 | -HSD | C] -- C:\Users\ItsMarley\Documents\My Music
[2010/08/17 02:24:47 | 000,000,000 | -HSD | C] -- C:\Users\ItsMarley\My Documents
[2010/08/17 02:24:47 | 000,000,000 | -HSD | C] -- C:\Users\ItsMarley\Local Settings
[2010/08/17 02:24:47 | 000,000,000 | -HSD | C] -- C:\Users\ItsMarley\AppData\Local\History
[2010/08/17 02:24:47 | 000,000,000 | -HSD | C] -- C:\Users\ItsMarley\Cookies
[2010/08/17 02:24:47 | 000,000,000 | -HSD | C] -- C:\Users\ItsMarley\Application Data
[2010/08/17 02:24:47 | 000,000,000 | -HSD | C] -- C:\Users\ItsMarley\AppData\Local\Application Data
[2010/08/17 02:24:47 | 000,000,000 | -H-D | C] -- C:\Users\ItsMarley\AppData
[2010/08/17 02:24:47 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Local\temp
[2010/08/17 02:24:47 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Local\Microsoft
[2010/08/17 02:24:47 | 000,000,000 | ---D | C] -- C:\Users\ItsMarley\AppData\Roaming\Media Center Programs
[2010/08/16 19:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/12 18:19:51 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/08/12 18:19:51 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/12 18:19:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/12 18:19:44 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/12 18:19:44 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/12 18:19:36 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/12 18:19:36 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/12 18:19:36 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/12 18:19:36 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/12 18:19:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/12 18:19:36 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/12 18:19:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/12 18:19:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/12 18:19:34 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/12 13:15:48 | 001,062,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2010/08/12 13:15:48 | 000,108,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSWINSCK.OCX
[2010/08/10 15:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\Metasploit
[2010/08/10 15:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/07 23:58:21 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys
[2010/08/05 03:40:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/05 03:40:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/05 03:17:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/02 22:03:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/02 22:03:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/02 22:03:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/02 22:03:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/31 12:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/31 03:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\AxBx
[2010/07/31 03:34:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/31 03:33:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/31 03:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/31 03:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/31 03:21:47 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/07/31 03:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/07/31 03:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/07/29 13:31:26 | 000,136,632 | ---- | C] (ESET) -- C:\Windows\System32\drivers\eamonm.sys
[2010/07/29 13:31:26 | 000,134,512 | ---- | C] (ESET) -- C:\Windows\System32\drivers\epfw.sys
[2010/07/29 13:31:26 | 000,115,008 | ---- | C] (ESET) -- C:\Windows\System32\drivers\ehdrv.sys
[2010/07/29 13:31:26 | 000,041,336 | ---- | C] (ESET) -- C:\Windows\System32\drivers\epfwwfp.sys
[2010/07/29 13:31:26 | 000,032,608 | ---- | C] (ESET) -- C:\Windows\System32\drivers\epfwndis.sys
[2010/07/25 00:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Conquer Online 2.0

========== Files - Modified Within 30 Days ==========

[2010/08/22 00:37:23 | 001,310,720 | -HS- | M] () -- C:\Users\ItsMarley\NTUSER.DAT
[2010/08/22 00:19:02 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3729820662-3297716803-4006380401-1006UA.job
[2010/08/21 23:18:25 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010/08/21 23:18:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/21 23:17:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/21 23:17:45 | 2413,719,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/21 21:53:48 | 002,221,493 | -H-- | M] () -- C:\Users\ItsMarley\AppData\Local\IconCache.db
[2010/08/21 05:19:40 | 000,002,421 | ---- | M] () -- C:\Users\ItsMarley\Desktop\Google Chrome.lnk
[2010/08/20 22:29:56 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3729820662-3297716803-4006380401-1006Core.job
[2010/08/20 18:54:47 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/08/20 15:16:00 | 302,439,451 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/20 14:02:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ItsMarley\Desktop\OTL.exe
[2010/08/20 13:50:56 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\ItsMarley\Desktop\TFC.exe
[2010/08/20 00:03:31 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\ItsMarley\Desktop\ATF-Cleaner.exe
[2010/08/19 15:56:11 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/19 15:56:11 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/18 19:34:57 | 000,001,075 | ---- | M] () -- C:\Users\ItsMarley\Desktop\ESET SysInspector.lnk
[2010/08/18 19:31:59 | 000,001,060 | ---- | M] () -- C:\Users\ItsMarley\Desktop\ESET SysRescue.lnk
[2010/08/18 19:31:58 | 000,001,957 | ---- | M] () -- C:\Users\ItsMarley\Desktop\ESET Smart Security.lnk
[2010/08/18 13:09:48 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2010/08/18 13:09:48 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2010/08/18 09:12:29 | 000,000,787 | ---- | M] () -- C:\Users\ItsMarley\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/18 09:12:29 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/08/18 02:38:45 | 000,001,065 | ---- | M] () -- C:\Users\ItsMarley\Desktop\Auslogics BoostSpeed.lnk
[2010/08/17 18:33:21 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Marley.job
[2010/08/17 18:03:41 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk
[2010/08/17 17:32:23 | 674,581,496 | ---- | M] () -- C:\Users\ItsMarley\Documents\War_Rock_20100722.exe
[2010/08/17 17:18:09 | 000,001,082 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2010/08/17 14:54:09 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Pokemon Online.lnk
[2010/08/17 14:26:49 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010/08/17 14:26:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/08/17 14:08:45 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/08/17 14:06:39 | 000,001,240 | RHS- | M] () -- C:\Users\ItsMarley\ntuser.pol
[2010/08/17 03:14:05 | 000,524,288 | -HS- | M] () -- C:\Users\ItsMarley\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/08/17 03:14:05 | 000,524,288 | -HS- | M] () -- C:\Users\ItsMarley\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/08/17 03:14:05 | 000,065,536 | -HS- | M] () -- C:\Users\ItsMarley\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/08/17 03:13:52 | 000,058,728 | ---- | M] () -- C:\Users\ItsMarley\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/17 03:02:54 | 000,001,925 | ---- | M] () -- C:\Users\ItsMarley\Desktop\RegistryBooster 2.lnk
[2010/08/17 02:28:44 | 000,001,371 | ---- | M] () -- C:\Users\ItsMarley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/17 02:24:47 | 000,000,020 | -HS- | M] () -- C:\Users\ItsMarley\ntuser.ini
[2010/08/16 13:30:51 | 000,269,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/12 00:11:13 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2010/08/12 00:11:13 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2010/08/11 00:51:28 | 000,001,430 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010/08/08 03:32:47 | 000,771,186 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/08 03:32:47 | 000,656,234 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/08 03:32:47 | 000,122,710 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/05 03:33:31 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/02 22:21:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/01 02:05:19 | 000,214,592 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/08/01 01:36:26 | 000,138,968 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/07/31 03:34:25 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/31 02:02:09 | 000,000,064 | ---- | M] () -- C:\Windows\tasks\ID.Conf
[2010/07/29 13:31:26 | 000,136,632 | ---- | M] (ESET) -- C:\Windows\System32\drivers\eamonm.sys
[2010/07/29 13:31:26 | 000,134,512 | ---- | M] (ESET) -- C:\Windows\System32\drivers\epfw.sys
[2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) -- C:\Windows\System32\drivers\ehdrv.sys
[2010/07/29 13:31:26 | 000,041,336 | ---- | M] (ESET) -- C:\Windows\System32\drivers\epfwwfp.sys
[2010/07/29 13:31:26 | 000,032,608 | ---- | M] (ESET) -- C:\Windows\System32\drivers\epfwndis.sys
[2010/07/29 07:30:49 | 000,197,632 | ---- | M] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/07/29 07:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll

========== Files Created - No Company Name ==========

[2010/08/20 14:49:51 | 302,439,451 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/20 14:25:23 | 000,293,376 | ---- | C] () -- C:\Users\ItsMarley\Desktop\gmer.exe
[2010/08/19 22:15:13 | 000,002,421 | ---- | C] () -- C:\Users\ItsMarley\Desktop\Google Chrome.lnk
[2010/08/19 22:14:14 | 000,001,080 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3729820662-3297716803-4006380401-1006UA.job
[2010/08/19 22:14:12 | 000,001,028 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3729820662-3297716803-4006380401-1006Core.job
[2010/08/18 19:34:57 | 000,001,075 | ---- | C] () -- C:\Users\ItsMarley\Desktop\ESET SysInspector.lnk
[2010/08/18 19:31:59 | 000,001,060 | ---- | C] () -- C:\Users\ItsMarley\Desktop\ESET SysRescue.lnk
[2010/08/18 19:31:56 | 000,001,957 | ---- | C] () -- C:\Users\ItsMarley\Desktop\ESET Smart Security.lnk
[2010/08/18 13:09:48 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2010/08/18 13:09:48 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2010/08/18 09:12:29 | 000,000,787 | ---- | C] () -- C:\Users\ItsMarley\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/18 09:12:29 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/08/18 02:38:45 | 000,001,065 | ---- | C] () -- C:\Users\ItsMarley\Desktop\Auslogics BoostSpeed.lnk
[2010/08/18 01:43:46 | 000,007,133 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/08/17 18:03:41 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk
[2010/08/17 17:19:16 | 674,581,496 | ---- | C] () -- C:\Users\ItsMarley\Documents\War_Rock_20100722.exe
[2010/08/17 17:18:09 | 000,001,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2010/08/17 14:54:09 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Pokemon Online.lnk
[2010/08/17 14:26:49 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010/08/17 14:08:45 | 000,002,501 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/08/17 03:02:54 | 000,001,925 | ---- | C] () -- C:\Users\ItsMarley\Desktop\RegistryBooster 2.lnk
[2010/08/17 02:59:54 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2010/08/17 02:28:44 | 000,001,371 | ---- | C] () -- C:\Users\ItsMarley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/17 02:24:49 | 000,001,240 | RHS- | C] () -- C:\Users\ItsMarley\ntuser.pol
[2010/08/17 02:24:47 | 001,310,720 | -HS- | C] () -- C:\Users\ItsMarley\NTUSER.DAT
[2010/08/17 02:24:47 | 000,524,288 | -HS- | C] () -- C:\Users\ItsMarley\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/08/17 02:24:47 | 000,524,288 | -HS- | C] () -- C:\Users\ItsMarley\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/08/17 02:24:47 | 000,262,144 | -HS- | C] () -- C:\Users\ItsMarley\ntuser.dat.LOG1
[2010/08/17 02:24:47 | 000,065,536 | -HS- | C] () -- C:\Users\ItsMarley\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/08/17 02:24:47 | 000,000,290 | ---- | C] () -- C:\Users\ItsMarley\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/08/17 02:24:47 | 000,000,272 | ---- | C] () -- C:\Users\ItsMarley\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/17 02:24:47 | 000,000,020 | -HS- | C] () -- C:\Users\ItsMarley\ntuser.ini
[2010/08/17 02:24:47 | 000,000,000 | -HS- | C] () -- C:\Users\ItsMarley\ntuser.dat.LOG2
[2010/08/10 15:43:30 | 000,001,430 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/08/02 22:03:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/02 22:03:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/02 22:03:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/02 22:03:41 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/02 22:03:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/31 03:34:25 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/31 02:02:09 | 000,000,064 | ---- | C] () -- C:\Windows\tasks\ID.Conf
[2010/07/22 21:53:56 | 000,595,456 | ---- | C] () -- C:\Windows\System32\srgc.dll
[2010/07/21 21:30:23 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/09 18:02:50 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/07/09 16:27:23 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/07/07 15:30:57 | 000,001,007 | ---- | C] () -- C:\Windows\FOE2.ini
[2010/07/06 01:04:26 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/29 20:51:40 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/03/16 06:53:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >
[2010/06/19 07:33:29 | 003,955,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntkrnlpa.exe

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2009/07/13 22:40:41 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/07/14 02:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/07/13 22:40:44 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2009/07/13 22:40:40 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2009/07/13 22:40:43 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2009/07/13 22:40:43 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2009/07/13 22:40:23 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2009/07/13 22:40:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2009/07/13 22:40:35 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2009/07/13 22:40:39 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2009/07/13 22:40:27 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2009/07/13 22:40:11 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2009/07/13 22:40:15 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2009/07/13 22:40:17 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2009/07/13 22:40:19 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2009/07/13 22:40:13 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/06/19 05:07:18 | 002,326,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/03/16 05:45:14 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/08/02 15:44:10 | 000,171,136 | RHS- | M] () -- C:\grldr
[2010/08/21 23:17:45 | 2413,719,552 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/13 14:04:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/12 18:29:41 | 000,000,377 | -H-- | M] () -- C:\IPH.PH
[2008/12/13 14:04:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/10/26 23:14:39 | 000,000,615 | -H-- | M] () -- C:\os604495.bin
[2010/08/21 23:17:49 | 3218,296,832 | -HS- | M] () -- C:\pagefile.sys
[2009/07/17 02:21:25 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
[2009/07/17 02:21:25 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2

< %PROGRAMFILES%\*. >
[2010/05/06 08:35:10 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/07/31 11:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\Advanced Access Controller
[2010/08/17 14:25:58 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/05/06 08:43:21 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/05/06 08:43:21 | 000,000,000 | ---D | M] -- C:\Program Files\Ares
[2010/07/09 16:23:17 | 000,000,000 | ---D | M] -- C:\Program Files\Atari
[2010/08/18 02:38:38 | 000,000,000 | ---D | M] -- C:\Program Files\Auslogics
[2010/07/31 11:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\Automated Result Operator
[2010/07/31 03:16:34 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/07/31 03:36:52 | 000,000,000 | ---D | M] -- C:\Program Files\AxBx
[2010/08/17 02:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/08/18 01:44:17 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/08/10 15:38:56 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/08/17 20:00:11 | 000,000,000 | ---D | M] -- C:\Program Files\Conquer Online 2.0
[2010/07/31 11:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\Count Access Advancer
[2010/07/31 11:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\Customized Web Management
[2010/05/21 08:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/03/16 22:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\DNA
[2009/07/14 08:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2010/08/17 14:43:30 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2010/08/18 19:31:50 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/08/17 17:34:10 | 000,000,000 | ---D | M] -- C:\Program Files\GamersFirst
[2010/08/19 23:04:11 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/08/10 01:11:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/07/31 04:01:27 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Connection Wizard
[2010/07/31 11:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Content Assistant
[2010/08/12 20:50:32 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/08/18 13:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/03/28 03:01:49 | 000,000,000 | ---D | M] -- C:\Program Files\IVT Corporation
[2010/05/29 10:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/07/31 03:34:53 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/06 09:00:47 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/05/06 08:48:06 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2010/08/10 15:55:07 | 000,000,000 | ---D | M] -- C:\Program Files\Metasploit
[2010/03/16 06:38:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/04/11 01:35:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2010/05/20 06:51:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Application Virtualization Client
[2010/03/16 22:29:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft DirectX SDK (February 2010)
[2009/07/14 08:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/04/11 01:38:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/07/20 05:58:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2010/06/05 05:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/05/06 09:43:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/03/16 06:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/07/20 06:03:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2010/07/20 06:03:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/08/08 03:29:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/05/08 01:42:11 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2010/05/08 01:42:09 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2010/08/18 01:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2010/08/18 09:12:30 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2010/05/23 07:24:48 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2010/04/26 21:49:44 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/08/17 03:02:54 | 000,000,000 | ---D | M] -- C:\Program Files\RegistryBooster 2
[2010/06/14 03:15:41 | 000,000,000 | ---D | M] -- C:\Program Files\Shoddy Battle
[2010/07/31 15:53:27 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/03/18 01:12:07 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2010/05/06 08:43:29 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010/05/07 10:26:08 | 000,000,000 | ---D | M] -- C:\Program Files\TortoiseSVN
[2010/07/31 12:43:59 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/08/17 02:59:48 | 000,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2009/07/14 05:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/07/14 05:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/07/14 08:50:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/05/06 09:45:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/03/16 06:37:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/05/13 11:37:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/05/06 08:43:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/14 05:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 05:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/14 05:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/03/16 07:19:46 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR

< %appdata%\*.* >


< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Organized\Windows.old\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Organized\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Organized\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Organized\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Organized\Windows.old\Windows\System32\drivers\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Organized\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Organized\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Organized\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Organized\Windows.old\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Organized\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Organized\Windows.old\Windows\System32\drivers\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Organized\Windows.old\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Organized\Windows.old\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 10:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Organized\Windows.old\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: EVENTLOG.DLL >
[2007/01/12 21:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Organized\Windows.old\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2008/04/15 16:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Organized\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/04/15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Organized\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/04/15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Organized\Windows.old\Windows\System32\drivers\iaStor.sys
[2008/04/15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Organized\Windows.old\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Organized\Windows.old\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Organized\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Organized\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Organized\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Organized\Windows.old\Windows\System32\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Organized\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Organized\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Organized\Windows.old\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Organized\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Organized\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Organized\Windows.old\Windows\System32\scecli.dll
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Organized\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Organized\Windows.old\Windows\System32\drivers\USBSTOR.SYS
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Organized\Windows.old\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Organized\Windows.old\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/07/14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/07/14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_83027f5d5b2468d3\USBSTOR.SYS
[2009/07/14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_485ca4d9f926b0b4\USBSTOR.SYS
[2006/11/02 09:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Organized\Windows.old\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-19 14:57:49

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >



Marley15
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2010-08-20
OS OS : Windows 7
Points Points : 23492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

Post by Sneakyone on Sun Aug 22, 2010 12:38 am

Hi.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

Post by Marley15 on Sun Aug 22, 2010 1:53 am

Thx for your help so far sneakyone, I really appreciate Big Grin .

Combofix Log:

ComboFix 10-08-21.04 - ItsMarley 22-08-2010 2:21.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.3069.1853 [GMT 1:00]
Gestart vanuit: c:\users\ItsMarley\Desktop\commy.exe
gebruikte Opdracht switches :: /stepdel
* Aanwezig AV is actief

.

Overlay afgebroken ... Gelieve ComboFix nogmaals te draaien
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf


(((((((((((((((((((( Bestanden Gemaakt van 2010-07-22 to 2010-08-22 ))))))))))))))))))))))))))))))
.

2010-08-22 01:38 . 2010-08-22 01:41 -------- d-----w- c:\users\ItsMarley\AppData\Local\temp
2010-08-22 01:38 . 2010-08-22 01:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-22 01:38 . 2010-08-22 01:38 -------- d-----w- c:\users\Mcx1-MARLEYPC\AppData\Local\temp
2010-08-22 01:38 . 2010-08-22 01:38 -------- d-----w- c:\users\Marliej\AppData\Local\temp
2010-08-22 01:38 . 2010-08-22 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-20 00:44 . 2010-08-20 00:46 -------- d-----w- c:\users\ItsMarley\.crisisX_474
2010-08-19 21:13 . 2010-08-19 21:14 -------- d-----w- c:\users\ItsMarley\AppData\Local\Google
2010-08-19 19:58 . 2010-08-19 20:08 -------- d-----w- c:\users\ItsMarley\AppData\Local\Adobe
2010-08-18 18:33 . 2010-08-18 18:33 -------- d-----w- c:\users\ItsMarley\AppData\Local\ESET
2010-08-18 12:09 . 2010-08-18 12:09 -------- d-----w- c:\users\ItsMarley\AppData\Roaming\IObit
2010-08-18 12:09 . 2010-08-18 12:09 -------- d-----w- c:\program files\IObit
2010-08-18 08:12 . 2010-08-18 08:12 -------- d-----w- c:\users\ItsMarley\AppData\Local\Opera
2010-08-18 08:12 . 2010-08-18 08:12 -------- d-----w- c:\program files\Opera
2010-08-18 01:41 . 2010-08-18 05:52 -------- d-----w- c:\users\ItsMarley\AppData\Roaming\Auslogics
2010-08-18 01:38 . 2010-08-18 01:38 -------- d-----w- c:\program files\Auslogics
2010-08-18 00:42 . 2009-11-12 01:09 57344 ----a-w- c:\windows\system32\nvapo32v.dll
2010-08-18 00:42 . 2009-11-10 23:15 182888 ----a-w- c:\windows\system32\nvcohda.dll
2010-08-18 00:42 . 2009-11-12 04:14 66664 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-08-18 00:42 . 2009-11-12 01:08 19456 ----a-w- c:\windows\system32\nvhdap32.dll
2010-08-18 00:40 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod1922.dll
2010-08-18 00:38 . 2010-08-18 00:38 -------- d-----w- c:\users\ItsMarley\AppData\Roaming\DivX
2010-08-17 17:10 . 2010-08-17 17:10 -------- d-----w- c:\users\ItsMarley\AppData\Local\NVD
2010-08-17 17:09 . 2010-08-17 17:09 -------- d-----w- c:\users\ItsMarley\AppData\Local\SoftGrid Client
2010-08-17 17:09 . 2010-08-21 13:57 -------- d-----w- c:\users\ItsMarley\AppData\Roaming\SoftGrid Client
2010-08-17 16:24 . 2010-08-17 16:24 -------- d-----w- c:\users\ItsMarley\AppData\Roaming\Malwarebytes
2010-08-17 16:18 . 2010-08-17 16:18 -------- d-----w- c:\users\Marley\AppData\Local\PMB Files
2010-08-17 16:18 . 2010-08-17 19:41 -------- d-----w- c:\users\ItsMarley\AppData\Local\PMB Files
2010-08-17 16:18 . 2010-08-17 16:18 -------- d-----w- c:\users\ItsMarley\AppData\Local\Pando_Temp
2010-08-17 16:18 . 2010-08-17 16:18 -------- d-----w- c:\users\ItsMarley\AppData\Local\GamersFirst LIVE!
2010-08-17 16:18 . 2010-08-17 16:34 -------- d-----w- c:\program files\GamersFirst
2010-08-17 15:31 . 2010-08-17 15:31 -------- d-----w- c:\users\ItsMarley\AppData\Local\Ares
2010-08-17 13:54 . 2010-08-17 13:54 -------- d-----w- c:\users\ItsMarley\Pokemon Online
2010-08-17 13:25 . 2010-08-17 13:25 -------- d-----w- c:\programdata\Alwil Software
2010-08-17 13:25 . 2010-08-17 13:25 -------- d-----w- c:\program files\Alwil Software
2010-08-17 13:10 . 2010-08-21 23:03 -------- d-----w- c:\users\ItsMarley\AppData\Roaming\skypePM
2010-08-17 13:09 . 2010-08-22 01:20 -------- d-----w- c:\users\ItsMarley\AppData\Roaming\Skype
2010-08-17 02:13 . 2010-08-22 01:41 -------- d-----w- c:\users\ItsMarley\Tracing
2010-08-17 02:13 . 2010-08-17 13:10 -------- d-----w- c:\users\ItsMarley\AppData\Roaming\MessengerDiscovery 2
2010-08-17 02:13 . 2010-08-17 02:13 58728 ----a-w- c:\users\ItsMarley\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-17 02:02 . 2010-08-17 02:02 -------- d-----w- c:\program files\RegistryBooster 2
2010-08-17 02:02 . 2010-08-17 02:02 -------- d-----w- c:\windows\RegistryBooster 2
2010-08-17 01:59 . 2010-08-17 02:03 -------- d-----w- c:\users\ItsMarley\AppData\Roaming\Uniblue
2010-08-17 01:59 . 2010-08-17 01:59 -------- d-----w- c:\program files\Uniblue
2010-08-17 01:54 . 2010-08-17 01:55 -------- d-----w- C:\Organized
2010-08-17 01:30 . 2010-08-17 01:30 -------- d-----w- c:\users\ItsMarley\AppData\Roaming\Subversion
2010-08-17 01:25 . 2010-08-21 16:54 -------- d-----w- c:\users\ItsMarley\AppData\Local\TSVNCache
2010-08-16 18:09 . 2010-08-22 01:39 -------- d-----w- c:\program files\ESET
2010-08-12 17:20 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-10 14:55 . 2010-08-10 14:55 -------- d-----w- c:\program files\Metasploit
2010-08-10 14:38 . 2010-08-10 14:38 -------- d-----w- c:\program files\Conduit
2010-08-07 22:58 . 2010-02-25 16:51 25216 ----a-w- c:\windows\system32\drivers\tap0901.sys
2010-07-31 11:43 . 2010-07-31 11:43 -------- d-----w- c:\program files\Trend Micro
2010-07-31 02:36 . 2010-07-31 02:36 -------- d-----w- c:\program files\AxBx
2010-07-31 02:34 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-31 02:33 . 2010-07-31 02:33 -------- d-----w- c:\programdata\Malwarebytes
2010-07-31 02:33 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 02:33 . 2010-07-31 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 02:21 . 2010-07-31 02:21 -------- d-----w- C:\$AVG
2010-07-31 02:16 . 2010-07-31 02:16 -------- d-----w- c:\program files\AVG
2010-07-31 02:15 . 2010-08-01 17:56 -------- d-----w- c:\programdata\avg9
2010-07-29 12:31 . 2010-07-29 12:31 41336 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2010-07-29 12:31 . 2010-07-29 12:31 32608 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-07-29 12:31 . 2010-07-29 12:31 136632 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-07-29 12:31 . 2010-07-29 12:31 134512 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-07-29 12:31 . 2010-07-29 12:31 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-07-24 23:57 . 2010-08-17 19:00 -------- d-----w- c:\program files\Conquer Online 2.0

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 22:04 . 2010-03-16 06:12 -------- d-----w- c:\program files\Google
2010-08-18 01:47 . 2010-03-21 03:49 -------- d-----w- c:\programdata\NVIDIA
2010-08-18 00:43 . 2010-08-18 00:43 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-18 00:43 . 2010-03-21 06:07 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-17 16:19 . 2010-05-23 06:25 -------- d-----w- c:\programdata\PMB Files
2010-08-17 13:43 . 2010-04-09 05:50 -------- d-----w- c:\program files\DVDVideoSoft
2010-08-17 13:43 . 2010-04-09 05:50 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-08-17 01:49 . 2010-07-19 14:40 -------- d-----w- c:\program files\CCleaner
2010-08-11 23:11 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-08-11 23:11 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-08-11 23:11 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-08-10 15:43 . 2010-05-22 01:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-10 00:11 . 2010-03-16 06:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-08 02:29 . 2010-07-20 04:59 -------- d-----w- c:\program files\Microsoft.NET
2010-08-01 01:05 . 2010-07-06 00:04 214592 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-01 00:36 . 2010-07-06 00:04 138968 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-31 14:53 . 2010-03-16 05:48 -------- d-----r- c:\program files\Skype
2010-07-31 10:25 . 2010-05-06 09:38 -------- d-----w- c:\program files\Internet Content Assistant
2010-07-31 10:25 . 2010-05-06 09:38 -------- d-----w- c:\program files\Customized Web Management
2010-07-31 10:25 . 2010-05-06 09:38 -------- d-----w- c:\program files\Advanced Access Controller
2010-07-31 10:25 . 2010-05-06 09:38 -------- d-----w- c:\program files\Count Access Advancer
2010-07-31 10:25 . 2010-05-06 09:37 -------- d-----w- c:\program files\Automated Result Operator
2010-07-31 03:01 . 2010-05-06 09:38 -------- d-----w- c:\program files\Internet Connection Wizard
2010-07-31 03:01 . 2010-05-06 09:38 -------- d-----w- c:\program files\Common Files\Count Access Advancer
2010-07-29 06:30 . 2010-08-12 17:19 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 17:19 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-20 18:36 . 2010-07-19 14:25 -------- d-----w- c:\program files\Common Files\Steam
2010-07-20 05:03 . 2010-07-20 04:59 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-07-20 05:03 . 2010-07-20 05:03 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-07-20 05:03 . 2010-04-11 00:33 -------- d-----w- c:\programdata\Microsoft Help
2010-07-20 04:58 . 2010-07-20 04:58 -------- d-----w- c:\program files\Microsoft SDKs
2010-07-19 16:03 . 2010-07-19 16:03 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-07-19 16:03 . 2010-07-06 00:03 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-10 09:45 . 2010-07-10 09:45 -------- d-----w- c:\programdata\Total Gameplay
2010-07-09 22:37 . 2009-10-03 14:02 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 17:02 . 2010-07-09 17:02 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-09 15:27 . 2010-07-09 15:27 -------- d-----w- c:\program files\Common Files\PocketSoft
2010-07-09 15:23 . 2010-07-09 15:23 -------- d-----w- c:\program files\Atari
2010-07-09 15:22 . 2010-07-09 15:22 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-09 15:20 . 2010-07-09 15:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 15:20 . 2010-07-09 15:20 261736 ----a-w- c:\windows\system32\nvhotkey.dll
2010-07-09 15:20 . 2010-07-09 15:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 15:20 . 2010-07-09 15:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 15:20 . 2010-07-09 15:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 15:20 . 2010-07-09 15:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 13:44 . 2010-07-09 13:44 -------- d-----w- c:\programdata\Trymedia
2010-07-07 13:03 . 2010-03-21 03:27 604776 ----a-w- c:\windows\system32\nvuninst.exe
2010-07-06 00:03 . 2010-07-06 00:03 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-07-04 14:33 . 2010-07-04 14:26 -------- d-----w- c:\programdata\TmForever
2010-06-30 06:25 . 2010-08-12 17:19 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-12 17:19 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-12 17:19 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-12 17:19 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-12 17:19 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-12 17:19 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-12 17:19 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-12 17:19 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-12 17:19 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-08 06:02 . 2010-08-12 17:19 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-05-29 09:24 . 2010-05-29 09:25 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 07:24 . 2010-06-09 19:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-09 19:40 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-08-11 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\ERDNT\cache\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 16:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 16:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 16:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 16:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 16:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 16:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 16:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 16:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 16:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2010-07-27 67456]
"Uniblue RegistryBooster 2"="c:\program files\registrybooster 2\StartRegistryBooster.exe" [2007-07-24 99608]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"ares"="c:\program files\Ares\Ares.exe" [2010-02-08 1015808]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Google Update"="c:\users\ItsMarley\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-17 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2010-7-7 2805104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Citrus Alarm Clock.lnk]
backup=c:\windows\pss\Citrus Alarm Clock.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 23:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 14:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 19:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-23 04:50 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-24 3506124]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1343400]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340); [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-27 26168]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447832]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 543064]
S3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 190312]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 21848]
S3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 14680]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Inhoud van de 'Gedeelde Taken' map

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3729820662-3297716803-4006380401-1006Core.job
- c:\users\ItsMarley\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 01:59]

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3729820662-3297716803-4006380401-1006UA.job
- c:\users\ItsMarley\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 01:59]

2010-08-17 c:\windows\Tasks\Norton Security Scan for Marley.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-08 23:51]

2010-08-22 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-17 10:11]
.
.
------- Bijkomende Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
TCP: {669B32C8-5C14-4F5E-9E3A-9A5999C32961} = 208.67.222.222,208.67.220.220
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-ManyCam - c:\program files\ManyCam 2.4\ManyCam.exe
MSConfigStartUp-Raptr - c:\progra~1\Raptr\raptrstub.exe
AddRemove-ManyCam - c:\program files\ManyCam 2.4\uninstall.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(5572)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\conhost.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\AUDIODG.EXE
.
**************************************************************************
.
Voltooingstijd: 2010-08-22 02:51:04 - machine werd herstart
ComboFix-quarantined-files.txt 2010-08-22 01:51

Pre-Run: 113.473.777.664 bytes free
Post-Run: 115.332.009.984 bytes free

- - End Of File - - C9D79736BC8DF09A6462793B996403FD





Marley15
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2010-08-20
OS OS : Windows 7
Points Points : 23492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

Post by Sneakyone on Sun Aug 22, 2010 6:26 pm

Hi.

Upload a file to VirusTotal

Please visit Virustotal


  • Click the Browse.. button
  • Navigate to the file c:\windows\System32\user32.dll
  • Click the Open button
  • Click the Send button
  • Copy and paste the results into a new reply in this thread please.

If VirusTotal is busy please use Jotti


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

Post by Marley15 on Sun Aug 22, 2010 6:50 pm


File name: user32.dll
Submission date: 2010-08-22 18:45:33 (UTC)
Current status: finished
Result: 0/ 38 (0.0%)

MD5 : 7bd7f45ff37fa0669cd32ca0ef46e22c
SHA1 : 03c47973f52800a6ae21f1a5992e331b4a9b2837
SHA256: 88cf562d5f8c803a4ff8db28c355073c58be6c02ce950149584749d2d72cc6de
ssdeep: 12288:6UMmzZo/qril3O9BS+wHFk4VhFYKXypF39r9X3Mh5L+s5ENOeQiV1Li/kh:hM6IlSKizN
rRaLeYeXV1i/kh
File size : 811520 bytes
First seen: 2010-02-15 20:11:40
Last seen : 2010-08-22 18:45:33
TrID:
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Multi-User Windows USER API Client DLL
original name: user32
internal name: user32
file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1F7C9
timedatestamp....: 0x4A5BDB2F (Tue Jul 14 01:11:11 2009)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x6772F, 0x67800, 6.64, 666f00ea11895893c60fedc6b1b331a6
.data, 0x69000, 0xF60, 0x1000, 1.75, a0266837467b196f479d1fca528ab23f
.rsrc, 0x6A000, 0x5A278, 0x5A400, 5.52, b32b75abdd1619519099bacc5ab208d9
.reloc, 0xC5000, 0x30A0, 0x3200, 6.69, 339948e7d9261a997c94b586ec076ef2

[[ 3 import(s) ]]
ntdll.dll: RtlUnwind, RtlSetLastWin32Error, NlsAnsiCodePage, _aulldvrm, _wtoi, _alldiv, wcsncpy_s, iswspace, qsort, LdrFlushAlternateResourceModules, RtlCheckRegistryKey, RtlMultiByteToUnicodeSize, RtlPcToFileHeader, wcsrchr, RtlImageNtHeader, NtRaiseHardError, wcsncat_s, RtlIsNameLegalDOS8Dot3, strrchr, sscanf_s, strcpy_s, RtlSizeHeap, RtlGetThreadLangIdByIndex, RtlRunEncodeUnicodeString, RtlRunDecodeUnicodeString, RtlReAllocateHeap, CsrAllocateMessagePointer, RtlAllocateAndInitializeSid, RtlFreeSid, CsrAllocateCaptureBuffer, CsrCaptureMessageBuffer, CsrFreeCaptureBuffer, RtlNtStatusToDosError, NtOpenThreadToken, NtOpenProcessToken, NtQueryInformationToken, CsrClientCallServer, memmove, NtCallbackReturn, _allmul, RtlUnicodeToMultiByteSize, RtlInitializeCriticalSection, NtQuerySystemInformation, RtlDeleteCriticalSection, RtlGetIntegerAtom, _stricmp, _wcsicmp, CsrClientConnectToServer, RtlIsThreadWithinLoaderCallout, NtYieldExecution, NtCreateKey, NtSetValueKey, NtDeleteValueKey, NtOpenDirectoryObject, wcstoul, NtVdmControl, _vsnwprintf, RtlQueryInformationActiveActivationContext, RtlCreateUnicodeStringFromAsciiz, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlFreeUnicodeString, NtSetSecurityObject, NtQuerySecurityObject, NtQueryInformationProcess, wcstol, RtlActivateActivationContextUnsafeFast, RtlDeactivateActivationContextUnsafeFast, RtlFindActivationContextSectionString, RtlReleaseActivationContext, RtlMultiByteToUnicodeN, RtlUnicodeToMultiByteN, RtlLeaveCriticalSection, RtlEnterCriticalSection, memset, memcpy, RtlAllocateHeap, RtlFreeHeap, RtlOpenCurrentUser, NtEnumerateKey, wcscpy_s, wcscat_s, NtOpenKey, NtClose, NtQueryValueKey, swprintf_s, RtlInitUnicodeString, RtlUnicodeStringToInteger
GDI32.dll: CreateFontIndirectW, GetClipRgn, ExtSelectClipRgn, GetHFONT, GetMapMode, SetGraphicsMode, GetClipBox, CreateRectRgn, CreateRectRgnIndirect, SetLayout, GetBoundsRect, ExcludeClipRect, PlayEnhMetaFile, Ellipse, CreateEllipticRgn, GdiFixUpHandle, CreatePen, Rectangle, GetTextCharacterExtra, SetTextCharacterExtra, GetCurrentObject, GetViewportOrgEx, SetViewportOrgEx, PolyPatBlt, CreateBrushIndirect, SetBoundsRect, CopyEnhMetaFileW, CopyMetaFileW, GetPaletteEntries, CreatePalette, SetPaletteEntries, GetPixel, ExtTextOutA, GetTextCharsetInfo, QueryFontAssocStatus, GetCharWidthInfo, GetCharWidthA, GetTextFaceW, GetCharABCWidthsA, GetCharABCWidthsW, SetBrushOrgEx, EnumFontsW, GetTextFaceAliasW, GetTextMetricsW, GetTextColor, GdiGetCodePage, GetTextCharset, GetBkMode, GetViewportExtEx, GetWindowExtEx, GdiGetCharDimensions, GdiPrinterThunk, GdiLoadType1Fonts, GdiAddFontResourceW, TranslateCharsetInfo, SaveDC, OffsetWindowOrgEx, RestoreDC, ExtTextOutW, GetDIBits, CreateDIBSection, SetStretchBltMode, SelectPalette, RealizePalette, SetDIBits, CreateDCW, CreateDIBitmap, CreateCompatibleBitmap, SetBitmapBits, DeleteDC, GdiValidateHandle, GdiDllInitialize, GdiProcessSetup, GetStockObject, CreateSolidBrush, CreateCompatibleDC, GdiConvertBitmapV5, GdiCreateLocalEnhMetaFile, GdiCreateLocalMetaFilePict, GetRgnBox, CombineRgn, OffsetRgn, MirrorRgn, EnableEUDC, GdiConvertToDevmodeW, GetTextExtentPointA, GetTextExtentPointW, CreateBitmap, SetLayoutWidth, PatBlt, TextOutA, TextOutW, SetTextAlign, GetTextAlign, IntersectClipRect, SelectObject, SetBkMode, GetBkColor, GetObjectW, SetTextColor, SetBkColor, GetLayout, StretchDIBits, GetDeviceCaps, GetDIBColorTable, GdiGetBitmapBitsSize, DeleteObject, DeleteMetaFile, DeleteEnhMetaFile, GdiConvertMetaFilePict, GdiConvertEnhMetaFile, GdiReleaseDC, StretchBlt, GetObjectType, GdiConvertAndCheckDC, SetRectRgn, BitBlt
KERNEL32.dll: SetLastError, InterlockedDecrement, InterlockedIncrement, GetACP, LocalReAlloc, LocalLock, LocalUnlock, LocalSize, LoadAppInitDlls, GetCurrentThreadId, GetModuleHandleW, QueryActCtxSettingsW, RegisterWaitForInputIdle, SizeofResource, LoadResource, LoadStringBaseExW, FindResourceExW, FindResourceExA, DisableThreadLibraryCalls, IsDBCSLeadByteEx, GetSystemDirectoryW, SearchPathW, ExpandEnvironmentStringsW, LoadLibraryExW, GlobalAddAtomW, GetCurrentProcess, GetCurrentThread, ExitThread, GetExitCodeThread, CreateThread, GlobalHandle, FoldStringW, Sleep, GetStringTypeW, GetStringTypeA, GetCPInfo, CompareStringW, FindResourceW, CloseHandle, ReadFile, SetFileTime, EnumResourceNamesExW, CreateProcessW, GetSystemWindowsDirectoryW, AddAtomA, AddAtomW, GetAtomNameA, GetAtomNameW, IsValidLocale, ConvertDefaultLocale, GetCurrentDirectoryW, SetCurrentDirectoryW, lstrlenW, GetLogicalDrives, FindClose, FindNextFileW, FindFirstFileW, GetThreadLocale, MulDiv, ProcessIdToSessionId, GetCurrentProcessId, WerpNotifyUseStringResource, InterlockedCompareExchange, IsDBCSLeadByte, GetVersionExW, RegQueryValueExW, RegOpenKeyExW, RegEnumValueW, RegQueryInfoKeyW, GetSystemDefaultLangID, WerpNotifyLoadStringResource, UnmapViewOfFile, GetFileSize, MapViewOfFile, CreateFileMappingW, LCMapStringW, QueryPerformanceCounter, QueryPerformanceFrequency, GetTickCount, lstrlenA, GlobalFindAtomA, GetModuleFileNameA, GetModuleHandleA, GlobalAddAtomA, DelayLoadFailureHook, LoadLibraryExA, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GlobalFindAtomW, GetPrivateProfileStringW, RegSetValueExW, RegCloseKey, RegCreateKeyExW, RegDeleteKeyExW, GetUserDefaultLCID, GlobalUnlock, GlobalLock, GlobalSize, LocalFree, GlobalDeleteAtom, LocalAlloc, DeleteAtom, FreeLibrary, GetProcAddress, LoadLibraryW, InterlockedExchange, GlobalGetAtomNameA, GlobalGetAtomNameW, GetModuleFileNameW, GlobalFree, GetLocaleInfoW, GlobalFlags, WideCharToMultiByte, GetLastError, GetOEMCP, GlobalReAlloc, MultiByteToWideChar, GlobalAlloc, WaitForMultipleObjectsEx, SetEvent, CreateFileW, lstrcmpiW, WritePrivateProfileStringW

[[ 822 export(s) ]]
ActivateKeyboardLayout, AddClipboardFormatListener, AdjustWindowRect, AdjustWindowRectEx, AlignRects, AllowForegroundActivation, AllowSetForegroundWindow, AnimateWindow, AnyPopup, AppendMenuA, AppendMenuW, ArrangeIconicWindows, AttachThreadInput, BeginDeferWindowPos, BeginPaint, BlockInput, BringWindowToTop, BroadcastSystemMessage, BroadcastSystemMessageA, BroadcastSystemMessageExA, BroadcastSystemMessageExW, BroadcastSystemMessageW, BuildReasonArray, CalcMenuBar, CalculatePopupWindowPosition, CallMsgFilter, CallMsgFilterA, CallMsgFilterW, CallNextHookEx, CallWindowProcA, CallWindowProcW, CancelShutdown, CascadeChildWindows, CascadeWindows, ChangeClipboardChain, ChangeDisplaySettingsA, ChangeDisplaySettingsExA, ChangeDisplaySettingsExW, ChangeDisplaySettingsW, ChangeMenuA, ChangeMenuW, ChangeWindowMessageFilter, ChangeWindowMessageFilterEx, CharLowerA, CharLowerBuffA, CharLowerBuffW, CharLowerW, CharNextA, CharNextExA, CharNextW, CharPrevA, CharPrevExA, CharPrevW, CharToOemA, CharToOemBuffA, CharToOemBuffW, CharToOemW, CharUpperA, CharUpperBuffA, CharUpperBuffW, CharUpperW, CheckDesktopByThreadId, CheckDlgButton, CheckMenuItem, CheckMenuRadioItem, CheckRadioButton, CheckWindowThreadDesktop, ChildWindowFromPoint, ChildWindowFromPointEx, CliImmSetHotKey, ClientThreadSetup, ClientToScreen, ClipCursor, CloseClipboard, CloseDesktop, CloseGestureInfoHandle, CloseTouchInputHandle, CloseWindow, CloseWindowStation, ConsoleControl, ControlMagnification, CopyAcceleratorTableA, CopyAcceleratorTableW, CopyIcon, CopyImage, CopyRect, CountClipboardFormats, CreateAcceleratorTableA, CreateAcceleratorTableW, CreateCaret, CreateCursor, CreateDesktopA, CreateDesktopExA, CreateDesktopExW, CreateDesktopW, CreateDialogIndirectParamA, CreateDialogIndirectParamAorW, CreateDialogIndirectParamW, CreateDialogParamA, CreateDialogParamW, CreateIcon, CreateIconFromResource, CreateIconFromResourceEx, CreateIconIndirect, CreateMDIWindowA, CreateMDIWindowW, CreateMenu, CreatePopupMenu, CreateSystemThreads, CreateWindowExA, CreateWindowExW, CreateWindowStationA, CreateWindowStationW, CsrBroadcastSystemMessageExW, CtxInitUser32, DdeAbandonTransaction, DdeAccessData, DdeAddData, DdeClientTransaction, DdeCmpStringHandles, DdeConnect, DdeConnectList, DdeCreateDataHandle, DdeCreateStringHandleA, DdeCreateStringHandleW, DdeDisconnect, DdeDisconnectList, DdeEnableCallback, DdeFreeDataHandle, DdeFreeStringHandle, DdeGetData, DdeGetLastError, DdeGetQualityOfService, DdeImpersonateClient, DdeInitializeA, DdeInitializeW, DdeKeepStringHandle, DdeNameService, DdePostAdvise, DdeQueryConvInfo, DdeQueryNextServer, DdeQueryStringA, DdeQueryStringW, DdeReconnect, DdeSetQualityOfService, DdeSetUserHandle, DdeUnaccessData, DdeUninitialize, DefDlgProcA, DefDlgProcW, DefFrameProcA, DefFrameProcW, DefMDIChildProcA, DefMDIChildProcW, DefRawInputProc, DefWindowProcA, DefWindowProcW, DeferWindowPos, DeleteMenu, DeregisterShellHookWindow, DestroyAcceleratorTable, DestroyCaret, DestroyCursor, DestroyIcon, DestroyMenu, DestroyReasons, DestroyWindow, DeviceEventWorker, DialogBoxIndirectParamA, DialogBoxIndirectParamAorW, DialogBoxIndirectParamW, DialogBoxParamA, DialogBoxParamW, DisableProcessWindowsGhosting, DispatchMessageA, DispatchMessageW, DisplayConfigGetDeviceInfo, DisplayConfigSetDeviceInfo, DisplayExitWindowsWarnings, DlgDirListA, DlgDirListComboBoxA, DlgDirListComboBoxW, DlgDirListW, DlgDirSelectComboBoxExA, DlgDirSelectComboBoxExW, DlgDirSelectExA, DlgDirSelectExW, DoSoundConnect, DoSoundDisconnect, DragDetect, DragObject, DrawAnimatedRects, DrawCaption, DrawCaptionTempA, DrawCaptionTempW, DrawEdge, DrawFocusRect, DrawFrame, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawMenuBarTemp, DrawStateA, DrawStateW, DrawTextA, DrawTextExA, DrawTextExW, DrawTextW, DwmGetDxSharedSurface, DwmStartRedirection, DwmStopRedirection, EditWndProc, EmptyClipboard, EnableMenuItem, EnableScrollBar, EnableWindow, EndDeferWindowPos, EndDialog, EndMenu, EndPaint, EndTask, EnterReaderModeHelper, EnumChildWindows, EnumClipboardFormats, EnumDesktopWindows, EnumDesktopsA, EnumDesktopsW, EnumDisplayDevicesA, EnumDisplayDevicesW, EnumDisplayMonitors, EnumDisplaySettingsA, EnumDisplaySettingsExA, EnumDisplaySettingsExW, EnumDisplaySettingsW, EnumPropsA, EnumPropsExA, EnumPropsExW, EnumPropsW, EnumThreadWindows, EnumWindowStationsA, EnumWindowStationsW, EnumWindows, EqualRect, ExcludeUpdateRgn, ExitWindowsEx, FillRect, FindWindowA, FindWindowExA, FindWindowExW, FindWindowW, FlashWindow, FlashWindowEx, FrameRect, FreeDDElParam, FrostCrashedWindow, GetActiveWindow, GetAltTabInfo, GetAltTabInfoA, GetAltTabInfoW, GetAncestor, GetAppCompatFlags, GetAppCompatFlags2, GetAsyncKeyState, GetCapture, GetCaretBlinkTime, GetCaretPos, GetClassInfoA, GetClassInfoExA, GetClassInfoExW, GetClassInfoW, GetClassLongA, GetClassLongW, GetClassNameA, GetClassNameW, GetClassWord, GetClientRect, GetClipCursor, GetClipboardData, GetClipboardFormatNameA, GetClipboardFormatNameW, GetClipboardOwner, GetClipboardSequenceNumber, GetClipboardViewer, GetComboBoxInfo, GetCursor, GetCursorFrameInfo, GetCursorInfo, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetDialogBaseUnits, GetDisplayConfigBufferSizes, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetDlgItemTextA, GetDlgItemTextW, GetDoubleClickTime, GetFocus, GetForegroundWindow, GetGUIThreadInfo, GetGestureConfig, GetGestureExtraArgs, GetGestureInfo, GetGuiResources, GetIconInfo, GetIconInfoExA, GetIconInfoExW, GetInputDesktop, GetInputLocaleInfo, GetInputState, GetInternalWindowPos, GetKBCodePage, GetKeyNameTextA, GetKeyNameTextW, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardLayoutNameA, GetKeyboardLayoutNameW, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetLastInputInfo, GetLayeredWindowAttributes, GetListBoxInfo, GetMagnificationDesktopColorEffect, GetMagnificationDesktopMagnification, GetMagnificationLensCtxInformation, GetMenu, GetMenuBarInfo, GetMenuCheckMarkDimensions, GetMenuContextHelpId, GetMenuDefaultItem, GetMenuInfo, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuItemInfoW, GetMenuItemRect, GetMenuState, GetMenuStringA, GetMenuStringW, GetMessageA, GetMessageExtraInfo, GetMessagePos, GetMessageTime, GetMessageW, GetMonitorInfoA, GetMonitorInfoW, GetMouseMovePointsEx, GetNextDlgGroupItem, GetNextDlgTabItem, GetOpenClipboardWindow, GetParent, GetPhysicalCursorPos, GetPriorityClipboardFormat, GetProcessDefaultLayout, GetProcessWindowStation, GetProgmanWindow, GetPropA, GetPropW, GetQueueStatus, GetRawInputBuffer, GetRawInputData, GetRawInputDeviceInfoA, GetRawInputDeviceInfoW, GetRawInputDeviceList, GetReasonTitleFromReasonCode, GetRegisteredRawInputDevices, GetScrollBarInfo, GetScrollInfo, GetScrollPos, GetScrollRange, GetSendMessageReceiver, GetShellWindow, GetSubMenu, GetSysColor, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetTabbedTextExtentA, GetTabbedTextExtentW, GetTaskmanWindow, GetThreadDesktop, GetTitleBarInfo, GetTopLevelWindow, GetTopWindow, GetTouchInputInfo, GetUpdateRect, GetUpdateRgn, GetUpdatedClipboardFormats, GetUserObjectInformationA, GetUserObjectInformationW, GetUserObjectSecurity, GetWinStationInfo, GetWindow, GetWindowCompositionAttribute, GetWindowCompositionInfo, GetWindowContextHelpId, GetWindowDC, GetWindowDisplayAffinity, GetWindowInfo, GetWindowLongA, GetWindowLongW, GetWindowMinimizeRect, GetWindowModuleFileName, GetWindowModuleFileNameA, GetWindowModuleFileNameW, GetWindowPlacement, GetWindowRect, GetWindowRgn, GetWindowRgnBox, GetWindowRgnEx, GetWindowTextA, GetWindowTextLengthA, GetWindowTextLengthW, GetWindowTextW, GetWindowThreadProcessId, GetWindowWord, GhostWindowFromHungWindow, GrayStringA, GrayStringW, HideCaret, HiliteMenuItem, HungWindowFromGhostWindow, IMPGetIMEA, IMPGetIMEW, IMPQueryIMEA, IMPQueryIMEW, IMPSetIMEA, IMPSetIMEW, ImpersonateDdeClientWindow, InSendMessage, InSendMessageEx, InflateRect, InitializeLpkHooks, InsertMenuA, InsertMenuItemA, InsertMenuItemW, InsertMenuW, InternalGetWindowIcon, InternalGetWindowText, IntersectRect, InvalidateRect, InvalidateRgn, InvertRect, IsCharAlphaA, IsCharAlphaNumericA, IsCharAlphaNumericW, IsCharAlphaW, IsCharLowerA, IsCharLowerW, IsCharUpperA, IsCharUpperW, IsChild, IsClipboardFormatAvailable, IsDialogMessage, IsDialogMessageA, IsDialogMessageW, IsDlgButtonChecked, IsGUIThread, IsHungAppWindow, IsIconic, IsMenu, IsProcessDPIAware, IsRectEmpty, IsSETEnabled, IsServerSideWindow, IsThreadDesktopComposited, IsTopLevelWindow, IsTouchWindow, IsWinEventHookInstalled, IsWindow, IsWindowEnabled, IsWindowInDestroy, IsWindowRedirectedForPrint, IsWindowUnicode, IsWindowVisible, IsWow64Message, IsZoomed, KillTimer, LoadAcceleratorsA, LoadAcceleratorsW, LoadBitmapA, LoadBitmapW, LoadCursorA, LoadCursorFromFileA, LoadCursorFromFileW, LoadCursorW, LoadIconA, LoadIconW, LoadImageA, LoadImageW, LoadKeyboardLayoutA, LoadKeyboardLayoutEx, LoadKeyboardLayoutW, LoadLocalFonts, LoadMenuA, LoadMenuIndirectA, LoadMenuIndirectW, LoadMenuW, LoadRemoteFonts, LoadStringA, LoadStringW, LockSetForegroundWindow, LockWindowStation, LockWindowUpdate, LockWorkStation, LogicalToPhysicalPoint, LookupIconIdFromDirectory, LookupIconIdFromDirectoryEx, MBToWCSEx, MB_GetString, MapDialogRect, MapVirtualKeyA, MapVirtualKeyExA, MapVirtualKeyExW, MapVirtualKeyW, MapWindowPoints, MenuItemFromPoint, MenuWindowProcA, MenuWindowProcW, MessageBeep, MessageBoxA, MessageBoxExA, MessageBoxExW, MessageBoxIndirectA, MessageBoxIndirectW, MessageBoxTimeoutA, MessageBoxTimeoutW, MessageBoxW, ModifyMenuA, ModifyMenuW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow, MoveWindow, MsgWaitForMultipleObjects, MsgWaitForMultipleObjectsEx, NotifyOverlayWindow, NotifyWinEvent, OemKeyScan, OemToCharA, OemToCharBuffA, OemToCharBuffW, OemToCharW, OffsetRect, OpenClipboard, OpenDesktopA, OpenDesktopW, OpenIcon, OpenInputDesktop, OpenThreadDesktop, OpenWindowStationA, OpenWindowStationW, PackDDElParam, PaintDesktop, PaintMenuBar, PaintMonitor, PeekMessageA, PeekMessageW, PhysicalToLogicalPoint, PostMessageA, PostMessageW, PostQuitMessage, PostThreadMessageA, PostThreadMessageW, PrintWindow, PrivateExtractIconExA, PrivateExtractIconExW, PrivateExtractIconsA, PrivateExtractIconsW, PrivateRegisterICSProc, PtInRect, QueryDisplayConfig, QuerySendMessage, RealChildWindowFromPoint, RealGetWindowClass, RealGetWindowClassA, RealGetWindowClassW, ReasonCodeNeedsBugID, ReasonCodeNeedsComment, RecordShutdownReason, RedrawWindow, RegisterClassA, RegisterClassExA, RegisterClassExW, RegisterClassW, RegisterClipboardFormatA, RegisterClipboardFormatW, RegisterDeviceNotificationA, RegisterDeviceNotificationW, RegisterErrorReportingDialog, RegisterFrostWindow, RegisterGhostWindow, RegisterHotKey, RegisterLogonProcess, RegisterMessagePumpHook, RegisterPowerSettingNotification, RegisterRawInputDevices, RegisterServicesProcess, RegisterSessionPort, RegisterShellHookWindow, RegisterSystemThread, RegisterTasklist, RegisterTouchWindow, RegisterUserApiHook, RegisterWindowMessageA, RegisterWindowMessageW, ReleaseCapture, ReleaseDC, RemoveClipboardFormatListener, RemoveMenu, RemovePropA, RemovePropW, ReplyMessage, ResolveDesktopForWOW, ReuseDDElParam, ScreenToClient, ScrollChildren, ScrollDC, ScrollWindow, ScrollWindowEx, SendDlgItemMessageA, SendDlgItemMessageW, SendIMEMessageExA, SendIMEMessageExW, SendInput, SendMessageA, SendMessageCallbackA, SendMessageCallbackW, SendMessageTimeoutA, SendMessageTimeoutW, SendMessageW, SendNotifyMessageA, SendNotifyMessageW, SetActiveWindow, SetCapture, SetCaretBlinkTime, SetCaretPos, SetClassLongA, SetClassLongW, SetClassWord, SetClipboardData, SetClipboardViewer, SetCursor, SetCursorContents, SetCursorPos, SetDebugErrorLevel, SetDeskWallpaper, SetDisplayConfig, SetDlgItemInt, SetDlgItemTextA, SetDlgItemTextW, SetDoubleClickTime, SetFocus, SetForegroundWindow, SetGestureConfig, SetInternalWindowPos, SetKeyboardState, SetLastErrorEx, SetLayeredWindowAttributes, SetMagnificationDesktopColorEffect, SetMagnificationDesktopMagnification, SetMagnificationLensCtxInformation, SetMenu, SetMenuContextHelpId, SetMenuDefaultItem, SetMenuInfo, SetMenuItemBitmaps, SetMenuItemInfoA, SetMenuItemInfoW, SetMessageExtraInfo, SetMessageQueue, SetMirrorRendering, SetParent, SetPhysicalCursorPos, SetProcessDPIAware, SetProcessDefaultLayout, SetProcessWindowStation, SetProgmanWindow, SetPropA, SetPropW, SetRect, SetRectEmpty, SetScrollInfo, SetScrollPos, SetScrollRange, SetShellWindow, SetShellWindowEx, SetSysColors, SetSysColorsTemp, SetSystemCursor, SetSystemMenu, SetTaskmanWindow, SetThreadDesktop, SetTimer, SetUserObjectInformationA, SetUserObjectInformationW, SetUserObjectSecurity, SetWinEventHook, SetWindowCompositionAttribute, SetWindowContextHelpId, SetWindowDisplayAffinity, SetWindowLongA, SetWindowLongW, SetWindowPlacement, SetWindowPos, SetWindowRgn, SetWindowRgnEx, SetWindowStationUser, SetWindowTextA, SetWindowTextW, SetWindowWord, SetWindowsHookA, SetWindowsHookExA, SetWindowsHookExW, SetWindowsHookW, SfmDxBindSwapChain, SfmDxGetSwapChainStats, SfmDxOpenSwapChain, SfmDxQuerySwapChainBindingStatus, SfmDxReleaseSwapChain, SfmDxReportPendingBindingsToDwm, SfmDxSetSwapChainBindingStatus, SfmDxSetSwapChainStats, ShowCaret, ShowCursor, ShowOwnedPopups, ShowScrollBar, ShowStartGlass, ShowSystemCursor, ShowWindow, ShowWindowAsync, ShutdownBlockReasonCreate, ShutdownBlockReasonDestroy, ShutdownBlockReasonQuery, SoftModalMessageBox, SoundSentry, SubtractRect, SwapMouseButton, SwitchDesktop, SwitchDesktopWithFade, SwitchToThisWindow, SystemParametersInfoA, SystemParametersInfoW, TabbedTextOutA, TabbedTextOutW, TileChildWindows, TileWindows, ToAscii, ToAsciiEx, ToUnicode, ToUnicodeEx, TrackMouseEvent, TrackPopupMenu, TrackPopupMenuEx, TranslateAccelerator, TranslateAcceleratorA, TranslateAcceleratorW, TranslateMDISysAccel, TranslateMessage, TranslateMessageEx, UnhookWinEvent, UnhookWindowsHook, UnhookWindowsHookEx, UnionRect, UnloadKeyboardLayout, UnlockWindowStation, UnpackDDElParam, UnregisterClassA, UnregisterClassW, UnregisterDeviceNotification, UnregisterHotKey, UnregisterMessagePumpHook, UnregisterPowerSettingNotification, UnregisterSessionPort, UnregisterTouchWindow, UnregisterUserApiHook, UpdateLayeredWindow, UpdateLayeredWindowIndirect, UpdatePerUserSystemParameters, UpdateWindow, UpdateWindowTransform, User32InitializeImmEntryTable, UserClientDllInitialize, UserHandleGrantAccess, UserLpkPSMTextOut, UserLpkTabbedTextOut, UserRealizePalette, UserRegisterWowHandlers, VRipOutput, VTagOutput, ValidateRect, ValidateRgn, VkKeyScanA, VkKeyScanExA, VkKeyScanExW, VkKeyScanW, WCSToMBEx, WINNLSEnableIME, WINNLSGetEnableStatus, WINNLSGetIMEHotkey, WaitForInputIdle, WaitMessage, WinHelpA, WinHelpW, WindowFromDC, WindowFromPhysicalPoint, WindowFromPoint, _UserTestTokenForInteractive, gSharedInfo, gapfnScSendMessage, keybd_event, mouse_event, wsprintfA, wsprintfW, wvsprintfA, wvsprintfW



Marley15
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2010-08-20
OS OS : Windows 7
Points Points : 23492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

Post by Sneakyone on Sun Aug 22, 2010 7:32 pm

Hi.

Please go to [You must be registered and logged in to see this link.] and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.


  • I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Posts Posts : 2707
    Joined Joined : 2010-01-10
    Gender Gender : Male
    OS OS : Windows 7 Ultimate 64-bit
    Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
    Points Points : 56074
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

    Post by Marley15 on Sun Aug 22, 2010 9:44 pm

    Okay, the scan is running atm. Wow, takes freakin' long :O. It's 10% atm and is already running for 1 hour :o. Wow lol Goofy



    Marley15
    Intermediate
    Intermediate

    Posts Posts : 101
    Joined Joined : 2010-08-20
    OS OS : Windows 7
    Points Points : 23492
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

    Post by Marley15 on Mon Aug 23, 2010 2:23 am

    Hi,

    I have to sleep now, it's already 4:18 in the morning Goofy I have to turn off the computer, and the scan still isn't finished... Unbelievable lol, it runned already for 6 hours Whoa! and it still was on 48%, lol...

    Anyway, here's the log:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Monday, August 23, 2010
    Operating system: Microsoft Professional (build 7600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Sunday, August 22, 2010 14:12:11
    Records in database: 4134853
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    Q:\

    Scan statistics:
    Objects scanned: 317307
    Threats found: 6
    Infected objects found: 6
    Suspicious objects found: 0
    Scan duration: 06:01:01


    File name / Threat / Threats count
    C:\Organized\Windows.old\$Recycle.Bin\S-1-5-21-1278662306-3425053738-1320514579-1000\$RL0K0M4\Warlord_Public_Hook_26_11_09.zip Infected: Trojan-Downloader.Win32.Agent.dcvr 1
    C:\Organized\Windows.old\Program Files\AIM6\addressBook.exe Infected: Trojan.Win32.Vilsel.ajgl 1
    C:\Organized\Windows.old\Program Files\HTV\HTV.003 Infected: not-a-virus:Monitor.Win32.Ardamax.qz 1
    C:\Organized\Windows.old\Program Files\HTV\HTV.006 Infected: not-a-virus:Monitor.Win32.Ardamax.gg 1
    C:\Organized\Windows.old\Program Files\HTV\HTV.007 Infected: not-a-virus:Monitor.Win32.Ardamax.o 1
    C:\Organized\Windows.old\Program Files\Steam\Launcher.exe Infected: not-a-virus:FraudTool.Win32.VirusIsolator.ara 1

    Scanning stopped by the user.





    Marley15
    Intermediate
    Intermediate

    Posts Posts : 101
    Joined Joined : 2010-08-20
    OS OS : Windows 7
    Points Points : 23492
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

    Post by Sneakyone on Mon Aug 23, 2010 2:28 am

    Hi.

    Try this one when you have the time, it is quicker.

    Please run a free online scan with the [You must be registered and logged in to see this link.]
    Note: You will need to use Internet Explorer for this scan

    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Posts Posts : 2707
    Joined Joined : 2010-01-10
    Gender Gender : Male
    OS OS : Windows 7 Ultimate 64-bit
    Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
    Points Points : 56074
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

    Post by Marley15 on Sun Aug 29, 2010 7:02 pm

    Hey,

    I scanned and I can't find the log in the map it supposed have to be. Anyway, it found 6 threats and they are deleted, tho they were no threats in my eyes (the threat were the game warrock and a registryfix progam).

    So what now? I still have the lagg and I still keep disconnecting Goofy.

    Thanks in advance!



    Marley15
    Intermediate
    Intermediate

    Posts Posts : 101
    Joined Joined : 2010-08-20
    OS OS : Windows 7
    Points Points : 23492
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

    Post by Sneakyone on Mon Aug 30, 2010 1:03 am

    Hi.

    The RAT is gone, the lagging and D/C is a different issue, I suggest going to command prompt and typing IPConfig /flushdns

    Try that and see.


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Posts Posts : 2707
    Joined Joined : 2010-01-10
    Gender Gender : Male
    OS OS : Windows 7 Ultimate 64-bit
    Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
    Points Points : 56074
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

    Post by Marley15 on Mon Aug 30, 2010 6:38 pm

    Didn't help, what to do? Thanks.



    Marley15
    Intermediate
    Intermediate

    Posts Posts : 101
    Joined Joined : 2010-08-20
    OS OS : Windows 7
    Points Points : 23492
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

    Post by Sneakyone on Wed Sep 01, 2010 11:18 pm

    Hi.

    I will ask my colleagues for some ideas and get back to you with them, please sit tight. Smile


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Posts Posts : 2707
    Joined Joined : 2010-01-10
    Gender Gender : Male
    OS OS : Windows 7 Ultimate 64-bit
    Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
    Points Points : 56074
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

    Post by Marley15 on Fri Sep 03, 2010 7:56 pm

    [You must be registered and logged in to see this link.] wrote:Hi.

    I will ask my colleagues for some ideas and get back to you with them, please sit tight. Smile

    Thanks! Got any ideas yet?

    thanx in advance!



    Marley15
    Intermediate
    Intermediate

    Posts Posts : 101
    Joined Joined : 2010-08-20
    OS OS : Windows 7
    Points Points : 23492
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

    Post by Marley15 on Fri Sep 03, 2010 10:56 pm

    nvm im not aloud to get helped here since im a gpa student trainee.



    Marley15
    Intermediate
    Intermediate

    Posts Posts : 101
    Joined Joined : 2010-08-20
    OS OS : Windows 7
    Points Points : 23492
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

    Post by Sneakyone on Sat Sep 04, 2010 6:20 am

    Hi.

    It didn't say GPA Student as your usergroup before. Let me think

    If you think you are still infected, just post in the thread in the academy for getting help.


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Posts Posts : 2707
    Joined Joined : 2010-01-10
    Gender Gender : Male
    OS OS : Windows 7 Ultimate 64-bit
    Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
    Points Points : 56074
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

    Post by Marley15 on Fri Sep 10, 2010 8:15 pm

    nvm, no-one helps there... can you help me further? thx. i still have the same problems.

    thanks,

    marley.



    Marley15
    Intermediate
    Intermediate

    Posts Posts : 101
    Joined Joined : 2010-08-20
    OS OS : Windows 7
    Points Points : 23492
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

    Post by Sneakyone on Sat Sep 11, 2010 11:22 pm

    Hi,

    I will reply in the thread for removal in the academy and we will start over there. Smile


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Posts Posts : 2707
    Joined Joined : 2010-01-10
    Gender Gender : Male
    OS OS : Windows 7 Ultimate 64-bit
    Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
    Points Points : 56074
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: I've been infected by a RAT... I keep disconnecting, Lagging etc

    Post by Marley15 on Sat Sep 11, 2010 11:36 pm

    Okay, thanks! :smile2:



    Marley15
    Intermediate
    Intermediate

    Posts Posts : 101
    Joined Joined : 2010-08-20
    OS OS : Windows 7
    Points Points : 23492
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum