[es] - Problem-operativni sistem,virus Sality

satrospenzi
Student

Član broj: 288779
Poruke: 18
*.dynamic.telemach.ba.

Profil

Re: Problem-operativni sistem,virus Sality

^{09.08.2011. u 12:08 - pre 154 meseci}

ComboFix 11-08-08.03 - Neko 09.08.2011 13:01:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.387.1033.18.2047.1532 [GMT 2:00]
Running from: C:\Documents and Settings\Neko\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll

---- Previous Run -------

C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll

((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))

2011-08-09 04:13:09 . 2011-08-09 04:18:36 16607084544 ----a-w- C:\bst35.tmp
2011-08-08 01:21:11 . 2011-08-08 01:21:11 -------- d-----w- C:\NVIDIA
2011-08-07 07:03:44 . 2011-08-09 10:39:36 -------- d-----r- C:\Program Files
2011-08-07 07:00:03 . 2011-08-08 00:02:36 -------- d-----w- C:\Documents and Settings
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-05-25 06:09:21 . 2011-05-21 04:01:00 61440 ----a-w- C:\WINDOWS\system32\OpenCL.dll
2011-05-25 06:09:21 . 2011-05-21 04:01:00 2808936 ----a-w- C:\WINDOWS\system32\nvcuvid.dll
2011-05-25 06:09:21 . 2011-05-21 04:01:00 2082408 ----a-w- C:\WINDOWS\system32\nvcuvenc.dll
2011-05-25 06:09:21 . 2011-05-21 04:01:00 16068608 ----a-w- C:\WINDOWS\system32\nvoglnt.dll
2011-05-25 06:09:20 . 2011-05-21 04:01:00 5332992 ----a-w- C:\WINDOWS\system32\nvcuda.dll
2011-05-25 06:09:20 . 2011-05-21 04:01:00 13004800 ----a-w- C:\WINDOWS\system32\nvcompiler.dll
2011-05-21 04:01:00 . 2011-05-21 04:01:00 899688 ----a-w- C:\WINDOWS\system32\nvdispco3220150.dll
2011-05-21 04:01:00 . 2011-05-21 04:01:00 865896 ----a-w- C:\WINDOWS\system32\nvgenco322090.dll
2011-05-21 04:01:00 . 2011-05-21 04:01:00 2328576 ----a-w- C:\WINDOWS\system32\nvapi.dll
2011-07-08 07:42:06 . 2011-08-08 23:02:02 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((( SnapShot@2011-08-09_02.45.27 )))))))))))))))))))))))))))))))))))))))))

+ 2011-08-09 10:39:39 . 2011-07-06 17:52:42 41272 C:\WINDOWS\system32\drivers\mbamswissarmy.sys
+ 2011-08-09 10:39:36 . 2011-07-06 17:52:42 22712 C:\WINDOWS\system32\drivers\mbam.sys
+ 2011-08-09 10:23:56 . 2011-08-09 10:23:56 81920 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\3cd9646ed330cc4fbd64d00c61c6a62e\Microsoft.Build.Framework.ni.dll
+ 2011-08-09 10:23:54 . 2011-08-09 10:23:54 15360 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\9f2287b949ba5849bfbcab13a206a104\dfsvc.ni.exe
+ 2011-08-09 10:23:47 . 2011-08-09 10:23:47 26624 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\01dcd7520dd2b14dae19a884eb531ef6\Accessibility.ni.dll
+ 2011-08-09 10:24:17 . 2011-08-09 10:24:17 237568 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\0ceef84329c61945b841f4b18e526ed0\System.Web.RegularExpressions.ni.dll
+ 2011-08-09 10:24:06 . 2011-08-09 10:24:06 684032 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\e073bd404183b74eb7a3e7c75e2bb155\System.Transactions.ni.dll
+ 2011-08-09 10:24:05 . 2011-08-09 10:24:05 729088 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\131abcc1b7ef054ba4900954c99351fa\System.Security.ni.dll
+ 2011-08-09 10:24:04 . 2011-08-09 10:24:04 294912 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\67299ff82a8c594eb7f7f4b49a24f9f6\System.EnterpriseServices.Wrapper.dll
+ 2011-08-09 10:24:04 . 2011-08-09 10:24:04 659456 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\67299ff82a8c594eb7f7f4b49a24f9f6\System.EnterpriseServices.ni.dll
+ 2011-08-09 10:24:03 . 2011-08-09 10:24:03 512000 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1cef3403b2c306429e2ede5d89f5c751\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-09 10:24:01 . 2011-08-09 10:24:01 962560 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d1716ce324e654f845b87019511d23d\System.Configuration.ni.dll
+ 2011-08-09 10:23:58 . 2011-08-09 10:23:58 163840 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\6a3a0fa314d3cb4fbb12b65e47a30b6a\Microsoft.Build.Utilities.ni.dll
+ 2011-08-09 10:23:55 . 2011-08-09 10:23:55 880640 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\4342b35c9082454c82deb6cafa8cc0cf\Microsoft.Build.Engine.ni.dll
+ 2011-08-09 10:23:54 . 2011-08-09 10:23:54 237568 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2223d72fc83d574d81fea35f889e6c73\CustomMarshalers.ni.dll
+ 2011-08-09 10:23:54 . 2011-08-09 10:23:54 860160 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\01f346446ebfaa44adf4e69c3bc779bd\AspNetMMCExt.ni.dll
+ 2011-08-09 10:23:52 . 2011-08-09 10:23:52 8093696 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\0a34f3e8a117b4468631280ff816cec0\System.ni.dll
+ 2011-08-09 10:24:18 . 2011-08-09 10:24:18 1945600 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\dc40b2fd974c3a49acb8e7a290fa9b7c\System.Web.Services.ni.dll
+ 2011-08-09 10:24:16 . 2011-08-09 10:24:16 2310144 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\383575a6979c924c95622f503c9beb52\System.Web.Mobile.ni.dll
+ 2011-08-09 10:24:20 . 2011-08-09 10:24:20 1626112 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\258bc5bc6094464c86d2af3a3c7a6c8d\System.Drawing.ni.dll
+ 2011-08-09 10:24:03 . 2011-08-09 10:24:03 1220608 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\da5660486615bc4d87dd62f4ad5aeb88\System.DirectoryServices.ni.dll
+ 2011-08-09 10:24:02 . 2011-08-09 10:24:02 1712128 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\32912d4fb8057a4b9b435d47c888ba64\System.Deployment.ni.dll
+ 2011-08-09 10:24:00 . 2011-08-09 10:24:00 1724416 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\e9070e68480ef940b97ff2e2eb319340\Microsoft.VisualBasic.ni.dll
+ 2011-08-09 10:23:57 . 2011-08-09 10:23:57 1691648 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\44caefde55b7dd4588c4170d584bda27\Microsoft.Build.Tasks.ni.dll
+ 2011-08-09 10:24:14 . 2011-08-09 10:24:14 11808768 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\420864627c189242b8be400d4ee76de2\System.Web.ni.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 20:12:38 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 11:16:28 29831168]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 21:15:02 202296]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 11:36:56 2793304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2011-05-25 06:09:22 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 06:09:23 111208]
"nwiz"="C:\Program Files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 22:02:42 1632360]
"ProcessLassoManagementConsole"="C:\Program Files\Process Lasso\processlasso.exe" [2011-08-03 05:00:26 604176]
"ProcessGovernor"="C:\Program Files\Process Lasso\processgovernor.exe" [2011-08-03 05:00:26 329232]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 17:52:38 449584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

R1 kl2;kl2;C:\WINDOWS\system32\drivers\kl2.sys [4.3.2011 13:23:20 11352]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [9.8.2011 12:39:39 366640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8.8.2011 2:02:34 2214504]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [10.3.2011 18:34:46 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\system32\drivers\klmouflt.sys [2.11.2009 20:27:24 19472]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [9.8.2011 12:39:36 22712]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\WINDOWS\system32\drivers\viahduaa.sys [7.8.2011 7:24:49 238080]

------- Supplementary Scan -------

uStart Page = hxxp://www.bigseekpro.com/burn4free/{3D079E04-BE0E-45C8-A163-889E1A7D9C61}
mStart Page = hxxp://www.bigseekpro.com/burn4free/{3D079E04-BE0E-45C8-A163-889E1A7D9C61}
TCP: DhcpNameServer = 77.77.192.10 77.78.192.10 94.140.66.194
FF - ProfilePath - C:\Documents and Settings\Neko\Application Data\Mozilla\Firefox\Profiles\nbjngv6s.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=421&q=
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3

- - - - ORPHANS REMOVED - - - -

Toolbar-10 - (no file)

satrospenzi
Student

Član broj: 288779
Poruke: 18
*.dynamic.telemach.ba.

Profil

Re: Problem-operativni sistem,virus Sality

^{09.08.2011. u 12:40 - pre 154 meseci}

Sad sam imao pokrenut samo combofix i cpu usage je islo do 90 %.Ne kontam sta je,ali CPU System idle proces je cirka 95.

ComboFix 11-08-08.03 - Neko 09.08.2011 13:34:35.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.387.1033.18.2047.1469 [GMT 2:00]
Running from: C:\Documents and Settings\Neko\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Neko\Desktop\CFScript.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

---- Previous Run -------

C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll

((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))

2011-08-09 04:13:09 . 2011-08-09 04:18:36 16607084544 ----a-w- C:\bst35.tmp
2011-08-08 01:21:11 . 2011-08-08 01:21:11 -------- d-----w- C:\NVIDIA
2011-08-07 07:03:44 . 2011-08-09 11:10:38 -------- d-----r- C:\Program Files
2011-08-07 07:00:03 . 2011-08-08 00:02:36 -------- d-----w- C:\Documents and Settings
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-05-25 06:09:21 . 2011-05-21 04:01:00 61440 ----a-w- C:\WINDOWS\system32\OpenCL.dll
2011-05-25 06:09:21 . 2011-05-21 04:01:00 2808936 ----a-w- C:\WINDOWS\system32\nvcuvid.dll
2011-05-25 06:09:21 . 2011-05-21 04:01:00 2082408 ----a-w- C:\WINDOWS\system32\nvcuvenc.dll
2011-05-25 06:09:21 . 2011-05-21 04:01:00 16068608 ----a-w- C:\WINDOWS\system32\nvoglnt.dll
2011-05-25 06:09:20 . 2011-05-21 04:01:00 5332992 ----a-w- C:\WINDOWS\system32\nvcuda.dll
2011-05-25 06:09:20 . 2011-05-21 04:01:00 13004800 ----a-w- C:\WINDOWS\system32\nvcompiler.dll
2011-05-21 04:01:00 . 2011-05-21 04:01:00 899688 ----a-w- C:\WINDOWS\system32\nvdispco3220150.dll
2011-05-21 04:01:00 . 2011-05-21 04:01:00 865896 ----a-w- C:\WINDOWS\system32\nvgenco322090.dll
2011-05-21 04:01:00 . 2011-05-21 04:01:00 2328576 ----a-w- C:\WINDOWS\system32\nvapi.dll
2011-07-08 07:42:06 . 2011-08-08 23:02:02 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((( SnapShot@2011-08-09_02.45.27 )))))))))))))))))))))))))))))))))))))))))

+ 2011-08-09 11:09:53 . 2011-03-11 10:43:54 29763 C:\WINDOWS\LastGood\system32\DRIVERS\klopp.dat
+ 2011-08-09 11:09:55 . 2009-11-02 18:27:24 19472 C:\WINDOWS\LastGood\system32\DRIVERS\klmouflt.sys
+ 2011-08-09 11:09:56 . 2011-03-10 16:34:46 34608 C:\WINDOWS\LastGood\system32\DRIVERS\klim5.sys
+ 2011-08-09 11:09:54 . 2011-03-04 11:23:20 11352 C:\WINDOWS\LastGood\system32\DRIVERS\kl2.sys
+ 2011-08-09 10:23:56 . 2011-08-09 10:23:56 81920 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\3cd9646ed330cc4fbd64d00c61c6a62e\Microsoft.Build.Framework.ni.dll
+ 2011-08-09 10:23:54 . 2011-08-09 10:23:54 15360 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\9f2287b949ba5849bfbcab13a206a104\dfsvc.ni.exe
+ 2011-08-09 10:23:47 . 2011-08-09 10:23:47 26624 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\01dcd7520dd2b14dae19a884eb531ef6\Accessibility.ni.dll
+ 2011-08-09 11:09:55 . 2011-08-07 06:17:47 565552 C:\WINDOWS\LastGood\system32\DRIVERS\klif.sys
+ 2011-08-09 11:09:53 . 2011-03-04 11:23:14 133208 C:\WINDOWS\LastGood\system32\DRIVERS\kl1.sys
+ 2011-08-09 10:24:17 . 2011-08-09 10:24:17 237568 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\0ceef84329c61945b841f4b18e526ed0\System.Web.RegularExpressions.ni.dll
+ 2011-08-09 10:24:06 . 2011-08-09 10:24:06 684032 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\e073bd404183b74eb7a3e7c75e2bb155\System.Transactions.ni.dll
+ 2011-08-09 10:24:05 . 2011-08-09 10:24:05 729088 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\131abcc1b7ef054ba4900954c99351fa\System.Security.ni.dll
+ 2011-08-09 10:24:04 . 2011-08-09 10:24:04 294912 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\67299ff82a8c594eb7f7f4b49a24f9f6\System.EnterpriseServices.Wrapper.dll
+ 2011-08-09 10:24:04 . 2011-08-09 10:24:04 659456 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\67299ff82a8c594eb7f7f4b49a24f9f6\System.EnterpriseServices.ni.dll
+ 2011-08-09 10:24:03 . 2011-08-09 10:24:03 512000 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1cef3403b2c306429e2ede5d89f5c751\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-09 10:24:01 . 2011-08-09 10:24:01 962560 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d1716ce324e654f845b87019511d23d\System.Configuration.ni.dll
+ 2011-08-09 10:23:58 . 2011-08-09 10:23:58 163840 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\6a3a0fa314d3cb4fbb12b65e47a30b6a\Microsoft.Build.Utilities.ni.dll
+ 2011-08-09 10:23:55 . 2011-08-09 10:23:55 880640 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\4342b35c9082454c82deb6cafa8cc0cf\Microsoft.Build.Engine.ni.dll
+ 2011-08-09 10:23:54 . 2011-08-09 10:23:54 237568 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2223d72fc83d574d81fea35f889e6c73\CustomMarshalers.ni.dll
+ 2011-08-09 10:23:54 . 2011-08-09 10:23:54 860160 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\01f346446ebfaa44adf4e69c3bc779bd\AspNetMMCExt.ni.dll
+ 2011-08-09 10:23:52 . 2011-08-09 10:23:52 8093696 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\0a34f3e8a117b4468631280ff816cec0\System.ni.dll
+ 2011-08-09 10:24:18 . 2011-08-09 10:24:18 1945600 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\dc40b2fd974c3a49acb8e7a290fa9b7c\System.Web.Services.ni.dll
+ 2011-08-09 10:24:16 . 2011-08-09 10:24:16 2310144 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\383575a6979c924c95622f503c9beb52\System.Web.Mobile.ni.dll
+ 2011-08-09 10:24:20 . 2011-08-09 10:24:20 1626112 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\258bc5bc6094464c86d2af3a3c7a6c8d\System.Drawing.ni.dll
+ 2011-08-09 10:24:03 . 2011-08-09 10:24:03 1220608 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\da5660486615bc4d87dd62f4ad5aeb88\System.DirectoryServices.ni.dll
+ 2011-08-09 10:24:02 . 2011-08-09 10:24:02 1712128 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\32912d4fb8057a4b9b435d47c888ba64\System.Deployment.ni.dll
+ 2011-08-09 10:24:00 . 2011-08-09 10:24:00 1724416 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\e9070e68480ef940b97ff2e2eb319340\Microsoft.VisualBasic.ni.dll
+ 2011-08-09 10:23:57 . 2011-08-09 10:23:57 1691648 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\44caefde55b7dd4588c4170d584bda27\Microsoft.Build.Tasks.ni.dll
+ 2011-08-09 10:24:14 . 2011-08-09 10:24:14 11808768 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\420864627c189242b8be400d4ee76de2\System.Web.ni.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 20:12:38 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 11:16:28 29831168]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 11:36:56 2793304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2011-05-25 06:09:22 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 06:09:23 111208]
"nwiz"="C:\Program Files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 22:02:42 1632360]
"ProcessLassoManagementConsole"="C:\Program Files\Process Lasso\processlasso.exe" [2011-08-03 05:00:26 604176]
"ProcessGovernor"="C:\Program Files\Process Lasso\processgovernor.exe" [2011-08-03 05:00:26 329232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8.8.2011 2:02:34 2214504]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\WINDOWS\system32\drivers\viahduaa.sys [7.8.2011 7:24:49 238080]
R4 kl2;kl2;C:\WINDOWS\system32\DRIVERS\kl2.sys --> C:\WINDOWS\system32\DRIVERS\kl2.sys [?]
R4 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\system32\DRIVERS\klmouflt.sys --> C:\WINDOWS\system32\DRIVERS\klmouflt.sys [?]
R4 MBAMProtector;MBAMProtector;\??\C:\WINDOWS\system32\drivers\mbam.sys --> C:\WINDOWS\system32\drivers\mbam.sys [?]

------- Supplementary Scan -------

TCP: DhcpNameServer = 77.77.192.10 77.78.192.10 94.140.66.194
FF - ProfilePath - C:\Documents and Settings\Neko\Application Data\Mozilla\Firefox\Profiles\nbjngv6s.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=421&q=
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3

- - - - ORPHANS REMOVED - - - -

Toolbar-10 - (no file)