Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. But when i check if Avp.exe is in program files it is! (Avp.exe is kaspersky)
Here is my HTJ log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:15 AM, on 10/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Documents and Settings\Roadran322\Application Data\Almeza\StaffLogger\sysdrvmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MySpace\Toolbar\1.0.56.0\MSTBCoreContainer.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.YAHOO.COM/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll
O3 - Toolbar: BigSeekPro Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences
O4 - HKCU\..\Run: [StaffLogger] C:\Documents and Settings\Roadran322\Application Data\Almeza\StaffLogger\sysdrvmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.h...ads/sysinfo.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1242579985754
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1252246161187
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://wimpro.cce.h...oads/msxml4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
--
End of file - 8736 bytes
And also if you need it here is my combofix log.
ComboFix 09-10-22.01 - Roadran322 10/23/2009 5:16.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2488 [GMT -4:00]
Running from: c:\documents and settings\Roadran322\Desktop\123.exe
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2020746902-1495869243-3522183791-1000
c:\$recycle.bin\S-1-5-21-772659122-1249498064-2213316370-1000
c:\documents and settings\Roadran322\Application Data\Desktopicon
c:\documents and settings\Roadran322\Application Data\Desktopicon\eBayShortcuts.exe
c:\windows\msa.exe
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\bpk.dat
c:\windows\system32\fltrkl11.dll
c:\windows\system32\fltrkl12.dll
c:\windows\system32\inst.dat
c:\windows\system32\MabryObj.dll
c:\windows\system32\Memman.vxd
c:\windows\system32\microday08.dll
c:\windows\system32\MTX0CI.dll
c:\windows\system32\mypath0079.dll
c:\windows\system32\pk.bin
c:\windows\system32\skinboxer43.dll
c:\windows\system32\stop.bat
c:\windows\system32\update
c:\windows\system32\web.dat
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.
2009-10-22 23:38 . 2009-10-23 09:14 -------- d-----w- C:\123
2009-10-22 22:02 . 2009-10-22 22:02 -------- d-----w- c:\documents and settings\Duy Diep\Local Settings\Application Data\AIM
2009-10-21 18:56 . 2009-10-21 18:56 -------- d-----w- c:\program files\Cupid Info Systems
2009-10-20 23:55 . 2009-10-20 23:55 -------- d-----w- c:\program files\AIM Password Recovery
2009-10-19 20:59 . 2009-10-19 20:59 -------- d-----w- c:\program files\Trend Micro
2009-10-18 02:41 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-18 01:33 . 2009-10-18 21:30 -------- d-----w- C:\Boot
2009-10-17 13:26 . 2009-10-17 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-17 13:25 . 2009-10-23 09:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-17 13:25 . 2009-10-17 13:25 -------- d-----w- c:\documents and settings\Roadran322\Application Data\SUPERAntiSpyware.com
2009-10-17 13:25 . 2009-10-17 13:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-17 13:23 . 2009-10-18 02:15 -------- d-----w- c:\program files\SpywareBlaster
2009-10-17 13:07 . 2009-10-22 22:53 0 ----a-r- c:\windows\win32k.sys
2009-10-16 20:57 . 2009-10-16 20:57 2863 ----a-w- c:\windows\unins000.dat
2009-10-16 20:57 . 2009-10-16 20:57 -------- d-----w- c:\windows\system32\FileSJ
2009-10-16 20:57 . 2009-10-16 20:56 694026 ----a-w- c:\windows\unins000.exe
2009-10-14 01:24 . 2009-10-14 01:24 -------- d-----w- c:\program files\Compaq
2009-10-14 01:24 . 2009-10-14 01:25 -------- d-----w- C:\CPQSYSTEM
2009-10-13 22:33 . 2009-10-13 22:33 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Unity
2009-10-13 22:31 . 2009-10-13 22:31 -------- d-----w- c:\documents and settings\Roadran322\Local Settings\Application Data\Unity
2009-10-13 22:31 . 2009-10-13 22:31 -------- d-----w- c:\program files\Unity
2009-10-13 21:29 . 2009-10-13 21:29 -------- d-----w- C:\syslinux
2009-10-13 21:21 . 2009-10-13 21:21 -------- d-----w- c:\documents and settings\Roadran322\Local Settings\Application Data\AIM
2009-10-12 22:49 . 2009-10-12 22:49 -------- d-----w- c:\documents and settings\Roadran322\BackUp
2009-10-12 21:23 . 2009-10-12 21:23 -------- d-----w- c:\program files\Sun
2009-10-12 11:58 . 2009-10-12 11:58 -------- d-----w- C:\Komku
2009-10-11 17:24 . 2009-10-11 17:26 -------- d-----w- C:\mp3
2009-10-11 16:37 . 2009-10-11 16:37 -------- d-----w- c:\program files\UltraISO
2009-10-11 16:37 . 2009-10-11 16:37 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-10-11 13:19 . 2009-10-11 13:19 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Almeza
2009-10-11 13:19 . 2009-03-29 03:59 2306048 ----a-w- c:\windows\system32\chartdir50.dll
2009-10-10 23:14 . 2009-10-10 23:14 -------- d-----w- c:\program files\TweakXP 2
2009-10-10 02:06 . 2009-10-10 02:06 -------- d-----w- c:\documents and settings\Duy Diep\Application Data\MySpace
2009-10-10 01:11 . 2009-10-10 01:11 27572 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-10 01:11 . 2009-10-10 01:11 -------- d-----w- c:\documents and settings\Roadran322\Local Settings\Application Data\Apple Computer
2009-10-10 01:11 . 2009-10-10 01:11 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Apple Computer
2009-10-10 01:10 . 2009-10-10 01:11 -------- d-----w- c:\program files\Safari
2009-10-10 01:10 . 2009-10-10 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-10 01:10 . 2009-10-10 01:10 -------- d-----w- c:\documents and settings\Roadran322\Local Settings\Application Data\Apple
2009-10-10 01:10 . 2009-10-10 01:10 -------- d-----w- c:\program files\Apple Software Update
2009-10-10 01:10 . 2009-10-10 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-10 00:26 . 2009-10-10 00:26 -------- d-----w- c:\documents and settings\Roadran322\dwhelper
2009-10-09 23:36 . 2009-10-09 23:36 -------- d-----w- c:\program files\Common Files\L&H
2009-10-09 23:22 . 2009-10-09 23:22 -------- d-----w- c:\windows\lhsp
2009-10-09 23:21 . 2009-10-09 23:23 -------- d-----w- c:\windows\speech
2009-10-09 23:20 . 2009-10-09 23:21 -------- d-----w- c:\program files\VoiceMate Professional
2009-10-09 00:47 . 2009-10-09 00:47 -------- d-----w- c:\documents and settings\Duy Diep\Local Settings\Application Data\BananaLockScreen
2009-10-09 00:23 . 2009-10-09 11:42 -------- d-----w- c:\documents and settings\Roadran322\Local Settings\Application Data\BananaLockScreen
2009-10-09 00:21 . 2009-10-09 00:21 -------- d-----w- c:\program files\Banana Security
2009-10-08 22:28 . 2009-10-08 22:28 -------- d-----w- c:\documents and settings\Roadran322\.thumbnails
2009-10-08 22:22 . 2009-10-08 23:20 -------- d-----w- c:\documents and settings\Roadran322\.gimp-2.2
2009-10-08 22:21 . 2009-10-08 22:22 -------- d-----w- c:\program files\GIMPshop
2009-10-08 01:26 . 2009-10-09 00:05 -------- d-----w- c:\program files\CyberLink
2009-10-08 01:15 . 2009-10-08 01:15 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-10-08 01:05 . 2009-10-09 11:36 -------- d-----w- c:\documents and settings\Roadran322\Application Data\KeyLemon
2009-10-08 00:53 . 2009-10-08 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium
2009-10-08 00:51 . 2009-10-08 00:51 -------- d-----w- c:\program files\Macrium
2009-10-08 00:43 . 2009-10-08 00:43 -------- d-----w- c:\program files\IDAutomation.com Code 39 Free Font
2009-10-07 19:05 . 2009-10-08 01:37 -------- d-----w- c:\windows\system32\NtmsData
2009-10-07 18:35 . 2009-07-03 17:06 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-07 14:02 . 2009-10-07 14:02 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2009-10-07 14:02 . 2009-10-07 14:02 103568 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-10-07 11:55 . 2009-10-07 11:53 266752 ------w- c:\windows\system\iertutil.dll
2009-10-06 00:30 . 2009-10-06 00:30 251392 ----a-w- c:\windows\system32\ddlcache.dll
2009-10-04 02:24 . 2009-10-04 02:24 -------- d-----w- c:\program files\VS Revo Group
2009-10-03 20:00 . 2009-10-03 20:00 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Sibelius Software
2009-10-03 19:30 . 2000-07-15 04:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-10-02 11:56 . 2009-10-02 11:56 -------- d-----w- c:\program files\MultiStage Recovery
2009-10-01 22:52 . 2009-10-01 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\TrueCrypt
2009-10-01 22:50 . 2009-10-06 04:15 -------- d-----w- c:\documents and settings\Roadran322\Application Data\TrueCrypt
2009-10-01 22:50 . 2009-10-01 22:50 217664 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-10-01 22:50 . 2009-10-01 22:50 -------- d-----w- c:\program files\TrueCrypt
2009-09-30 21:17 . 2009-10-12 21:09 -------- d-----w- c:\program files\nLite
2009-09-29 21:01 . 2009-05-29 05:23 4203392 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2009-09-29 21:01 . 2008-06-20 17:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2009-09-29 21:01 . 2008-06-20 17:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2009-09-29 11:59 . 2005-01-12 15:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2009-09-29 11:59 . 2004-09-28 15:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2009-09-29 11:59 . 2004-08-11 19:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2009-09-29 11:58 . 2009-09-29 21:05 -------- d-----w- c:\program files\Driver Magician
2009-09-28 21:36 . 2009-09-28 21:36 -------- d-----w- c:\program files\Digi-Watcher.com
2009-09-28 20:55 . 2009-10-04 03:00 -------- d-----w- c:\program files\Uniblue
2009-09-28 20:55 . 2009-10-04 03:00 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Uniblue
2009-09-28 20:55 . 2009-10-04 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-09-28 20:55 . 2009-10-04 03:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-09-27 22:53 . 2009-10-09 00:47 31408 ----a-w- c:\documents and settings\Duy Diep\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-27 22:50 . 2009-09-27 22:50 -------- d-----w- c:\documents and settings\Duy Diep\Local Settings\Application Data\Mozilla
2009-09-27 20:47 . 2009-09-27 20:47 -------- d-----w- c:\documents and settings\Guest\Application Data\MySpace
2009-09-27 19:10 . 2009-10-15 11:35 -------- d-----w- c:\program files\Cheat Engine
2009-09-27 19:10 . 2007-12-26 21:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-09-27 19:10 . 2007-12-26 21:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-09-27 18:31 . 2009-09-27 18:31 44720 ------w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-27 00:23 . 2009-09-27 00:24 49 ----a-w- c:\windows\system32\START.BAT
2009-09-27 00:23 . 2007-11-18 18:05 1536 ----a-w- c:\windows\system32\HIDEC.EXE
2009-09-26 23:07 . 2009-09-26 23:07 -------- d-----w- c:\program files\Audacity
2009-09-26 23:05 . 2009-09-26 23:05 -------- d-----w- C:\MyAudio
2009-09-26 22:58 . 2009-10-04 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2009-09-26 22:58 . 2009-09-26 22:58 -------- d-----w- c:\documents and settings\Roadran322\Application Data\River Past G5
2009-09-26 22:52 . 2009-09-26 22:55 -------- d-----w- c:\program files\Blaze Media Pro
2009-09-26 22:51 . 2009-09-26 22:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{5AC06A7F-E1C7-46A4-BA28-5A4B25F3BB23}
2009-09-26 21:07 . 2009-09-26 21:07 -------- d-----w- c:\windows\system32\netdd
2009-09-26 21:00 . 2009-09-26 21:00 -------- d-----w- c:\program files\Pechora
2009-09-26 02:45 . 2009-09-26 02:45 -------- d-----w- c:\documents and settings\Administrator
2009-09-23 20:50 . 2009-09-23 20:52 -------- d-----w- c:\documents and settings\Roadran322\Local Settings\Application Data\Google
2009-09-23 20:50 . 2009-10-04 02:51 -------- d-----w- c:\program files\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 09:20 . 2009-05-18 21:56 983072 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-23 09:20 . 2009-05-18 21:56 5488 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-23 09:20 . 2009-05-18 21:56 4333088 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-23 09:20 . 2009-05-18 21:56 39124 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-23 09:17 . 2009-05-18 20:53 -------- d-----w- c:\program files\LogMeIn
2009-10-23 09:16 . 2009-08-31 20:43 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Software Informer
2009-10-18 02:41 . 2009-05-17 21:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2009-10-18 01:48 . 2009-05-18 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-16 22:22 . 2009-09-20 20:20 -------- d-----w- c:\documents and settings\Roadran322\Application Data\vlc
2009-10-16 20:52 . 2009-05-17 17:47 -------- d-----w- c:\program files\Universal Extractor
2009-10-15 11:30 . 2009-09-06 23:20 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Skype
2009-10-14 14:04 . 2009-05-18 21:56 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-14 14:04 . 2009-05-18 21:56 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-11 12:06 . 2009-09-06 23:21 -------- d-----w- c:\documents and settings\Roadran322\Application Data\skypePM
2009-10-10 01:11 . 2009-08-30 19:03 -------- d-----w- c:\documents and settings\Roadran322\Application Data\MySpace
2009-10-10 01:11 . 2009-08-30 19:03 -------- d-----w- c:\program files\MySpace
2009-10-09 00:28 . 2009-05-17 15:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-08 23:59 . 2009-08-31 20:43 -------- d-----w- c:\program files\Advanced Registry Doctor
2009-10-08 00:56 . 2009-05-17 22:07 -------- d-----w- c:\documents and settings\Roadran322\Application Data\TeamViewer
2009-10-08 00:51 . 2009-05-17 16:54 31408 ----a-w- c:\documents and settings\Roadran322\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-07 14:03 . 2009-09-18 00:04 94992 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-10-07 14:03 . 2009-09-18 00:04 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-10-07 14:02 . 2009-09-18 00:04 115856 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-10-04 03:25 . 2009-09-13 19:10 -------- d-----w- c:\program files\WinImage
2009-10-04 03:25 . 2009-09-10 11:59 -------- d-----w- c:\program files\iKnowPS
2009-10-04 03:25 . 2009-08-30 17:22 -------- d-----w- c:\program files\AIM6
2009-10-04 03:17 . 2009-05-19 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-04 03:17 . 2009-05-19 22:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-04 03:02 . 2009-09-03 20:49 258328 ------w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-04 02:58 . 2009-09-21 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\MakeMusic
2009-10-04 02:52 . 2009-09-12 12:59 -------- d-----w- c:\program files\PowerQuest
2009-10-04 02:40 . 2009-09-07 20:32 -------- d-----w- c:\program files\Fx Joiner
2009-10-04 02:31 . 2009-09-06 22:01 -------- d-----w- c:\program files\BitLord
2009-10-04 02:28 . 2009-09-21 20:56 -------- d-----w- c:\program files\Roni Music
2009-10-03 19:25 . 2009-05-18 20:53 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-03 19:25 . 2009-05-18 20:53 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-03 19:25 . 2009-05-18 20:53 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-27 22:48 . 2009-09-27 22:48 -------- d-----w- c:\documents and settings\Duy Diep\Application Data\acccore
2009-09-27 02:44 . 2009-09-18 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-25 21:29 . 2009-09-18 23:06 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Orbit
2009-09-25 13:39 . 2009-09-21 23:28 43 ----a-w- c:\windows\popcinfo.dat
2009-09-22 01:29 . 2009-05-17 15:53 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-22 00:01 . 2009-08-31 20:43 -------- d-----w- c:\program files\Software Informer
2009-09-21 21:25 . 2009-09-21 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2009-09-21 00:22 . 2009-09-27 22:48 -------- d-----w- c:\documents and settings\Duy Diep\Application Data\Intel
2009-09-21 00:22 . 2009-09-26 02:51 -------- d-----w- c:\documents and settings\LogMeInRemoteUser\Application Data\Intel
2009-09-21 00:22 . 2009-09-21 00:22 -------- d-----w- c:\documents and settings\Guest\Application Data\Intel
2009-09-21 00:22 . 2009-09-01 20:51 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Intel
2009-09-21 00:22 . 2009-09-01 20:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2009-09-21 00:22 . 2009-09-01 20:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2009-09-21 00:22 . 2009-09-01 20:51 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2009-09-21 00:22 . 2009-09-01 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-09-21 00:22 . 2009-05-17 16:55 -------- d-----w- c:\program files\Intel
2009-09-18 22:15 . 2009-09-18 22:15 -------- d-----w- c:\program files\KingsIsle Entertainment
2009-09-18 21:54 . 2009-09-18 21:54 -------- d-----w- c:\program files\Super Fast Shutdown
2009-09-18 16:10 . 2009-09-06 02:41 -------- d-----w- c:\program files\Xlight
2009-09-18 11:43 . 2009-09-18 11:43 -------- d-----w- c:\program files\Almeza
2009-09-18 00:19 . 2009-09-15 21:16 -------- d-----w- c:\documents and settings\Roadran322\Application Data\IObit
2009-09-18 00:19 . 2009-09-15 21:16 -------- d-----w- c:\program files\IObit
2009-09-17 21:52 . 2009-09-17 21:52 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-09-14 11:53 . 2009-05-19 23:26 -------- d-----w- c:\program files\EASEUS
2009-09-13 18:09 . 2009-09-13 13:18 -------- d-----w- c:\program files\Common Files\Stardock
2009-09-13 17:00 . 2009-09-13 17:00 -------- d-----w- c:\program files\Object Desktop
2009-09-13 16:43 . 2009-09-13 16:43 7852 ----a-w- c:\windows\system32\mcdmsg7.dll
2009-09-13 16:43 . 2009-09-13 13:18 -------- d-----w- c:\program files\Stardock
2009-09-13 15:44 . 2009-09-13 15:44 -------- d-----w- c:\program files\ffdshow
2009-09-13 15:44 . 2009-09-13 15:44 -------- d-----w- c:\program files\PlayFLV
2009-09-13 14:20 . 2009-09-13 14:20 -------- d-----w- c:\program files\Unlocker
2009-09-13 13:31 . 2009-09-13 13:31 -------- d-----w- c:\program files\7-Zip
2009-09-12 02:40 . 2009-09-12 02:40 -------- d-----w- c:\documents and settings\Roadran322\Application Data\dvdcss
2009-09-11 22:36 . 2009-09-11 22:36 356352 ----a-w- c:\windows\eSellerateEngine.dll
2009-09-11 14:18 . 2002-08-29 07:41 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 11:49 . 2009-09-11 11:49 -------- d-----w- c:\program files\Temp extraction folder
2009-09-10 21:16 . 2009-09-10 11:44 -------- d-----w- c:\program files\KidPix
2009-09-10 19:52 . 2009-09-06 14:36 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 19:31 . 2009-09-09 18:56 -------- d-----w- c:\program files\DOSBox-0.72
2009-09-08 21:34 . 2009-09-08 21:34 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Office Genuine Advantage
2009-09-07 21:45 . 2008-10-17 00:35 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-07 21:45 . 2008-10-17 00:35 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-07 17:36 . 2009-05-17 17:01 -------- d-----w- c:\program files\CONEXANT
2009-09-07 15:50 . 2009-09-07 12:14 -------- d-----w- c:\program files\Conduit
2009-09-07 13:25 . 2009-08-30 19:59 -------- d-----w- c:\program files\SpeedFan
2009-09-07 11:44 . 2009-09-07 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-07 00:23 . 2009-09-07 00:23 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Acoustica
2009-09-07 00:20 . 2009-09-07 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Acoustica
2009-09-06 23:21 . 2009-09-06 23:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-06 23:20 . 2009-09-06 23:19 -------- d-----r- c:\program files\Skype
2009-09-06 23:19 . 2009-09-06 23:19 -------- d-----w- c:\program files\Common Files\Skype
2009-09-06 23:19 . 2009-09-06 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-06 14:19 . 2009-09-06 14:18 -------- d-----w- c:\program files\Microsoft
2009-09-06 14:18 . 2009-09-06 14:18 -------- d-----w- c:\program files\Windows Live
2009-09-06 14:18 . 2009-09-06 14:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-06 14:16 . 2009-09-06 14:16 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-06 14:03 . 2009-09-06 14:03 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-06 13:55 . 2009-09-06 13:52 -------- d-----w- c:\documents and settings\Roadran322\Application Data\CoreFTP
2009-09-06 13:27 . 2009-09-06 13:27 -------- d-----w- c:\program files\TweakRAM
2009-09-06 02:37 . 2009-09-06 02:37 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Foxit Software
2009-09-05 00:19 . 2009-09-05 00:19 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Foxit
2009-09-05 00:19 . 2009-09-05 00:19 -------- d-----w- c:\program files\Foxit Software
2009-09-04 21:03 . 2001-08-23 16:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-04-14 09:42 . 2004-08-04 04:56 1695232 --sha-w- c:\windows\ServicePackFiles\i386\msmsgs.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-22 1933381]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2009-10-01 1369792]
"StaffLogger"="c:\documents and settings\Roadran322\Application Data\Almeza\StaffLogger\sysdrvmon.exe" [2009-10-07 965120]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-08-30 208616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-31 149280]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 19:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-03 19:25 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Roadran322^Start Menu^Programs^Startup^BananaScreen.lnk]
backup=c:\windows\pss\BananaScreen.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\program files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\KidPix
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RK Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Torrent2Exe[224f0701efcdb2c939be8c2d923dcf9abbc41943]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Torrent2Exe[c84b700d82c69afd4c700810585ef99e1d924234]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Torrent2Exe[fe825f1394b07b55bb587538268f82d910c4402c]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wlidsvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Serv-U"=2 (0x2)
"rpcapd"=3 (0x3)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"FileZilla Server"=2 (0x2)
"DynDNS Updater"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [5/20/2008 9:32 AM 15328]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [9/17/2009 8:04 PM 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [9/17/2009 8:04 PM 41424]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [5/18/2009 4:53 PM 47640]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [8/25/2009 12:16 PM 220128]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [12/4/2006 4:13 PM 292384]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [9/17/2009 8:04 PM 94992]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [10/7/2009 10:02 AM 103568]
S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys --> c:\windows\system32\DRIVERS\WebCamDV.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [9/14/2009 7:53 AM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [9/14/2009 7:53 AM 3072]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
S3 VirtualDK;VirtualDK;c:\komku\usb_prep8\vdk.sys [10/12/2009 7:58 AM 16283]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys --> c:\windows\system32\drivers\wcdvaud.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/30/2009 1:22 PM 24652]
S4 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
.
Contents of the 'Scheduled Tasks' folder
2009-10-23 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-09-15 19:35]
2009-09-18 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-09-18 13:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://WWW.YAHOO.COM/
uInternet Settings,ProxyOverride = local
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Roadran322\Application Data\Mozilla\Firefox\Profiles\h2q0cgvq.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com|hxxp://home.myspace.com/index.cfm?fuseaction=user|http://www.raymond.cc/blog/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\MySpace\Toolbar\1.0.56.0\components\MySpaceFFoxTB.dll
FF - plugin: c:\documents and settings\Roadran322\Application Data\Mozilla\Firefox\Profiles\h2q0cgvq.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-explorer - (no file)
AddRemove-IDAutomation.com Code 39 Free Font - c:\program files\IDAutomation.com
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 05:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\documents and settings\Roadran322\Application Data\MySpace\IM\Conversations\computergeeklovesmac\hannah .txn 422 bytes hidden from API
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
- - - - - - - > 'explorer.exe'(2112)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\RUNDLL32.EXE
c:\123274791\CF22295.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\MySpace\Toolbar\1.0.56.0\MSTBCoreContainer.exe
c:\123274791\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-23 5:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-23 09:24
Pre-Run: 153,382,461,440 bytes free
Post-Run: 153,291,620,352 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /FASTDETECT /NOEXECUTE=OPTIN
- - End Of File - - 4243DB8FC3902B5BCA07FD91FB7E9FDA