Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help!

Started by roadran , Oct 24 2009 05:33 AM

  • This topic is locked This topic is locked

#1
roadran
Posted 24 October 2009 - 05:33 AM

roadran

    Member

  • Member
  • PipPipPip
  • 142 posts
Okay I was once infected by the b.exe virus but i cleaned it out with combofix. But when i had the virus i ran kaspersky to clean it out and then kaspersky quited out. Now when i try to run kaspersky it says
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. But when i check if Avp.exe is in program files it is! (Avp.exe is kaspersky)

Here is my HTJ log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:15 AM, on 10/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Documents and Settings\Roadran322\Application Data\Almeza\StaffLogger\sysdrvmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MySpace\Toolbar\1.0.56.0\MSTBCoreContainer.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.YAHOO.COM/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll
O3 - Toolbar: BigSeekPro Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences
O4 - HKCU\..\Run: [StaffLogger] C:\Documents and Settings\Roadran322\Application Data\Almeza\StaffLogger\sysdrvmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.h...ads/sysinfo.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1242579985754
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1252246161187
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://wimpro.cce.h...oads/msxml4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 8736 bytes

And also if you need it here is my combofix log.

ComboFix 09-10-22.01 - Roadran322 10/23/2009 5:16.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2488 [GMT -4:00]
Running from: c:\documents and settings\Roadran322\Desktop\123.exe
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2020746902-1495869243-3522183791-1000
c:\$recycle.bin\S-1-5-21-772659122-1249498064-2213316370-1000
c:\documents and settings\Roadran322\Application Data\Desktopicon
c:\documents and settings\Roadran322\Application Data\Desktopicon\eBayShortcuts.exe
c:\windows\msa.exe
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\bpk.dat
c:\windows\system32\fltrkl11.dll
c:\windows\system32\fltrkl12.dll
c:\windows\system32\inst.dat
c:\windows\system32\MabryObj.dll
c:\windows\system32\Memman.vxd
c:\windows\system32\microday08.dll
c:\windows\system32\MTX0CI.dll
c:\windows\system32\mypath0079.dll
c:\windows\system32\pk.bin
c:\windows\system32\skinboxer43.dll
c:\windows\system32\stop.bat
c:\windows\system32\update
c:\windows\system32\web.dat

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.

2009-10-22 23:38 . 2009-10-23 09:14 -------- d-----w- C:\123
2009-10-22 22:02 . 2009-10-22 22:02 -------- d-----w- c:\documents and settings\Duy Diep\Local Settings\Application Data\AIM
2009-10-21 18:56 . 2009-10-21 18:56 -------- d-----w- c:\program files\Cupid Info Systems
2009-10-20 23:55 . 2009-10-20 23:55 -------- d-----w- c:\program files\AIM Password Recovery
2009-10-19 20:59 . 2009-10-19 20:59 -------- d-----w- c:\program files\Trend Micro
2009-10-18 02:41 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-18 01:33 . 2009-10-18 21:30 -------- d-----w- C:\Boot
2009-10-17 13:26 . 2009-10-17 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-17 13:25 . 2009-10-23 09:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-17 13:25 . 2009-10-17 13:25 -------- d-----w- c:\documents and settings\Roadran322\Application Data\SUPERAntiSpyware.com
2009-10-17 13:25 . 2009-10-17 13:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-17 13:23 . 2009-10-18 02:15 -------- d-----w- c:\program files\SpywareBlaster
2009-10-17 13:07 . 2009-10-22 22:53 0 ----a-r- c:\windows\win32k.sys
2009-10-16 20:57 . 2009-10-16 20:57 2863 ----a-w- c:\windows\unins000.dat
2009-10-16 20:57 . 2009-10-16 20:57 -------- d-----w- c:\windows\system32\FileSJ
2009-10-16 20:57 . 2009-10-16 20:56 694026 ----a-w- c:\windows\unins000.exe
2009-10-14 01:24 . 2009-10-14 01:24 -------- d-----w- c:\program files\Compaq
2009-10-14 01:24 . 2009-10-14 01:25 -------- d-----w- C:\CPQSYSTEM
2009-10-13 22:33 . 2009-10-13 22:33 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Unity
2009-10-13 22:31 . 2009-10-13 22:31 -------- d-----w- c:\documents and settings\Roadran322\Local Settings\Application Data\Unity
2009-10-13 22:31 . 2009-10-13 22:31 -------- d-----w- c:\program files\Unity
2009-10-13 21:29 . 2009-10-13 21:29 -------- d-----w- C:\syslinux
2009-10-13 21:21 . 2009-10-13 21:21 -------- d-----w- c:\documents and settings\Roadran322\Local Settings\Application Data\AIM
2009-10-12 22:49 . 2009-10-12 22:49 -------- d-----w- c:\documents and settings\Roadran322\BackUp
2009-10-12 21:23 . 2009-10-12 21:23 -------- d-----w- c:\program files\Sun
2009-10-12 11:58 . 2009-10-12 11:58 -------- d-----w- C:\Komku
2009-10-11 17:24 . 2009-10-11 17:26 -------- d-----w- C:\mp3
2009-10-11 16:37 . 2009-10-11 16:37 -------- d-----w- c:\program files\UltraISO
2009-10-11 16:37 . 2009-10-11 16:37 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-10-11 13:19 . 2009-10-11 13:19 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Almeza
2009-10-11 13:19 . 2009-03-29 03:59 2306048 ----a-w- c:\windows\system32\chartdir50.dll
2009-10-10 23:14 . 2009-10-10 23:14 -------- d-----w- c:\program files\TweakXP 2
2009-10-10 02:06 . 2009-10-10 02:06 -------- d-----w- c:\documents and settings\Duy Diep\Application Data\MySpace
2009-10-10 01:11 . 2009-10-10 01:11 27572 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-10 01:11 . 2009-10-10 01:11 -------- d-----w- c:\documents and settings\Roadran322\Local Settings\Application Data\Apple Computer
2009-10-10 01:11 . 2009-10-10 01:11 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Apple Computer
2009-10-10 01:10 . 2009-10-10 01:11 -------- d-----w- c:\program files\Safari
2009-10-10 01:10 . 2009-10-10 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-10 01:10 . 2009-10-10 01:10 -------- d-----w- c:\documents and settings\Roadran322\Local Settings\Application Data\Apple
2009-10-10 01:10 . 2009-10-10 01:10 -------- d-----w- c:\program files\Apple Software Update
2009-10-10 01:10 . 2009-10-10 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-10 00:26 . 2009-10-10 00:26 -------- d-----w- c:\documents and settings\Roadran322\dwhelper
2009-10-09 23:36 . 2009-10-09 23:36 -------- d-----w- c:\program files\Common Files\L&H
2009-10-09 23:22 . 2009-10-09 23:22 -------- d-----w- c:\windows\lhsp
2009-10-09 23:21 . 2009-10-09 23:23 -------- d-----w- c:\windows\speech
2009-10-09 23:20 . 2009-10-09 23:21 -------- d-----w- c:\program files\VoiceMate Professional
2009-10-09 00:47 . 2009-10-09 00:47 -------- d-----w- c:\documents and settings\Duy Diep\Local Settings\Application Data\BananaLockScreen
2009-10-09 00:23 . 2009-10-09 11:42 -------- d-----w- c:\documents and settings\Roadran322\Local Settings\Application Data\BananaLockScreen
2009-10-09 00:21 . 2009-10-09 00:21 -------- d-----w- c:\program files\Banana Security
2009-10-08 22:28 . 2009-10-08 22:28 -------- d-----w- c:\documents and settings\Roadran322\.thumbnails
2009-10-08 22:22 . 2009-10-08 23:20 -------- d-----w- c:\documents and settings\Roadran322\.gimp-2.2
2009-10-08 22:21 . 2009-10-08 22:22 -------- d-----w- c:\program files\GIMPshop
2009-10-08 01:26 . 2009-10-09 00:05 -------- d-----w- c:\program files\CyberLink
2009-10-08 01:15 . 2009-10-08 01:15 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-10-08 01:05 . 2009-10-09 11:36 -------- d-----w- c:\documents and settings\Roadran322\Application Data\KeyLemon
2009-10-08 00:53 . 2009-10-08 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium
2009-10-08 00:51 . 2009-10-08 00:51 -------- d-----w- c:\program files\Macrium
2009-10-08 00:43 . 2009-10-08 00:43 -------- d-----w- c:\program files\IDAutomation.com Code 39 Free Font
2009-10-07 19:05 . 2009-10-08 01:37 -------- d-----w- c:\windows\system32\NtmsData
2009-10-07 18:35 . 2009-07-03 17:06 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-07 14:02 . 2009-10-07 14:02 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2009-10-07 14:02 . 2009-10-07 14:02 103568 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-10-07 11:55 . 2009-10-07 11:53 266752 ------w- c:\windows\system\iertutil.dll
2009-10-06 00:30 . 2009-10-06 00:30 251392 ----a-w- c:\windows\system32\ddlcache.dll
2009-10-04 02:24 . 2009-10-04 02:24 -------- d-----w- c:\program files\VS Revo Group
2009-10-03 20:00 . 2009-10-03 20:00 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Sibelius Software
2009-10-03 19:30 . 2000-07-15 04:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-10-02 11:56 . 2009-10-02 11:56 -------- d-----w- c:\program files\MultiStage Recovery
2009-10-01 22:52 . 2009-10-01 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\TrueCrypt
2009-10-01 22:50 . 2009-10-06 04:15 -------- d-----w- c:\documents and settings\Roadran322\Application Data\TrueCrypt
2009-10-01 22:50 . 2009-10-01 22:50 217664 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-10-01 22:50 . 2009-10-01 22:50 -------- d-----w- c:\program files\TrueCrypt
2009-09-30 21:17 . 2009-10-12 21:09 -------- d-----w- c:\program files\nLite
2009-09-29 21:01 . 2009-05-29 05:23 4203392 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2009-09-29 21:01 . 2008-06-20 17:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2009-09-29 21:01 . 2008-06-20 17:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2009-09-29 11:59 . 2005-01-12 15:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2009-09-29 11:59 . 2004-09-28 15:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2009-09-29 11:59 . 2004-08-11 19:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2009-09-29 11:58 . 2009-09-29 21:05 -------- d-----w- c:\program files\Driver Magician
2009-09-28 21:36 . 2009-09-28 21:36 -------- d-----w- c:\program files\Digi-Watcher.com
2009-09-28 20:55 . 2009-10-04 03:00 -------- d-----w- c:\program files\Uniblue
2009-09-28 20:55 . 2009-10-04 03:00 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Uniblue
2009-09-28 20:55 . 2009-10-04 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-09-28 20:55 . 2009-10-04 03:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-09-27 22:53 . 2009-10-09 00:47 31408 ----a-w- c:\documents and settings\Duy Diep\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-27 22:50 . 2009-09-27 22:50 -------- d-----w- c:\documents and settings\Duy Diep\Local Settings\Application Data\Mozilla
2009-09-27 20:47 . 2009-09-27 20:47 -------- d-----w- c:\documents and settings\Guest\Application Data\MySpace
2009-09-27 19:10 . 2009-10-15 11:35 -------- d-----w- c:\program files\Cheat Engine
2009-09-27 19:10 . 2007-12-26 21:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-09-27 19:10 . 2007-12-26 21:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-09-27 18:31 . 2009-09-27 18:31 44720 ------w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-27 00:23 . 2009-09-27 00:24 49 ----a-w- c:\windows\system32\START.BAT
2009-09-27 00:23 . 2007-11-18 18:05 1536 ----a-w- c:\windows\system32\HIDEC.EXE
2009-09-26 23:07 . 2009-09-26 23:07 -------- d-----w- c:\program files\Audacity
2009-09-26 23:05 . 2009-09-26 23:05 -------- d-----w- C:\MyAudio
2009-09-26 22:58 . 2009-10-04 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2009-09-26 22:58 . 2009-09-26 22:58 -------- d-----w- c:\documents and settings\Roadran322\Application Data\River Past G5
2009-09-26 22:52 . 2009-09-26 22:55 -------- d-----w- c:\program files\Blaze Media Pro
2009-09-26 22:51 . 2009-09-26 22:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{5AC06A7F-E1C7-46A4-BA28-5A4B25F3BB23}
2009-09-26 21:07 . 2009-09-26 21:07 -------- d-----w- c:\windows\system32\netdd
2009-09-26 21:00 . 2009-09-26 21:00 -------- d-----w- c:\program files\Pechora
2009-09-26 02:45 . 2009-09-26 02:45 -------- d-----w- c:\documents and settings\Administrator
2009-09-23 20:50 . 2009-09-23 20:52 -------- d-----w- c:\documents and settings\Roadran322\Local Settings\Application Data\Google
2009-09-23 20:50 . 2009-10-04 02:51 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 09:20 . 2009-05-18 21:56 983072 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-23 09:20 . 2009-05-18 21:56 5488 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-23 09:20 . 2009-05-18 21:56 4333088 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-23 09:20 . 2009-05-18 21:56 39124 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-23 09:17 . 2009-05-18 20:53 -------- d-----w- c:\program files\LogMeIn
2009-10-23 09:16 . 2009-08-31 20:43 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Software Informer
2009-10-18 02:41 . 2009-05-17 21:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2009-10-18 01:48 . 2009-05-18 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-16 22:22 . 2009-09-20 20:20 -------- d-----w- c:\documents and settings\Roadran322\Application Data\vlc
2009-10-16 20:52 . 2009-05-17 17:47 -------- d-----w- c:\program files\Universal Extractor
2009-10-15 11:30 . 2009-09-06 23:20 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Skype
2009-10-14 14:04 . 2009-05-18 21:56 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-14 14:04 . 2009-05-18 21:56 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-11 12:06 . 2009-09-06 23:21 -------- d-----w- c:\documents and settings\Roadran322\Application Data\skypePM
2009-10-10 01:11 . 2009-08-30 19:03 -------- d-----w- c:\documents and settings\Roadran322\Application Data\MySpace
2009-10-10 01:11 . 2009-08-30 19:03 -------- d-----w- c:\program files\MySpace
2009-10-09 00:28 . 2009-05-17 15:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-08 23:59 . 2009-08-31 20:43 -------- d-----w- c:\program files\Advanced Registry Doctor
2009-10-08 00:56 . 2009-05-17 22:07 -------- d-----w- c:\documents and settings\Roadran322\Application Data\TeamViewer
2009-10-08 00:51 . 2009-05-17 16:54 31408 ----a-w- c:\documents and settings\Roadran322\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-07 14:03 . 2009-09-18 00:04 94992 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-10-07 14:03 . 2009-09-18 00:04 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-10-07 14:02 . 2009-09-18 00:04 115856 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-10-04 03:25 . 2009-09-13 19:10 -------- d-----w- c:\program files\WinImage
2009-10-04 03:25 . 2009-09-10 11:59 -------- d-----w- c:\program files\iKnowPS
2009-10-04 03:25 . 2009-08-30 17:22 -------- d-----w- c:\program files\AIM6
2009-10-04 03:17 . 2009-05-19 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-04 03:17 . 2009-05-19 22:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-04 03:02 . 2009-09-03 20:49 258328 ------w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-04 02:58 . 2009-09-21 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\MakeMusic
2009-10-04 02:52 . 2009-09-12 12:59 -------- d-----w- c:\program files\PowerQuest
2009-10-04 02:40 . 2009-09-07 20:32 -------- d-----w- c:\program files\Fx Joiner
2009-10-04 02:31 . 2009-09-06 22:01 -------- d-----w- c:\program files\BitLord
2009-10-04 02:28 . 2009-09-21 20:56 -------- d-----w- c:\program files\Roni Music
2009-10-03 19:25 . 2009-05-18 20:53 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-03 19:25 . 2009-05-18 20:53 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-03 19:25 . 2009-05-18 20:53 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-27 22:48 . 2009-09-27 22:48 -------- d-----w- c:\documents and settings\Duy Diep\Application Data\acccore
2009-09-27 02:44 . 2009-09-18 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-25 21:29 . 2009-09-18 23:06 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Orbit
2009-09-25 13:39 . 2009-09-21 23:28 43 ----a-w- c:\windows\popcinfo.dat
2009-09-22 01:29 . 2009-05-17 15:53 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-22 00:01 . 2009-08-31 20:43 -------- d-----w- c:\program files\Software Informer
2009-09-21 21:25 . 2009-09-21 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2009-09-21 00:22 . 2009-09-27 22:48 -------- d-----w- c:\documents and settings\Duy Diep\Application Data\Intel
2009-09-21 00:22 . 2009-09-26 02:51 -------- d-----w- c:\documents and settings\LogMeInRemoteUser\Application Data\Intel
2009-09-21 00:22 . 2009-09-21 00:22 -------- d-----w- c:\documents and settings\Guest\Application Data\Intel
2009-09-21 00:22 . 2009-09-01 20:51 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Intel
2009-09-21 00:22 . 2009-09-01 20:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2009-09-21 00:22 . 2009-09-01 20:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2009-09-21 00:22 . 2009-09-01 20:51 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2009-09-21 00:22 . 2009-09-01 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-09-21 00:22 . 2009-05-17 16:55 -------- d-----w- c:\program files\Intel
2009-09-18 22:15 . 2009-09-18 22:15 -------- d-----w- c:\program files\KingsIsle Entertainment
2009-09-18 21:54 . 2009-09-18 21:54 -------- d-----w- c:\program files\Super Fast Shutdown
2009-09-18 16:10 . 2009-09-06 02:41 -------- d-----w- c:\program files\Xlight
2009-09-18 11:43 . 2009-09-18 11:43 -------- d-----w- c:\program files\Almeza
2009-09-18 00:19 . 2009-09-15 21:16 -------- d-----w- c:\documents and settings\Roadran322\Application Data\IObit
2009-09-18 00:19 . 2009-09-15 21:16 -------- d-----w- c:\program files\IObit
2009-09-17 21:52 . 2009-09-17 21:52 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-09-14 11:53 . 2009-05-19 23:26 -------- d-----w- c:\program files\EASEUS
2009-09-13 18:09 . 2009-09-13 13:18 -------- d-----w- c:\program files\Common Files\Stardock
2009-09-13 17:00 . 2009-09-13 17:00 -------- d-----w- c:\program files\Object Desktop
2009-09-13 16:43 . 2009-09-13 16:43 7852 ----a-w- c:\windows\system32\mcdmsg7.dll
2009-09-13 16:43 . 2009-09-13 13:18 -------- d-----w- c:\program files\Stardock
2009-09-13 15:44 . 2009-09-13 15:44 -------- d-----w- c:\program files\ffdshow
2009-09-13 15:44 . 2009-09-13 15:44 -------- d-----w- c:\program files\PlayFLV
2009-09-13 14:20 . 2009-09-13 14:20 -------- d-----w- c:\program files\Unlocker
2009-09-13 13:31 . 2009-09-13 13:31 -------- d-----w- c:\program files\7-Zip
2009-09-12 02:40 . 2009-09-12 02:40 -------- d-----w- c:\documents and settings\Roadran322\Application Data\dvdcss
2009-09-11 22:36 . 2009-09-11 22:36 356352 ----a-w- c:\windows\eSellerateEngine.dll
2009-09-11 14:18 . 2002-08-29 07:41 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 11:49 . 2009-09-11 11:49 -------- d-----w- c:\program files\Temp extraction folder
2009-09-10 21:16 . 2009-09-10 11:44 -------- d-----w- c:\program files\KidPix
2009-09-10 19:52 . 2009-09-06 14:36 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 19:31 . 2009-09-09 18:56 -------- d-----w- c:\program files\DOSBox-0.72
2009-09-08 21:34 . 2009-09-08 21:34 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Office Genuine Advantage
2009-09-07 21:45 . 2008-10-17 00:35 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-07 21:45 . 2008-10-17 00:35 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-07 17:36 . 2009-05-17 17:01 -------- d-----w- c:\program files\CONEXANT
2009-09-07 15:50 . 2009-09-07 12:14 -------- d-----w- c:\program files\Conduit
2009-09-07 13:25 . 2009-08-30 19:59 -------- d-----w- c:\program files\SpeedFan
2009-09-07 11:44 . 2009-09-07 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-07 00:23 . 2009-09-07 00:23 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Acoustica
2009-09-07 00:20 . 2009-09-07 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Acoustica
2009-09-06 23:21 . 2009-09-06 23:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-06 23:20 . 2009-09-06 23:19 -------- d-----r- c:\program files\Skype
2009-09-06 23:19 . 2009-09-06 23:19 -------- d-----w- c:\program files\Common Files\Skype
2009-09-06 23:19 . 2009-09-06 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-06 14:19 . 2009-09-06 14:18 -------- d-----w- c:\program files\Microsoft
2009-09-06 14:18 . 2009-09-06 14:18 -------- d-----w- c:\program files\Windows Live
2009-09-06 14:18 . 2009-09-06 14:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-06 14:16 . 2009-09-06 14:16 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-06 14:03 . 2009-09-06 14:03 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-06 13:55 . 2009-09-06 13:52 -------- d-----w- c:\documents and settings\Roadran322\Application Data\CoreFTP
2009-09-06 13:27 . 2009-09-06 13:27 -------- d-----w- c:\program files\TweakRAM
2009-09-06 02:37 . 2009-09-06 02:37 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Foxit Software
2009-09-05 00:19 . 2009-09-05 00:19 -------- d-----w- c:\documents and settings\Roadran322\Application Data\Foxit
2009-09-05 00:19 . 2009-09-05 00:19 -------- d-----w- c:\program files\Foxit Software
2009-09-04 21:03 . 2001-08-23 16:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-04-14 09:42 . 2004-08-04 04:56 1695232 --sha-w- c:\windows\ServicePackFiles\i386\msmsgs.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-22 1933381]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2009-10-01 1369792]
"StaffLogger"="c:\documents and settings\Roadran322\Application Data\Almeza\StaffLogger\sysdrvmon.exe" [2009-10-07 965120]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-08-30 208616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-31 149280]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 19:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-03 19:25 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Roadran322^Start Menu^Programs^Startup^BananaScreen.lnk]
backup=c:\windows\pss\BananaScreen.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\program files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\KidPix
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RK Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Torrent2Exe[224f0701efcdb2c939be8c2d923dcf9abbc41943]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Torrent2Exe[c84b700d82c69afd4c700810585ef99e1d924234]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Torrent2Exe[fe825f1394b07b55bb587538268f82d910c4402c]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wlidsvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Serv-U"=2 (0x2)
"rpcapd"=3 (0x3)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"FileZilla Server"=2 (0x2)
"DynDNS Updater"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [5/20/2008 9:32 AM 15328]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [9/17/2009 8:04 PM 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [9/17/2009 8:04 PM 41424]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [5/18/2009 4:53 PM 47640]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [8/25/2009 12:16 PM 220128]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [12/4/2006 4:13 PM 292384]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [9/17/2009 8:04 PM 94992]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [10/7/2009 10:02 AM 103568]
S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys --> c:\windows\system32\DRIVERS\WebCamDV.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [9/14/2009 7:53 AM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [9/14/2009 7:53 AM 3072]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
S3 VirtualDK;VirtualDK;c:\komku\usb_prep8\vdk.sys [10/12/2009 7:58 AM 16283]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys --> c:\windows\system32\drivers\wcdvaud.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/30/2009 1:22 PM 24652]
S4 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
.
Contents of the 'Scheduled Tasks' folder

2009-10-23 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-09-15 19:35]

2009-09-18 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-09-18 13:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://WWW.YAHOO.COM/
uInternet Settings,ProxyOverride = local
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Roadran322\Application Data\Mozilla\Firefox\Profiles\h2q0cgvq.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com|hxxp://home.myspace.com/index.cfm?fuseaction=user|http://www.raymond.cc/blog/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\MySpace\Toolbar\1.0.56.0\components\MySpaceFFoxTB.dll
FF - plugin: c:\documents and settings\Roadran322\Application Data\Mozilla\Firefox\Profiles\h2q0cgvq.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-explorer - (no file)
AddRemove-IDAutomation.com Code 39 Free Font - c:\program files\IDAutomation.com



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 05:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\Roadran322\Application Data\MySpace\IM\Conversations\computergeeklovesmac\hannah :).txn 422 bytes hidden from API

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll

- - - - - - - > 'explorer.exe'(2112)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\RUNDLL32.EXE
c:\123274791\CF22295.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\MySpace\Toolbar\1.0.56.0\MSTBCoreContainer.exe
c:\123274791\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-23 5:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-23 09:24

Pre-Run: 153,382,461,440 bytes free
Post-Run: 153,291,620,352 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /FASTDETECT /NOEXECUTE=OPTIN

- - End Of File - - 4243DB8FC3902B5BCA07FD91FB7E9FDA
  • 0

Advertisements

#2
roadran
Posted 25 October 2009 - 08:58 PM

roadran

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Never mind this problem is solved I just used inherit.exe to fix it. Could someone please mark this topic as solved.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP