hi
i first posted my prob lem on waiting room cos this window wasnt available
sorry for the inconvinience

im new member of the site

please help me
my pc is infected with heur win 32 genric
i use kaspersky 2009 full
it says the virus cant be deleted nor moved
my pc had gone crazy i hav intel dual core with 1 gb ram
but now its hangs on every time i use any application
pls helpme how to remove it

i searched whole net downloaded many new spywares but nuthing works
pls do help me
thank you
shilpa



and after surfing a lot
i installed combofix and recovry console
and im posting my
combofix log here
plsss
help me out
thanx a lot

Hello shilpa and welcome to Geeks to go.
Sorry about the delay.

You should not run tools like ComboFix unless a trained helper asks you to, it can be dangerous to run it like that.

Please post your ComboFix log in your next reply, posting your logs makes them more easy to read.
Also please do the following.


Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

~~~~~~~~~~~~~
In your next reply please have these logs.
The ComboFix log
And the HijackThis log

This post has been edited by Jimmy2012: Dec 7 2008, 10:32 PM

hi
thanhx for ur reply

here is my combofix log



ComboFix 08-12-03.04 - shilpa 2008-12-04 23:41:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.577 [GMT 5.5:30]
Running from: c:\documents and settings\shilpa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\shilpa\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\aimgebuq.dll
c:\windows\system32\apeuug.dll
c:\windows\system32\asdxcfqq.dll
c:\windows\system32\cIijkUvw.ini
c:\windows\system32\cIijkUvw.ini2
c:\windows\system32\dbfb.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\fbdgub.dll
c:\windows\system32\fywurj.dll
c:\windows\system32\ljoevg.dll
c:\windows\system32\mubhhgnk.dll
c:\windows\system32\packet.dll
c:\windows\system32\pdsebbbv.ini
c:\windows\system32\phaksbsx.dll
c:\windows\system32\vbbbesdp.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\wvUkjiIc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.

2008-12-04 15:44 . 2008-12-04 15:44 <DIR> d-------- c:\documents and settings\shilpa\Application Data\PCToolsSpamMonitorPlus
2008-12-04 15:44 . 2008-12-04 15:44 <DIR> d-------- c:\documents and settings\shilpa\Application Data\PCToolsFirewallPlus
2008-12-04 15:41 . 2008-12-04 23:34 <DIR> d-------- c:\program files\PC Tools Internet Security
2008-12-04 15:41 . 2008-12-04 15:41 <DIR> d-------- c:\program files\Common Files\PC Tools
2008-12-04 15:41 . 2008-12-04 15:41 <DIR> d-------- c:\documents and settings\shilpa\Application Data\PC Tools
2008-12-04 15:41 . 2008-12-04 15:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-12-04 15:41 . 2008-08-25 12:36 160,808 --a------ c:\windows\system32\drivers\pctfw2.sys
2008-12-04 15:41 . 2008-07-17 17:53 93,952 --a------ c:\windows\system32\drivers\pctfw.sys
2008-12-04 15:41 . 2008-08-25 12:36 81,320 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-04 15:41 . 2008-08-25 12:36 66,984 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-04 15:41 . 2008-08-25 12:36 58,152 --a------ c:\windows\system32\drivers\FWAuthDriver.sys
2008-12-04 15:41 . 2008-06-06 12:15 51,520 --a------ c:\windows\system32\drivers\TfFsMon.sys
2008-12-04 15:41 . 2008-08-25 12:36 40,872 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-04 15:41 . 2008-06-06 12:15 38,208 --a------ c:\windows\system32\drivers\TfSysMon.sys
2008-12-04 15:41 . 2008-06-06 12:15 33,088 --a------ c:\windows\system32\drivers\TfNetMon.sys
2008-12-04 15:41 . 2008-07-03 19:06 29,608 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-04 15:41 . 2008-06-06 12:15 12,608 --a------ c:\windows\system32\drivers\TfKbMon.sys
2008-12-04 14:38 . 2008-12-04 14:42 780 --a------ c:\windows\wininit.ini
2008-12-04 13:42 . 2008-12-04 19:13 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-04 13:42 . 2008-12-04 15:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-04 13:35 . 2008-12-04 14:42 <DIR> d-------- c:\documents and settings\shilpa\Application Data\SpywareRemover
2008-11-29 00:44 . 2008-11-29 01:44 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-11-29 00:44 . 2008-11-29 01:44 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-11-29 00:42 . 2008-11-29 00:42 <DIR> d-------- c:\program files\Kaspersky Lab
2008-11-29 00:42 . 2008-12-04 23:45 3,512,352 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-29 00:42 . 2008-12-04 23:45 450,592 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-29 00:42 . 2008-12-04 23:45 31,664 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-29 00:42 . 2008-12-04 23:45 3,668 --ahs---- c:\windows\system32\drivers\fidbox2.idx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 18:04 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-04 16:53 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-04 02:03 --------- d-----w c:\program files\Alias
2008-11-08 01:29 --------- d-----w c:\documents and settings\shilpa\Application Data\uTorrent
2008-11-03 06:39 --------- d-----w c:\program files\BitLord
2008-11-01 08:22 --------- d-----w c:\program files\Arcade Race
2008-10-31 17:12 --------- d-----w c:\program files\Common Files\Adobe
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 13:09 --------- d-----w c:\program files\Java
2008-05-22 20:52 0 ----a-w c:\program files\temp01
2007-10-10 17:57 24,192 ----a-w c:\documents and settings\shilpa\usbsermptxp.sys
2007-10-10 17:57 22,768 ----a-w c:\documents and settings\shilpa\usbsermpt.sys
2003-08-27 08:49 36,963 ----a-r c:\program files\Common Files\SM1updtr.dll
2007-10-09 01:01 220 --sh--w c:\windows\dwin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\shilpa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-23 4554752]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-10 8597586]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-01-20 258134]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-29 185896]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 1695744]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-19 144792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"nwiz"="nwiz.exe" [2004-09-23 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2004-09-23 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"c:\\WINDOWS\\system32\\CNAB3RPK.EXE"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Tally\\tally72.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-12-04 51520]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-12-04 38208]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-12-04 160808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 FWAuth;FWAuth Driver;\??\c:\windows\system32\drivers\FWAuthDriver.sys [2008-12-04 58152]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Internet Security\pctsAuxs.exe [2008-12-04 356920]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys [2008-12-04 33088]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-10-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]

2008-12-04 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\shilpa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 10:14]

2008-12-03 c:\windows\Tasks\User_Feed_Synchronization-{208A571F-37FE-488D-B5C3-ECD5E7F27EF5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-18 01:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{82D3D3AD-D018-4CC0-8108-F6D22BBF62EF} - c:\windows\system32\wvUkjiIc.dll
BHO-{ae9f83a4-bd55-4e2c-8c97-69636541eeb5} - c:\windows\system32\apeuug.dll
WebBrowser-{63AB11BC-39B6-4002-A127-6884E2C507FB} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-SpywareRemover - c:\program files\SpywareRemover\SpywareRemover.exe
HKLM-Run-FreeKeylogger.exe - c:\program files\Free Keylogger\FreeKeylogger.exe
Notify-iifgGVpQ - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.in/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

c:\windows\Downloaded Program Files\stg_drm.ocx - O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx

c:\windows\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 23:46:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1380)
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1436)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ATKKBService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alias\Maya7.0\docs\wrapper.exe
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\Alias\Maya7.0\docs\jre\bin\java.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\CNAB3RPK.EXE
c:\windows\system32\rundll32.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2008-12-04 23:49:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-04 18:19:50

Pre-Run: 17,581,682,688 bytes free
Post-Run: 20,704,763,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

220 --- E O F --- 2008-11-14 13:44:24

here is my hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:57 PM, on 12/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\shilpa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\shilpa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8587 bytes

Hello shilpa,

STEP 1
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

STEP 2
Please do an online scan with Kaspersky WebScanner

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure the following is checked.
   
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply.

~~~~~~~~~~~~~
In your next reply please have these logs.
The Malwarebytes log
And the Kaspersky log

thanks JIMMY FOR THE HELP

here is the MBAM log
Malwarebytes' Anti-Malware 1.31
Database version: 1476
Windows 5.1.2600 Service Pack 2

12/9/2008 11:16:29 AM
mbam-log-2008-12-09 (11-16-29).txt

Scan type: Quick Scan
Objects scanned: 54716
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb00001.ietoolbar (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb00001.ietoolbar.1 (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\shilpa\Application Data\SpywareRemover (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\shilpa\Application Data\SpywareRemover\Log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\shilpa\Application Data\SpywareRemover\Settings (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

hi
while downloading updates on kaspersky online scan
my computer screen went blue

it said dat
there is a serius error while installing sumthing

there was more written on the matter but i cudnt remember

it says dat if u had seen this stop screen first time den restart and contact ur technical support

and when i restarted it says dat your system had recovered from serius error

i print screen the error report and uploded here
please find it cos i cant post it as it is a jpeg image

and it says dat follwing files will be included in the report

C:\DOCUME~1\shilpa\LOCALS~1\Temp\WERdda7.dir00\mini20908-01.dmp
C:\DOCUME~1\shilpa\LOCALS~1\Temp\WERdda7.dir00\sysdata.xml



i hope u will be able to help me again
thanx a lot

Hello shilpa,

Your welcome


Since restarting your computer has it gave you any more errors?

yes

after restart i again attempted to update online kaspersky
it again went blue

it says

an error had been detected and windows has been shut down to prevent damage to ur computer

the problem seem to be caused by the following file klif.sys

the driver unloaded without cancelling pending operations

if this is first time u hav seen this stop error screen,
then restart ur computer , if this screen appears again , follow
these steps,

check to make sure any new hardware or software is properly installed
if this is a new installation, ask ur hardware or software manufacturer
for any windows update u might need.

if problem continues, disable or remove any newly installed hardware
or software. disable BIOS memory options such as caching or shadowing
if u need to use safe mode to remove or disable components, restart
ur computer, press f8 to select advance startup options, and then
to select safe mode.

technicle information

*** STOP: 0x000000D4 (0XEF227938, 0x000000FF, 0x00000001, 0x80545C49)

klif.SYS
beginning dump of physical memory
Physical memory dump complete
Contact ur system administrator or technical support group for further
assistance.

Hello shilpa,

Please do not try the online Kaspersky, instead please try this.




Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Follow the Instruction Here for installation.
• Accept the License Agreement.
• Once the ActiveX installs,Click Full System Scan
• Once the download completes,the scan will begin automatically.
• The scan will take some time to finish,so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
• Click the Show Report button and Copy&Paste the entire report in your next reply.

hi jimmy
after downloading it again went blue and automatic shutdown
and the same error as above
wat shud i do


i just hope u find a solution for my pc


thanx for ur valuable time

Hello shilpa,

It did that on the F-Secure scan?

yes it did dat on f secure scan

Hello shilpa,

Please disable your Kaspersky anti-virus and try the F-Secure online scanner again.