Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

please help...virus on my computer...!

Started by mgeet , Jun 23 2010 11:55 PM

  • This topic is locked This topic is locked

#1
mgeet
Posted 23 June 2010 - 11:55 PM

mgeet

    Member

  • Member
  • PipPip
  • 30 posts
I have a big problem in my computer. I think I have a virus which is not letting me do anything except browse the web. I was asked by an expert on this site to check out self help...but it doesn't work. The first step itself didnot work. I downloaded TFC, it ran but when the system tried to reboot, it stalled. I continued to the next step ERUNT and then the malware..but malware stalled my computer. this software doesn't run. Please help..

I ran the combofix and the OTL helper...please see below for the .txt files I got.
-----
Combofix:

ComboFix 10-06-23.02 - Priesha 06/23/2010 16:19:46.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1321 [GMT -7:00]
Running from: f:\documents and settings\Priesha\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-23 18:54 . 2010-06-23 18:54 -------- d-----w- f:\program files\ERUNT
2010-06-23 06:54 . 2010-06-23 06:54 -------- d-----w- F:\_OTL
2010-06-23 05:34 . 2010-06-23 05:34 -------- d-sh--w- f:\documents and settings\Administrator\PrivacIE
2010-06-23 04:47 . 2010-06-23 04:47 -------- d-----w- f:\documents and settings\Priesha\Local Settings\Application Data\Ahead
2010-06-22 19:25 . 2010-06-22 19:25 -------- d-----w- f:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-06-22 18:51 . 2010-06-22 18:51 -------- d-----w- f:\documents and settings\Administrator\Application Data\iolo
2010-06-22 18:16 . 2010-06-22 19:03 -------- d-----w- f:\program files\MSECACHE
2010-06-22 02:48 . 2010-06-22 02:48 439816 ----a-w- f:\documents and settings\Priesha\Application Data\Real\Update\setup3.10\setup.exe
2010-06-20 06:17 . 2010-06-20 06:17 133648 ----a-w- f:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-20 06:17 . 2010-06-20 06:17 133720 ----a-w- f:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-11 23:48 . 2010-05-06 10:41 743424 -c----w- f:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 22:37 . 2009-11-09 07:27 -------- d-----w- f:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-06-23 20:13 . 2009-12-13 04:31 518 ----a-w- f:\documents and settings\Priesha\Application Data\iolo\Registry\Last\restore.bat
2010-06-23 04:51 . 2009-11-09 21:46 -------- d-----w- f:\program files\Google
2010-06-22 22:21 . 2009-12-13 04:26 1527 ----a-w- f:\documents and settings\Priesha\Application Data\iolo\restore.bat
2010-06-22 18:49 . 2009-11-17 03:02 1324 ----a-w- f:\windows\system32\d3d9caps.dat
2010-06-21 17:55 . 2009-12-06 23:01 -------- d-----w- f:\documents and settings\Priesha\Application Data\BitTorrent
2010-06-12 12:18 . 2009-12-15 23:11 -------- d-----w- f:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-07 15:14 . 2009-11-17 03:25 -------- d-----w- f:\program files\Microsoft Silverlight
2010-06-01 06:58 . 2010-04-04 11:04 -------- d-----w- f:\program files\Britannica 10.0
2010-06-01 04:46 . 2009-12-08 01:55 -------- d-----w- f:\documents and settings\Priesha\Application Data\vlc
2010-05-30 02:21 . 2009-12-07 00:23 -------- d-----w- f:\documents and settings\Priesha\Application Data\Vso
2010-05-20 04:34 . 2009-12-08 04:55 -------- d-----w- f:\documents and settings\Priesha\Application Data\dvdcss
2010-05-06 10:41 . 2006-03-15 12:00 916480 ----a-w- f:\windows\system32\wininet.dll
2010-05-05 20:07 . 2009-12-13 04:17 -------- d-----w- f:\documents and settings\All Users\Application Data\iolo
2010-05-05 08:14 . 2009-11-09 07:28 97549 ----a-w- f:\windows\system32\drivers\klick.dat
2010-05-05 08:14 . 2009-11-09 07:28 113933 ----a-w- f:\windows\system32\drivers\klin.dat
2010-05-05 01:16 . 2010-05-05 01:16 -------- d-----w- f:\program files\Nike+ Utility
2010-05-04 19:51 . 2010-05-04 19:50 -------- d-----w- f:\program files\iTunes
2010-05-04 19:50 . 2010-05-04 19:50 -------- d-----w- f:\program files\iPod
2010-05-04 19:50 . 2009-12-28 03:49 -------- d-----w- f:\program files\Common Files\Apple
2010-05-04 19:41 . 2010-05-04 19:41 -------- d-----w- f:\program files\Bonjour
2010-05-04 19:37 . 2010-05-04 19:37 73000 ----a-w- f:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-02 05:22 . 2006-03-15 12:00 1851264 ----a-w- f:\windows\system32\win32k.sys
2010-04-30 23:25 . 2009-11-17 03:53 -------- d-----w- f:\documents and settings\Priesha\Application Data\Skype
2010-04-30 23:03 . 2009-11-20 04:32 -------- d-----w- f:\documents and settings\Priesha\Application Data\skypePM
2010-04-29 20:40 . 2010-04-29 20:40 -------- d-----w- f:\program files\CDCheck
2010-04-29 19:19 . 2010-06-22 18:48 -------- d-----w- f:\documents and settings\Administrator\Application Data\Apple Computer
2010-04-29 19:19 . 2010-04-29 19:19 -------- d-----w- f:\documents and settings\Default User\Application Data\Apple Computer
2010-04-21 21:54 . 2009-12-13 04:23 93096 ----a-w- f:\windows\system32\IncContxMenu.dll
2010-04-21 21:54 . 2009-12-13 04:23 2316712 ----a-w- f:\windows\system32\Incinerator.dll
2010-04-20 05:30 . 2006-03-15 12:00 285696 ----a-w- f:\windows\system32\atmfd.dll
2010-04-15 00:00 . 2010-05-05 20:07 10934656 ----a-w- f:\documents and settings\All Users\Application Data\iolo\System Shield\SSEngineUpd.exe
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- f:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- f:\windows\system32\dns-sd.exe
2010-04-04 06:01 . 2009-11-09 07:09 72784 ----a-w- f:\documents and settings\Priesha\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="f:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2005-02-26 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="f:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="f:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"googletalk"="f:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"LogitechCommunicationsManager"="f:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="f:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"ElbyCheckAnyDVD"="f:\program files\SlySoft\AnyDVD\ElbyCheck.exe" [2003-09-20 45056]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-08 185896]
"nmctxth"="f:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SMSTray"="f:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-24 126976]
"MAAgent"="f:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-31 57344]
"AppleSyncNotifier"="f:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"NeroFilterCheck"="f:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

f:\documents and settings\Priesha\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - f:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - f:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-12-21 67128]
Nike+ Utility.lnk - f:\program files\Nike+ Utility\Nike+ Utility.exe [2008-4-30 1228800]
Windows Search.lnk - f:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "f:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\BitTorrent\\bittorrent.exe"=
"f:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"f:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"f:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"f:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 klbg;Kaspersky Lab Boot Guard Driver;f:\windows\system32\drivers\klbg.sys [10/14/2009 10:18 PM 36880]
R2 ioloFileInfoList;iolo FileInfoList Service;f:\program files\iolo\Common\Lib\ioloServiceManager.exe [12/12/2009 9:23 PM 704432]
R2 ioloSystemService;iolo System Service;f:\program files\iolo\Common\Lib\ioloServiceManager.exe [12/12/2009 9:23 PM 704432]
R2 WMP300NSvc;WMP300NSvc;f:\program files\Linksys\WMP300N\WLService.exe [11/15/2009 9:14 PM 53307]
R3 klmouflt;Kaspersky Lab KLMOUFLT;f:\windows\system32\drivers\klmouflt.sys [10/2/2009 8:39 PM 19472]
R3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;f:\windows\system32\drivers\WMP300Nv1.sys [11/15/2009 9:14 PM 822400]
S2 gupdate;Google Update Service (gupdate);f:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 12:55 AM 135664]
S2 LinksysUpdater;Linksys Updater;f:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 12:43 PM 204800]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;f:\windows\system32\DRIVERS\klim5.sys --> f:\windows\system32\DRIVERS\klim5.sys [?]
S3 UCharger;Energizer Usb Charger Driver;f:\windows\system32\drivers\UCharger.sys [5/15/2007 8:43 AM 13765]
.
Contents of the 'Scheduled Tasks' folder

2010-06-22 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-06-23 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 07:55]

2010-06-23 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 07:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - f:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - f:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.ca/s/v/61.17/uploader2.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 16:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(996)
f:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1152)
f:\windows\system32\WININET.dll
f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
f:\program files\MarkAny\ContentSafer\MaCSProHook.DLL
f:\program files\Windows Desktop Search\deskbar.dll
f:\program files\Windows Desktop Search\en-us\dbres.dll.mui
f:\program files\Windows Desktop Search\dbres.dll
f:\program files\Windows Desktop Search\wordwheel.dll
f:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
f:\program files\Windows Desktop Search\msnlExtRes.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\webcheck.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-23 16:28:02
ComboFix-quarantined-files.txt 2010-06-23 23:27
ComboFix2.txt 2010-06-23 22:57
ComboFix3.txt 2010-06-22 20:56
ComboFix4.txt 2010-06-22 20:40

Pre-Run: 275,322,171,392 bytes free
Post-Run: 275,308,879,872 bytes free

- - End Of File - - F1C7EBEFC739D81042995DAAE2C12977
========

OTL:
OTL logfile created on: 6/23/2010 4:30:39 PM - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = F:\Documents and Settings\Priesha\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 596.16 Gb Total Space | 256.44 Gb Free Space | 43.01% Space Free | Partition Type: NTFS
Drive G: | 377.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRIESHA-CCE7252
Current User Name: Priesha
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/23 16:29:21 | 000,574,464 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Priesha\Desktop\OTL.exe
PRC - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () -- F:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/07 18:33:11 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- F:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
PRC - [2007/08/20 04:22:00 | 005,306,368 | ---- | M] (Linksys) -- F:\Program Files\Linksys\WMP300N\WMP300N.exe
PRC - [2007/02/08 02:13:48 | 000,774,168 | ---- | M] () -- F:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2007/02/08 02:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- F:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/02/08 02:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- F:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/02/06 18:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- F:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2007/01/30 21:36:30 | 000,057,344 | ---- | M] ((주)마크애니) -- F:\Program Files\MarkAny\ContentSafer\MaAgent.exe
PRC - [2005/07/25 12:00:56 | 000,876,032 | ---- | M] (Nero AG) -- F:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005/07/04 02:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- F:\Program Files\Linksys\WMP300N\WLService.exe
PRC - [2005/05/19 18:11:06 | 000,925,696 | R--- | M] (Analog Devices, Inc.) -- F:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2005/02/25 17:28:03 | 000,212,992 | ---- | M] (Ahead Software) -- F:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe


========== Modules (SafeList) ==========

MOD - [2010/06/23 16:29:21 | 000,574,464 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Priesha\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\msscript.ocx
MOD - [2004/11/24 21:58:24 | 000,163,840 | ---- | M] (MarkAny Co., Ltd.) -- F:\Program Files\MarkAny\ContentSafer\MaCSProHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP300NSvc)
SRV - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () [Auto | Running] -- F:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () [Auto | Running] -- F:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/20 21:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- F:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/13 12:43:49 | 000,204,800 | ---- | M] () [Auto | Stopped] -- F:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/02/06 18:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- F:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/06 18:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- f:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005/07/25 12:00:56 | 000,876,032 | ---- | M] (Nero AG) [Auto | Stopped] -- F:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2005/07/25 12:00:56 | 000,876,032 | ---- | M] (Nero AG) [Auto | Running] -- F:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/01/08 16:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/11/16 19:04:56 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- F:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/14 22:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- F:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 20:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/01 16:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/02/10 17:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- F:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/12/12 19:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 19:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/09/18 00:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/18 07:17:22 | 000,822,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\WMP300Nv1.sys -- (WMP300Nv1)
DRV - [2007/05/15 08:43:50 | 000,013,765 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\UCharger.sys -- (UCharger)
DRV - [2007/02/06 18:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/06 18:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 18:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/02/03 11:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 11:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2007/01/27 11:40:43 | 000,015,440 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2006/12/13 16:41:48 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006/07/24 18:51:34 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\filedisk.sys -- (FileDisk)
DRV - [2006/07/07 15:24:24 | 000,564,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/14 21:56:48 | 000,141,312 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/08/10 22:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/07/25 11:53:28 | 000,101,504 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- F:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/25 11:53:04 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/07/25 02:52:59 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/27 16:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/10/14 02:52:28 | 000,004,962 | R--- | M] () [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/12 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/09/29 13:32:59 | 000,022,912 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2003/09/25 08:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- F:\Program Files\Linksys\WMP300N\GTNDIS5.sys -- (GTNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: F:\Program Files\Real\RealPlayer\browserrecord [2009/12/07 18:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/11/16 18:47:14 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/06/22 13:34:30 | 000,000,027 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ElbyCheckAnyDVD] F:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [googletalk] F:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] F:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [LogitechCommunicationsManager] F:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] F:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [MAAgent] F:\Program Files\MarkAny\ContentSafer\MaAgent.exe ((주)마크애니)
O4 - HKLM..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nmctxth] F:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] F:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SMSTray] F:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] F:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nike+ Utility.lnk = F:\Program Files\Nike+ Utility\Nike+ Utility.exe ()
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = F:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: F:\Documents and Settings\Priesha\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = F:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = F:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = F:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Value error.)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...7/uploader2.cab (UploadListView Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1257800191765 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.16 64.59.144.17
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - F:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - F:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - F:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - F:\WINDOWS\system32\klogon.dll - F:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: F:\Documents and Settings\Priesha\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\Priesha\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - F:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - F:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/16 09:09:36 | 000,000,045 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/23 16:29:20 | 000,574,464 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Priesha\Desktop\OTL.exe
[2010/06/23 16:18:58 | 000,000,000 | ---D | C] -- F:\ComboFix
[2010/06/23 11:54:30 | 000,000,000 | ---D | C] -- F:\Program Files\ERUNT
[2010/06/23 11:52:52 | 000,791,393 | ---- | C] (Lars Hederer ) -- F:\Documents and Settings\Priesha\Desktop\erunt_setup.exe
[2010/06/23 11:30:04 | 000,444,416 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Priesha\Desktop\TFC.exe
[2010/06/23 00:31:09 | 000,000,000 | ---D | C] -- F:\WINDOWS\temp
[2010/06/22 23:54:40 | 000,000,000 | ---D | C] -- F:\_OTL
[2010/06/22 22:33:44 | 000,000,000 | -HSD | C] -- F:\WINDOWS\CSC
[2010/06/22 21:47:39 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Priesha\Local Settings\Application Data\Ahead
[2010/06/22 13:27:50 | 000,000,000 | RHSD | C] -- F:\cmdcons
[2010/06/22 13:26:55 | 000,212,480 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWXCACLS.exe
[2010/06/22 13:26:55 | 000,161,792 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWREG.exe
[2010/06/22 13:26:55 | 000,136,704 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWSC.exe
[2010/06/22 13:26:55 | 000,031,232 | ---- | C] (NirSoft) -- F:\WINDOWS\NIRCMD.exe
[2010/06/22 13:26:49 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERDNT
[2010/06/22 13:26:35 | 000,000,000 | ---D | C] -- F:\Qoobox
[2010/06/22 12:25:00 | 000,000,000 | ---D | C] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010/06/22 11:16:31 | 000,000,000 | ---D | C] -- F:\Program Files\MSECACHE
[2010/06/22 11:16:25 | 000,359,656 | ---- | C] (Microsoft Corporation) -- F:\Documents and Settings\Priesha\Desktop\msicuu2.exe
[2010/06/21 19:48:15 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Real
[2010/06/21 12:12:42 | 073,543,224 | ---- | C] (Kaspersky Lab) -- F:\Documents and Settings\Priesha\Desktop\kis2010_9.0.0.736en.exe
[2010/06/11 16:48:21 | 000,743,424 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iedvtool.dll

========== Files - Modified Within 30 Days ==========

[2010/06/23 16:33:16 | 005,242,880 | ---- | M] () -- F:\Documents and Settings\Priesha\ntuser.dat
[2010/06/23 16:29:21 | 000,574,464 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Priesha\Desktop\OTL.exe
[2010/06/23 16:28:03 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2010/06/23 16:25:33 | 000,000,227 | ---- | M] () -- F:\WINDOWS\system.ini
[2010/06/23 16:13:03 | 000,000,888 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/23 15:43:51 | 003,719,180 | R--- | M] () -- F:\Documents and Settings\Priesha\Desktop\ComboFix.exe
[2010/06/23 15:37:14 | 000,192,954 | ---- | M] () -- F:\WINDOWS\System32\nvapps.xml
[2010/06/23 15:37:09 | 000,000,884 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/23 15:36:32 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2010/06/23 11:54:30 | 000,000,611 | ---- | M] () -- F:\Documents and Settings\Priesha\Desktop\NTREGOPT.lnk
[2010/06/23 11:54:30 | 000,000,592 | ---- | M] () -- F:\Documents and Settings\Priesha\Desktop\ERUNT.lnk
[2010/06/23 11:52:54 | 000,791,393 | ---- | M] (Lars Hederer ) -- F:\Documents and Settings\Priesha\Desktop\erunt_setup.exe
[2010/06/23 11:30:05 | 000,444,416 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Priesha\Desktop\TFC.exe
[2010/06/22 22:50:31 | 000,487,086 | ---- | M] () -- F:\Documents and Settings\Priesha\Desktop\kavremover9.zip
[2010/06/22 22:08:32 | 000,000,116 | ---- | M] () -- F:\WINDOWS\NeroDigital.ini
[2010/06/22 21:47:52 | 000,000,043 | -HS- | M] () -- F:\Documents and Settings\All Users\Application Data\.zreglib
[2010/06/22 21:43:40 | 000,000,745 | ---- | M] () -- F:\Documents and Settings\Priesha\Desktop\xp_exe_fix.zip
[2010/06/22 13:34:30 | 000,000,027 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts
[2010/06/22 13:27:55 | 000,000,279 | RHS- | M] () -- F:\boot.ini
[2010/06/22 12:25:00 | 000,000,284 | ---- | M] () -- F:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/22 11:49:20 | 000,001,324 | ---- | M] () -- F:\WINDOWS\System32\d3d9caps.dat
[2010/06/22 11:22:18 | 000,526,285 | ---- | M] () -- F:\Documents and Settings\Priesha\Desktop\PlatformInstallClean.zip
[2010/06/22 11:16:30 | 000,359,656 | ---- | M] (Microsoft Corporation) -- F:\Documents and Settings\Priesha\Desktop\msicuu2.exe
[2010/06/22 10:03:29 | 001,768,236 | ---- | M] () -- F:\Documents and Settings\Priesha\Desktop\Windows6.0-KB942288-v2-x86.msu
[2010/06/21 12:12:43 | 073,543,224 | ---- | M] (Kaspersky Lab) -- F:\Documents and Settings\Priesha\Desktop\kis2010_9.0.0.736en.exe
[2010/06/21 10:45:11 | 000,013,646 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2010/06/21 01:40:01 | 000,002,315 | -H-- | M] () -- F:\.picasa.ini
[2010/06/20 23:57:34 | 000,166,912 | ---- | M] () -- F:\Documents and Settings\Priesha\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/19 22:58:21 | 000,274,168 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 07:16:05 | 000,000,178 | -HS- | M] () -- F:\Documents and Settings\Priesha\ntuser.ini
[2010/06/12 04:12:41 | 000,641,190 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/12 04:12:41 | 000,543,850 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2010/06/12 04:12:41 | 000,105,554 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2010/05/31 20:27:01 | 000,000,170 | ---- | M] () -- F:\Documents and Settings\Priesha\default.pls
[2010/05/29 21:04:54 | 000,001,044 | ---- | M] () -- F:\Documents and Settings\Priesha\Application Data\vso_ts_preview.xml

========== Files Created - No Company Name ==========

[2010/06/23 11:54:30 | 000,000,611 | ---- | C] () -- F:\Documents and Settings\Priesha\Desktop\NTREGOPT.lnk
[2010/06/23 11:54:30 | 000,000,592 | ---- | C] () -- F:\Documents and Settings\Priesha\Desktop\ERUNT.lnk
[2010/06/22 22:43:29 | 000,487,086 | ---- | C] () -- F:\Documents and Settings\Priesha\Desktop\kavremover9.zip
[2010/06/22 21:43:40 | 000,000,745 | ---- | C] () -- F:\Documents and Settings\Priesha\Desktop\xp_exe_fix.zip
[2010/06/22 13:27:54 | 000,260,272 | ---- | C] () -- F:\cmldr
[2010/06/22 13:26:55 | 000,256,512 | ---- | C] () -- F:\WINDOWS\PEV.exe
[2010/06/22 13:26:55 | 000,098,816 | ---- | C] () -- F:\WINDOWS\sed.exe
[2010/06/22 13:26:55 | 000,080,412 | ---- | C] () -- F:\WINDOWS\grep.exe
[2010/06/22 13:26:55 | 000,077,312 | ---- | C] () -- F:\WINDOWS\MBR.exe
[2010/06/22 13:26:55 | 000,068,096 | ---- | C] () -- F:\WINDOWS\zip.exe
[2010/06/22 13:15:16 | 003,719,180 | R--- | C] () -- F:\Documents and Settings\Priesha\Desktop\ComboFix.exe
[2010/06/22 11:20:36 | 000,526,285 | ---- | C] () -- F:\Documents and Settings\Priesha\Desktop\PlatformInstallClean.zip
[2010/06/22 10:03:25 | 001,768,236 | ---- | C] () -- F:\Documents and Settings\Priesha\Desktop\Windows6.0-KB942288-v2-x86.msu
[2010/06/21 01:13:30 | 000,002,315 | -H-- | C] () -- F:\.picasa.ini
[2010/04/08 02:50:34 | 000,000,116 | ---- | C] () -- F:\WINDOWS\NeroDigital.ini
[2010/02/24 20:58:15 | 000,000,065 | ---- | C] () -- F:\WINDOWS\FISHUI.INI
[2009/12/21 14:55:50 | 000,299,008 | ---- | C] () -- F:\WINDOWS\System32\LAME_MP3.dll
[2009/12/21 14:54:33 | 000,921,600 | ---- | C] () -- F:\WINDOWS\System32\vorbisenc.dll
[2009/12/21 14:54:33 | 000,188,416 | ---- | C] () -- F:\WINDOWS\System32\vorbis.dll
[2009/12/21 14:54:32 | 000,237,568 | ---- | C] () -- F:\WINDOWS\System32\OggDS.dll
[2009/12/21 14:54:32 | 000,045,056 | ---- | C] () -- F:\WINDOWS\System32\Ogg.dll
[2009/12/21 14:44:48 | 000,000,332 | ---- | C] () -- F:\WINDOWS\System32\CNCMFP23.INI
[2009/12/21 14:40:43 | 000,040,960 | ---- | C] () -- F:\WINDOWS\System32\IPPCPUID.DLL
[2009/12/21 14:40:18 | 000,011,776 | ---- | C] () -- F:\WINDOWS\System32\pmsbfn32.dll
[2009/12/12 21:23:06 | 002,316,712 | ---- | C] () -- F:\WINDOWS\System32\Incinerator.dll
[2009/12/12 21:21:26 | 000,074,703 | ---- | C] () -- F:\WINDOWS\System32\mfc45.dll
[2009/11/19 21:20:25 | 000,050,127 | ---- | C] () -- F:\WINDOWS\System32\lvcoinst.ini
[2009/11/15 21:14:19 | 000,139,264 | ---- | C] () -- F:\WINDOWS\System32\preflib.dll
[2009/11/15 21:14:18 | 000,753,664 | ---- | C] () -- F:\WINDOWS\System32\bcm1xsup.dll
[2009/11/15 21:14:12 | 000,000,786 | ---- | C] () -- F:\WINDOWS\System32\WLAN.INI
[2009/11/09 14:06:24 | 000,094,208 | ---- | C] () -- F:\WINDOWS\System32\GTW32N50.dll
[2009/11/09 13:43:06 | 000,024,576 | R--- | C] () -- F:\WINDOWS\System32\AsIO.dll
[2009/11/09 13:43:06 | 000,004,962 | R--- | C] () -- F:\WINDOWS\System32\drivers\AsIO.sys
[2009/11/09 13:43:04 | 000,005,120 | ---- | C] () -- F:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/11/09 13:43:04 | 000,003,328 | ---- | C] () -- F:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/11/09 13:33:01 | 000,000,265 | R--- | C] () -- F:\WINDOWS\System32\raidmgmt.ini
[2009/11/09 13:32:49 | 000,005,810 | R--- | C] () -- F:\WINDOWS\System32\drivers\ASACPI.sys
[2009/11/09 13:32:30 | 000,020,910 | ---- | C] () -- F:\WINDOWS\Ascd_tmp.ini
[2009/11/09 13:32:27 | 000,005,824 | ---- | C] () -- F:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- F:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- F:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- F:\WINDOWS\System32\gthrctr.ini
[2007/05/15 08:43:50 | 000,013,765 | ---- | C] () -- F:\WINDOWS\System32\drivers\UCharger.sys
[2007/02/06 18:45:04 | 000,025,632 | ---- | C] () -- F:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/06 18:42:40 | 001,691,808 | ---- | C] () -- F:\WINDOWS\System32\drivers\Lvckap.sys
[2006/03/15 05:00:00 | 001,287,680 | ---- | C] () -- F:\WINDOWS\System32\quartz(2).dll
[2006/03/15 05:00:00 | 000,059,904 | ---- | C] () -- F:\WINDOWS\System32\devenum(2).dll
[2006/03/15 05:00:00 | 000,014,336 | ---- | C] () -- F:\WINDOWS\System32\msdmo(2).dll
[2005/09/17 17:32:00 | 001,724,416 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll
[2005/09/17 17:32:00 | 001,503,232 | ---- | C] () -- F:\WINDOWS\System32\nview.dll
[2005/09/17 17:32:00 | 001,101,824 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll
[2005/09/17 17:32:00 | 000,573,440 | ---- | C] () -- F:\WINDOWS\System32\nvhwvid.dll
[2005/09/17 17:32:00 | 000,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll
[2005/09/17 17:32:00 | 000,286,720 | ---- | C] () -- F:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- F:\WINDOWS\System32\psisdecd.dll
[2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- F:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- F:\WINDOWS\System32\xvidcore.dll
< End of report >

=====

Would really appreciate the help.

Thanks
  • 0

Advertisements

#2
mgeet
Posted 24 June 2010 - 02:59 PM

mgeet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
please help...I also ran gmer.exe and the result is as follows:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-24 13:30:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: F:\DOCUME~1\Priesha\LOCALS~1\Temp\axeiafow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB6A9458C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB6A94E0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB6A95922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB6A95E94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xB6A950EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xB6A93436]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB6A95D6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB6A94192]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB6A95C28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB6A9434E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB6A95FC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB6A97C08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xB6A94AAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB6A95CCA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB6A975FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB6A939FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB6A93D88]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB6A95576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB6A985CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB6A93ECA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB6A93F74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xB6A95382]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB6A9768C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB6A93412]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB6A93424]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB6A97CBC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB6A940C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB6A95F36]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xB6A94E8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xB6A935DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB6A95E04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB6A94792]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB6A97C32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB6A96068]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB6A946B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB6A9401E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB6A93C46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB6A97FD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB6A93896]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB6A97922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB6A93B0E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB6A932B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB6A963F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB6A962B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB6A9739A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB6A9AE2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB6A984AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB6A93248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB6A9565C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB6A94CC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB6A96C4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xB6A97786]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB6A98114]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB6A9371E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB6A981F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB6A98320]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB6A97526]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xB6A9490A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB6A94860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB6A97E8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB6A949EA]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B6A894DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B6A898B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C98 80504534 16 Bytes [4E, 43, A9, B6, C6, 5F, A9, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D54 805045F0 12 Bytes [8C, 76, A9, B6, 12, 34, A9, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2ED0 8050476C 16 Bytes [0E, 3B, A9, B6, B0, 32, A9, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC4 80504860 12 Bytes [F8, 81, A9, B6, 20, 83, A9, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 3024 805048C0 4 Bytes JMP F4B6A949
.text F:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9437360, 0x32DEFD, 0xE8000020]
init F:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB6B1DA80]

---- User code sections - GMER 1.0.15 ----

.text F:\WINDOWS\system32\SearchIndexer.exe[2120] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C F:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

---- EOF - GMER 1.0.15 ----


hope this helps my saviour..!!!
  • 0

#3
mgeet
Posted 28 June 2010 - 07:35 PM

mgeet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Please help.!!!!
this is my latest gmer file:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-28 17:32:45
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: F:\DOCUME~1\Priesha\LOCALS~1\Temp\axeiafow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text F:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9237360, 0x32DEFD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text F:\WINDOWS\system32\SearchIndexer.exe[4076] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C F:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#4
mgeet
Posted 29 June 2010 - 02:01 PM

mgeet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
someone please help....I am exhausted and need help..
:)
  • 0

#5
mpascal
Posted 06 July 2010 - 05:19 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi mgeet,

Welcome to Geeks To Go!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
I suggest you have a bit more patience. Everyone here at this site is a volunteer, so you probably won't always get immediate help.

As it has been a few days, I'm going to need some fresh logs. Please run the following:

STEP 1 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

STEP 3 - OTL

Open OTL. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Change the Standard Registry and Extra Registry options to Use Safelist.
  • Check the boxes beside LOP Check and Purity Check.
  • In the Custom Scans box, copy and paste the following:
    netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window. OTL.Txt.This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • OTL Log
  • GMER Log

  • 0

#6
mgeet
Posted 07 July 2010 - 03:18 AM

mgeet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Mpascal

I appreciate your help and sorry for being a little impatient. here are the log as per the requirement.

Mbam.log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4234

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/24/2010 10:45:01 AM
mbam-log-2010-06-24 (10-45-01).txt

Scan type: Quick scan
Objects scanned: 137990
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
============================================================
OTL.txt

OTL logfile created on: 7/7/2010 2:00:00 AM - Run 4
OTL by OldTimer - Version 3.2.7.0 Folder = F:\Documents and Settings\Priesha\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 596.16 Gb Total Space | 256.20 Gb Free Space | 42.98% Space Free | Partition Type: NTFS
Drive G: | 377.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRIESHA-CCE7252
Current User Name: Priesha
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - F:\Documents and Settings\Priesha\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - F:\WINDOWS\system32\java.exe (Sun Microsystems, Inc.)
PRC - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - F:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - F:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - F:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - F:\Program Files\Nike+ Utility\Nike+ Utility.exe ()
PRC - F:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - F:\Program Files\Linksys\WMP300N\WMP300N.exe (Linksys)
PRC - F:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
PRC - F:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
PRC - F:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
PRC - F:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - f:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - F:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - F:\Program Files\MarkAny\ContentSafer\MaAgent.exe ((주)마크애니)
PRC - F:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - F:\Program Files\Linksys\WMP300N\WLService.exe (GEMTEKS)
PRC - F:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe (Ahead Software)


========== Modules (SafeList) ==========

MOD - F:\Documents and Settings\Priesha\Desktop\OTL.exe (OldTimer Tools)
MOD - F:\WINDOWS\system32\nview.dll ()
MOD - F:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
MOD - F:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - F:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - F:\Program Files\MarkAny\ContentSafer\MaCSProHook.dll (MarkAny Co., Ltd.)


========== Win32 Services (SafeList) ==========

SRV - (WMP300NSvc) -- File not found
SRV - (ioloSystemService) -- F:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- F:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (Apple Mobile Device) -- F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (nmservice) -- F:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (LinksysUpdater) -- F:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (LVSrvLauncher) -- F:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- f:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (InCDsrvR) InCD Helper (read only) -- F:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (InCDsrv) -- F:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV - (BS_DEF) -- F:\WINDOWS\BS_DEF.sys (AsusTek Computer Inc.)
DRV - (taphss) -- F:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (klbg) -- F:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- F:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (ISODrive) -- F:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (purendis) -- F:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- F:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (nv) -- F:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- F:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- F:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (WMP300Nv1) -- F:\WINDOWS\system32\drivers\WMP300Nv1.sys (Broadcom Corporation)
DRV - (UCharger) -- F:\WINDOWS\system32\drivers\UCharger.sys ()
DRV - (LVPr2Mon) -- F:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- F:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- F:\WINDOWS\system32\drivers\Lvckap.sys ()
DRV - (LVUSBSta) -- F:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (CamDrL) Logitech QuickCam Pro 3000(CamDrl) -- F:\WINDOWS\system32\drivers\Camdrl.sys (Logitech Inc.)
DRV - (ElbyCDIO) -- F:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay) -- F:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (FileDisk) -- F:\WINDOWS\system32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (BCM43XX) -- F:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (InCDfs) -- F:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- F:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (incdrm) -- F:\WINDOWS\system32\drivers\InCDrm.sys (Nero AG)
DRV - (AmdK8) -- F:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HdAudAddService) -- F:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (AsIO) -- F:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (MTsensor) -- F:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (AnyDVD) -- F:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (GTNDIS5) -- F:\Program Files\Linksys\WMP300N\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: F:\Program Files\Real\RealPlayer\browserrecord [2009/12/07 18:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/11/16 18:47:14 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/06/22 13:34:30 | 000,000,027 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ElbyCheckAnyDVD] F:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [googletalk] F:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] F:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] F:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] F:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [MAAgent] F:\Program Files\MarkAny\ContentSafer\MaAgent.exe ((주)마크애니)
O4 - HKLM..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nmctxth] F:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] F:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SMSTray] F:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [TkBellExe] F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] F:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nike+ Utility.lnk = F:\Program Files\Nike+ Utility\Nike+ Utility.exe ()
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = F:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: F:\Documents and Settings\Priesha\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = F:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: F:\Documents and Settings\Priesha\Start Menu\Programs\Startup\setup_9.0.0.722_28.06.2010_23-45.lnk = F:\Documents and Settings\Priesha\Desktop\Virus Removal Tool\setup_9.0.0.722_28.06.2010_23-45\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = F:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = F:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - F:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Value error.)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...7/uploader2.cab (UploadListView Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1257800191765 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.16 64.59.144.17
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - F:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - F:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - F:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - F:\WINDOWS\system32\klogon.dll - F:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: F:\Documents and Settings\Priesha\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\Priesha\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - F:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - F:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/16 09:09:36 | 000,000,045 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - F:\WINDOWS\system32\ias [2009/11/08 13:54:23 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - F:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - F:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - F:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - F:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - F:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - F:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - F:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - F:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - F:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - F:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - F:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - F:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - F:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - F:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - F:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - F:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - F:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - F:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - F:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - F:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - F:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - F:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - F:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - F:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - F:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - F:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - F:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - F:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - F:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - F:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - F:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - F:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - F:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746478449557504)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/06 16:18:22 | 000,000,000 | ---D | C] -- F:\ComboFix
[2010/07/05 16:40:06 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Priesha\My Documents\My Drive Images
[2010/07/05 16:33:44 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Priesha\Local Settings\Application Data\Help
[2010/07/05 16:33:44 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Priesha\Application Data\Help
[2010/06/28 19:46:41 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Priesha\Desktop\Virus Removal Tool
[2010/06/28 19:46:29 | 074,312,200 | ---- | C] ( ) -- F:\Documents and Settings\Priesha\Desktop\setup_9.0.0.722_28.06.2010_23-45.exe
[2010/06/28 19:36:49 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/06/28 19:36:46 | 000,000,000 | ---D | C] -- F:\Program Files\Security Task Manager
[2010/06/28 15:24:37 | 001,614,848 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sfcfiles.dll
[2010/06/28 15:24:37 | 000,990,208 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\syssetup.dll
[2010/06/28 15:24:37 | 000,074,752 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\storprop.dll
[2010/06/28 11:45:23 | 000,048,035 | ---- | C] (AsusTek Computer Inc.) -- F:\WINDOWS\BS_DEF.sys
[2010/06/28 11:45:22 | 000,159,744 | ---- | C] (ASUSTeK Computer Inc.) -- F:\WINDOWS\BS_DEF.DLL
[2010/06/28 11:45:22 | 000,057,344 | ---- | C] (ASUSTeK Computer Inc.) -- F:\WINDOWS\BIOSINFO.DLL
[2010/06/28 11:45:22 | 000,053,248 | ---- | C] (ASUSTeK Computer Inc.) -- F:\WINDOWS\ASUSBIOS.DLL
[2010/06/25 11:43:39 | 073,543,224 | ---- | C] (Kaspersky Lab) -- F:\Documents and Settings\Priesha\Desktop\kis2010_9.0.0.736en.exe
[2010/06/25 10:41:24 | 005,037,528 | ---- | C] (Uniblue Systems Ltd ) -- F:\Documents and Settings\Priesha\Desktop\cbbleepingregistrybooster.exe
[2010/06/24 10:37:43 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Priesha\Application Data\Malwarebytes
[2010/06/24 10:37:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/24 10:37:03 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/24 10:37:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2010/06/24 10:37:02 | 000,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware
[2010/06/24 10:36:45 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- F:\Documents and Settings\Priesha\Desktop\mbam-setup-1.46.exe
[2010/06/23 16:29:20 | 000,574,464 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Priesha\Desktop\OTL.exe
[2010/06/23 11:52:52 | 000,791,393 | ---- | C] (Lars Hederer ) -- F:\Documents and Settings\Priesha\Desktop\erunt_setup.exe
[2010/06/23 11:30:04 | 000,444,416 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Priesha\Desktop\TFC.exe
[2010/06/23 00:31:09 | 000,000,000 | ---D | C] -- F:\WINDOWS\temp
[2010/06/22 23:54:40 | 000,000,000 | ---D | C] -- F:\_OTL
[2010/06/22 22:33:44 | 000,000,000 | -HSD | C] -- F:\WINDOWS\CSC
[2010/06/22 21:47:39 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Priesha\Local Settings\Application Data\Ahead
[2010/06/22 13:27:50 | 000,000,000 | RHSD | C] -- F:\cmdcons
[2010/06/22 13:26:55 | 000,212,480 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWXCACLS.exe
[2010/06/22 13:26:55 | 000,161,792 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWREG.exe
[2010/06/22 13:26:55 | 000,136,704 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWSC.exe
[2010/06/22 13:26:55 | 000,031,232 | ---- | C] (NirSoft) -- F:\WINDOWS\NIRCMD.exe
[2010/06/22 13:26:49 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERDNT
[2010/06/22 13:26:35 | 000,000,000 | ---D | C] -- F:\Qoobox
[2010/06/22 12:25:00 | 000,000,000 | ---D | C] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010/06/22 11:16:31 | 000,000,000 | ---D | C] -- F:\Program Files\MSECACHE
[2010/06/22 11:16:25 | 000,359,656 | ---- | C] (Microsoft Corporation) -- F:\Documents and Settings\Priesha\Desktop\msicuu2.exe
[2010/06/21 19:48:15 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Real
[2010/06/11 16:48:21 | 000,743,424 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iedvtool.dll

========== Files - Modified Within 30 Days ==========

[2010/07/07 01:44:51 | 000,192,954 | ---- | M] () -- F:\WINDOWS\System32\nvapps.xml
[2010/07/07 01:44:48 | 000,000,884 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/07 01:44:46 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2010/07/07 01:44:43 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2010/07/07 01:42:46 | 005,505,024 | ---- | M] () -- F:\Documents and Settings\Priesha\ntuser.dat
[2010/07/07 01:13:00 | 000,000,888 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/07 00:40:58 | 000,000,426 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{ABC29F50-9396-45B7-9645-240548896218}.job
[2010/07/06 16:22:48 | 000,000,227 | ---- | M] () -- F:\WINDOWS\system.ini
[2010/07/06 16:17:52 | 003,727,937 | R--- | M] () -- F:\Documents and Settings\Priesha\Desktop\ComboFix.exe
[2010/07/06 12:25:00 | 000,000,284 | ---- | M] () -- F:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/05 11:53:27 | 000,013,646 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2010/06/28 19:47:15 | 000,002,232 | ---- | M] () -- F:\Documents and Settings\Priesha\Start Menu\Programs\Startup\setup_9.0.0.722_28.06.2010_23-45.lnk
[2010/06/28 14:14:34 | 074,312,200 | ---- | M] ( ) -- F:\Documents and Settings\Priesha\Desktop\setup_9.0.0.722_28.06.2010_23-45.exe
[2010/06/28 11:45:23 | 000,048,035 | ---- | M] (AsusTek Computer Inc.) -- F:\WINDOWS\BS_DEF.sys
[2010/06/28 11:45:15 | 000,000,268 | ---- | M] () -- F:\WINDOWS\_delis32.ini
[2010/06/28 11:39:59 | 000,020,910 | ---- | M] () -- F:\WINDOWS\Ascd_tmp.ini
[2010/06/25 11:32:46 | 073,543,224 | ---- | M] (Kaspersky Lab) -- F:\Documents and Settings\Priesha\Desktop\kis2010_9.0.0.736en.exe
[2010/06/25 10:43:36 | 005,037,528 | ---- | M] (Uniblue Systems Ltd ) -- F:\Documents and Settings\Priesha\Desktop\cbbleepingregistrybooster.exe
[2010/06/25 10:32:34 | 000,263,988 | ---- | M] () -- F:\Documents and Settings\Priesha\Desktop\KAV_Registry_Clean.zip
[2010/06/24 10:55:02 | 000,284,915 | ---- | M] () -- F:\Documents and Settings\Priesha\Desktop\gmer.zip
[2010/06/24 10:37:06 | 000,000,696 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/24 10:29:30 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- F:\Documents and Settings\Priesha\Desktop\mbam-setup-1.46.exe
[2010/06/23 16:29:21 | 000,574,464 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Priesha\Desktop\OTL.exe
[2010/06/23 11:52:54 | 000,791,393 | ---- | M] (Lars Hederer ) -- F:\Documents and Settings\Priesha\Desktop\erunt_setup.exe
[2010/06/23 11:30:05 | 000,444,416 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Priesha\Desktop\TFC.exe
[2010/06/22 22:08:32 | 000,000,116 | ---- | M] () -- F:\WINDOWS\NeroDigital.ini
[2010/06/22 21:47:52 | 000,000,043 | -HS- | M] () -- F:\Documents and Settings\All Users\Application Data\.zreglib
[2010/06/22 21:43:40 | 000,000,745 | ---- | M] () -- F:\Documents and Settings\Priesha\Desktop\xp_exe_fix.zip
[2010/06/22 13:34:30 | 000,000,027 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts
[2010/06/22 13:27:55 | 000,000,279 | RHS- | M] () -- F:\boot.ini
[2010/06/22 11:49:20 | 000,001,324 | ---- | M] () -- F:\WINDOWS\System32\d3d9caps.dat
[2010/06/22 11:22:18 | 000,526,285 | ---- | M] () -- F:\Documents and Settings\Priesha\Desktop\PlatformInstallClean.zip
[2010/06/22 11:16:30 | 000,359,656 | ---- | M] (Microsoft Corporation) -- F:\Documents and Settings\Priesha\Desktop\msicuu2.exe
[2010/06/22 10:03:29 | 001,768,236 | ---- | M] () -- F:\Documents and Settings\Priesha\Desktop\Windows6.0-KB942288-v2-x86.msu
[2010/06/21 01:40:01 | 000,002,315 | -H-- | M] () -- F:\.picasa.ini
[2010/06/20 23:57:34 | 000,166,912 | ---- | M] () -- F:\Documents and Settings\Priesha\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/19 22:58:21 | 000,274,168 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 07:16:05 | 000,000,178 | -HS- | M] () -- F:\Documents and Settings\Priesha\ntuser.ini
[2010/06/12 04:12:41 | 000,641,190 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/12 04:12:41 | 000,543,850 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2010/06/12 04:12:41 | 000,105,554 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/07/06 15:44:09 | 000,000,426 | -H-- | C] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{ABC29F50-9396-45B7-9645-240548896218}.job
[2010/06/28 14:30:32 | 000,002,232 | ---- | C] () -- F:\Documents and Settings\Priesha\Start Menu\Programs\Startup\setup_9.0.0.722_28.06.2010_23-45.lnk
[2010/06/28 11:45:15 | 000,000,268 | ---- | C] () -- F:\WINDOWS\_delis32.ini
[2010/06/25 10:35:32 | 000,263,988 | ---- | C] () -- F:\Documents and Settings\Priesha\Desktop\KAV_Registry_Clean.zip
[2010/06/24 11:10:54 | 000,284,915 | ---- | C] () -- F:\Documents and Settings\Priesha\Desktop\gmer.zip
[2010/06/24 10:37:06 | 000,000,696 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/22 21:43:40 | 000,000,745 | ---- | C] () -- F:\Documents and Settings\Priesha\Desktop\xp_exe_fix.zip
[2010/06/22 13:27:54 | 000,260,272 | ---- | C] () -- F:\cmldr
[2010/06/22 13:26:55 | 000,256,512 | ---- | C] () -- F:\WINDOWS\PEV.exe
[2010/06/22 13:26:55 | 000,098,816 | ---- | C] () -- F:\WINDOWS\sed.exe
[2010/06/22 13:26:55 | 000,080,412 | ---- | C] () -- F:\WINDOWS\grep.exe
[2010/06/22 13:26:55 | 000,077,312 | ---- | C] () -- F:\WINDOWS\MBR.exe
[2010/06/22 13:26:55 | 000,068,096 | ---- | C] () -- F:\WINDOWS\zip.exe
[2010/06/22 13:15:16 | 003,727,937 | R--- | C] () -- F:\Documents and Settings\Priesha\Desktop\ComboFix.exe
[2010/06/22 11:20:36 | 000,526,285 | ---- | C] () -- F:\Documents and Settings\Priesha\Desktop\PlatformInstallClean.zip
[2010/06/22 10:03:25 | 001,768,236 | ---- | C] () -- F:\Documents and Settings\Priesha\Desktop\Windows6.0-KB942288-v2-x86.msu
[2010/06/21 01:13:30 | 000,002,315 | -H-- | C] () -- F:\.picasa.ini
[2010/04/08 02:50:34 | 000,000,116 | ---- | C] () -- F:\WINDOWS\NeroDigital.ini
[2010/02/24 20:58:15 | 000,000,065 | ---- | C] () -- F:\WINDOWS\FISHUI.INI
[2009/12/21 14:55:50 | 000,299,008 | ---- | C] () -- F:\WINDOWS\System32\LAME_MP3.dll
[2009/12/21 14:54:33 | 000,921,600 | ---- | C] () -- F:\WINDOWS\System32\vorbisenc.dll
[2009/12/21 14:54:33 | 000,188,416 | ---- | C] () -- F:\WINDOWS\System32\vorbis.dll
[2009/12/21 14:54:32 | 000,237,568 | ---- | C] () -- F:\WINDOWS\System32\OggDS.dll
[2009/12/21 14:54:32 | 000,045,056 | ---- | C] () -- F:\WINDOWS\System32\Ogg.dll
[2009/12/21 14:44:48 | 000,000,332 | ---- | C] () -- F:\WINDOWS\System32\CNCMFP23.INI
[2009/12/21 14:40:43 | 000,040,960 | ---- | C] () -- F:\WINDOWS\System32\IPPCPUID.DLL
[2009/12/21 14:40:18 | 000,011,776 | ---- | C] () -- F:\WINDOWS\System32\pmsbfn32.dll
[2009/12/12 21:23:06 | 002,316,712 | ---- | C] () -- F:\WINDOWS\System32\Incinerator.dll
[2009/12/12 21:21:26 | 000,074,703 | ---- | C] () -- F:\WINDOWS\System32\mfc45.dll
[2009/11/19 21:20:25 | 000,050,127 | ---- | C] () -- F:\WINDOWS\System32\lvcoinst.ini
[2009/11/15 21:14:19 | 000,139,264 | ---- | C] () -- F:\WINDOWS\System32\preflib.dll
[2009/11/15 21:14:18 | 000,753,664 | ---- | C] () -- F:\WINDOWS\System32\bcm1xsup.dll
[2009/11/15 21:14:12 | 000,000,786 | ---- | C] () -- F:\WINDOWS\System32\WLAN.INI
[2009/11/09 14:06:24 | 000,094,208 | ---- | C] () -- F:\WINDOWS\System32\GTW32N50.dll
[2009/11/09 13:43:06 | 000,024,576 | R--- | C] () -- F:\WINDOWS\System32\AsIO.dll
[2009/11/09 13:43:06 | 000,004,962 | R--- | C] () -- F:\WINDOWS\System32\drivers\AsIO.sys
[2009/11/09 13:43:04 | 000,005,120 | ---- | C] () -- F:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/11/09 13:43:04 | 000,003,328 | ---- | C] () -- F:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/11/09 13:33:01 | 000,000,265 | R--- | C] () -- F:\WINDOWS\System32\raidmgmt.ini
[2009/11/09 13:32:49 | 000,005,810 | R--- | C] () -- F:\WINDOWS\System32\drivers\ASACPI.sys
[2009/11/09 13:32:30 | 000,020,910 | ---- | C] () -- F:\WINDOWS\Ascd_tmp.ini
[2009/11/09 13:32:27 | 000,005,824 | ---- | C] () -- F:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- F:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- F:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- F:\WINDOWS\System32\gthrctr.ini
[2007/05/15 08:43:50 | 000,013,765 | ---- | C] () -- F:\WINDOWS\System32\drivers\UCharger.sys
[2007/02/06 18:45:04 | 000,025,632 | ---- | C] () -- F:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/06 18:42:40 | 001,691,808 | ---- | C] () -- F:\WINDOWS\System32\drivers\Lvckap.sys
[2006/03/15 05:00:00 | 001,287,680 | ---- | C] () -- F:\WINDOWS\System32\quartz(2).dll
[2006/03/15 05:00:00 | 000,059,904 | ---- | C] () -- F:\WINDOWS\System32\devenum(2).dll
[2006/03/15 05:00:00 | 000,014,336 | ---- | C] () -- F:\WINDOWS\System32\msdmo(2).dll
[2005/09/17 17:32:00 | 001,724,416 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll
[2005/09/17 17:32:00 | 001,503,232 | ---- | C] () -- F:\WINDOWS\System32\nview.dll
[2005/09/17 17:32:00 | 001,101,824 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll
[2005/09/17 17:32:00 | 000,573,440 | ---- | C] () -- F:\WINDOWS\System32\nvhwvid.dll
[2005/09/17 17:32:00 | 000,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll
[2005/09/17 17:32:00 | 000,286,720 | ---- | C] () -- F:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- F:\WINDOWS\System32\psisdecd.dll
[2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- F:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- F:\WINDOWS\System32\xvidcore.dll

========== LOP Check ==========

[2009/12/06 16:24:10 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010/05/05 13:07:39 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\iolo
[2009/11/09 14:22:54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Linksys
[2009/12/20 00:20:12 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\RoboForm
[2010/06/28 19:37:17 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/12/07 21:25:16 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\vsosdk
[2010/04/04 03:50:32 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\WinZip
[2009/12/13 01:27:28 | 000,000,000 | -H-D | M] -- F:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
[2010/04/06 12:43:36 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/27 20:51:58 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/21 10:55:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Priesha\Application Data\BitTorrent
[2009/12/22 02:26:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Priesha\Application Data\Canon
[2009/12/21 14:54:51 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Priesha\Application Data\DataCast
[2009/12/12 21:26:19 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Priesha\Application Data\iolo
[2009/12/21 23:09:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Priesha\Application Data\NewSoft
[2009/12/27 21:13:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Priesha\Application Data\OpenCandy
[2010/01/29 18:41:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Priesha\Application Data\Red Kawa
[2010/04/08 02:38:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Priesha\Application Data\Simple Star
[2010/04/08 02:51:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Priesha\Application Data\Snapfish
[2010/06/25 10:49:21 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Priesha\Application Data\Uniblue
[2010/05/29 19:21:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Priesha\Application Data\Vso
[2009/11/16 19:19:22 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Priesha\Application Data\Windows Desktop Search
[2010/01/19 14:56:34 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Priesha\Application Data\Windows Search
[2010/07/07 00:40:58 | 000,000,426 | -H-- | M] () -- F:\WINDOWS\Tasks\User_Feed_Synchronization-{ABC29F50-9396-45B7-9645-240548896218}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/21 01:40:01 | 000,002,315 | -H-- | M] () -- F:\.picasa.ini
[2010/06/22 13:27:55 | 000,000,279 | RHS- | M] () -- F:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- F:\cmldr
[2010/07/06 16:25:04 | 000,014,577 | ---- | M] () -- F:\ComboFix.txt
[2006/03/15 05:00:00 | 000,047,564 | RHS- | M] () -- F:\NTDETECT.COM
[2009/11/09 00:55:56 | 000,250,048 | RHS- | M] () -- F:\ntldr
[2010/07/07 01:44:37 | 2145,386,496 | -HS- | M] () -- F:\pagefile.sys
[2009/11/08 22:53:52 | 000,000,140 | ---- | M] () -- F:\reset.log
[2010/06/24 10:05:42 | 000,000,373 | ---- | M] () -- F:\rkill.log

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- F:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- F:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- F:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- F:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/11/08 21:14:58 | 000,000,067 | -HS- | M] () -- F:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/11/08 13:58:51 | 000,094,208 | ---- | M] () -- F:\WINDOWS\system32\config\default.sav
[2009/11/08 13:58:51 | 000,659,456 | ---- | M] () -- F:\WINDOWS\system32\config\software.sav
[2009/11/08 13:58:51 | 000,913,408 | ---- | M] () -- F:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- F:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- F:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 17:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- F:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-12 14:00:35
< End of report >

=================
GMER .log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-07 01:38:26
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: F:\DOCUME~1\Priesha\LOCALS~1\Temp\axeiafow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text F:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9319360, 0x32DEFD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text F:\WINDOWS\system32\SearchIndexer.exe[3936] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C F:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT F:\WINDOWS\Explorer.EXE[356] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [017B2EC0] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\WINDOWS\Explorer.EXE[356] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [017B2C30] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\WINDOWS\Explorer.EXE[356] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [017B2C90] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\WINDOWS\Explorer.EXE[356] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [017B2C60] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\Program Files\Logitech\QuickCam10\QuickCam10.exe[684] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01942EC0] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\Program Files\Logitech\QuickCam10\QuickCam10.exe[684] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01942C30] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\Program Files\Logitech\QuickCam10\QuickCam10.exe[684] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01942C90] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\Program Files\Logitech\QuickCam10\QuickCam10.exe[684] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01942C60] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\WINDOWS\system32\wscntfy.exe[1392] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D32EC0] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\WINDOWS\system32\wscntfy.exe[1392] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D32C30] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\WINDOWS\system32\wscntfy.exe[1392] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D32C90] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\WINDOWS\system32\wscntfy.exe[1392] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D32C60] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\Documents and Settings\Priesha\Local Settings\temp\wze3d7\gmer.exe[3056] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\Documents and Settings\Priesha\Local Settings\temp\wze3d7\gmer.exe[3056] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\Documents and Settings\Priesha\Local Settings\temp\wze3d7\gmer.exe[3056] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\Documents and Settings\Priesha\Local Settings\temp\wze3d7\gmer.exe[3056] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\WINDOWS\eHome\ehmsas.exe[3172] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00992EC0] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\WINDOWS\eHome\ehmsas.exe[3172] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00992C30] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\WINDOWS\eHome\ehmsas.exe[3172] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00992C90] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\WINDOWS\eHome\ehmsas.exe[3172] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00992C60] F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Files - GMER 1.0.15 ----

File F:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS007BC.log 131072 bytes
File F:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS007BD.log 131072 bytes
File F:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS007BE.log 0 bytes
File F:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS007BF.log 0 bytes

---- EOF - GMER 1.0.15 ----
=======

Thanks once again..just one thing ..when I ran the OTL it keep giving an "windows- no disk" exception processing msg c0000013 error.and I clicked on cancel all the time. Hope this does not make a difference to the log file.

thanks
mgeet
  • 0

#7
mpascal
Posted 07 July 2010 - 02:23 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

  • 0

#8
mgeet
Posted 07 July 2010 - 09:30 PM

mgeet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi
the internet is connected, but everytime I try to go to geekstogo.com, it says ie has recovered but then again it goes to blank mode. I feel the ie is also hacked. what should i do.? I cannot download TFC or do anything.

Thanks once again
Geet
  • 0

#9
mpascal
Posted 07 July 2010 - 11:52 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts

it says ie has recovered but then again it goes to blank mode.

IE crashes when you try to go to a website? What is blank mode?
  • 0

#10
mgeet
Posted 08 July 2010 - 12:03 AM

mgeet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
ie goes to the home page which is google. and then when I type geekstogo.com it gives me an error saying "internet explorer has encountered a problme and needs to close.We are sorry for the inconvenience"..in the background, it shows a page with the address bar saying "res://ieframe.dll/acr_erroe.htm#geekstogo.com,http://www.geekstogo.com/ and the page reads "we are unable to return you to geekstogo.com"..."internet explorer has stopped trying to restore this website.It appears that the website continues to have a problem"

hope this helps...
  • 0

Advertisements

#11
mpascal
Posted 08 July 2010 - 10:57 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Does this happen with all websites?
  • 0

#12
mgeet
Posted 08 July 2010 - 03:48 PM

mgeet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi

It is happening with every website.

thks
geet
  • 0

#13
mpascal
Posted 08 July 2010 - 04:22 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
  • 0

#14
mgeet
Posted 09 July 2010 - 12:45 PM

mgeet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
sorry I am late..I had some errands to run.here is the combofix.log as requested by you. Also, since I cannot access the internet I have to transfer files on a USB and then to another computer to sent. Hope this would not effect my other computer.

combofix file:
ComboFix 10-07-08.02 - Priesha 07/09/2010 11:29:39.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1399 [GMT -7:00]
Running from: f:\documents and settings\Priesha\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-07-05 23:33 . 2010-07-05 23:33 -------- d-----w- f:\documents and settings\Priesha\Local Settings\Application Data\Help
2010-06-29 02:36 . 2010-06-29 02:36 304 ----a-w- f:\documents and settings\All Users\Application Data\SecTaskMan\icn_3DB929DD14D57044EB4011B9A4368196.dll
2010-06-28 22:24 . 2008-04-14 00:12 990208 -c--a-w- f:\windows\system32\dllcache\syssetup.dll
2010-06-28 22:24 . 2008-04-14 00:12 74752 -c--a-w- f:\windows\system32\dllcache\storprop.dll
2010-06-28 22:24 . 2008-04-14 00:12 1614848 -c--a-w- f:\windows\system32\dllcache\sfcfiles.dll
2010-06-28 18:45 . 2010-06-28 18:45 48035 ----a-w- f:\windows\BS_DEF.sys
2010-06-28 18:45 . 2005-07-06 00:58 57344 ----a-w- f:\windows\BIOSINFO.DLL
2010-06-28 18:45 . 2005-06-21 00:24 159744 ----a-w- f:\windows\BS_DEF.DLL
2010-06-28 18:45 . 2004-11-24 19:07 53248 ----a-w- f:\windows\ASUSBIOS.DLL
2010-06-24 17:37 . 2010-06-24 17:37 -------- d-----w- f:\documents and settings\Priesha\Application Data\Malwarebytes
2010-06-24 17:37 . 2010-04-29 22:39 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-06-24 17:37 . 2010-06-24 17:37 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-24 17:37 . 2010-06-24 17:37 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2010-06-24 17:37 . 2010-04-29 22:39 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-06-23 06:54 . 2010-06-23 06:54 -------- d-----w- F:\_OTL
2010-06-23 05:34 . 2010-06-23 05:34 -------- d-sh--w- f:\documents and settings\Administrator\PrivacIE
2010-06-23 04:47 . 2010-06-23 04:47 -------- d-----w- f:\documents and settings\Priesha\Local Settings\Application Data\Ahead
2010-06-22 19:25 . 2010-06-22 19:25 -------- d-----w- f:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-06-22 18:51 . 2010-06-22 18:51 -------- d-----w- f:\documents and settings\Administrator\Application Data\iolo
2010-06-22 18:16 . 2010-06-22 19:03 -------- d-----w- f:\program files\MSECACHE
2010-06-22 02:48 . 2010-06-22 02:48 439816 ----a-w- f:\documents and settings\Priesha\Application Data\Real\Update\setup3.10\setup.exe
2010-06-20 06:17 . 2010-06-20 06:17 133648 ----a-w- f:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-20 06:17 . 2010-06-20 06:17 133720 ----a-w- f:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-11 23:48 . 2010-05-06 10:41 743424 -c----w- f:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 18:14 . 2009-11-09 07:27 -------- d-----w- f:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-07-09 18:09 . 2009-12-13 04:31 518 ----a-w- f:\documents and settings\Priesha\Application Data\iolo\Registry\Last\restore.bat
2010-07-06 23:15 . 2009-12-13 04:26 1527 ----a-w- f:\documents and settings\Priesha\Application Data\iolo\restore.bat
2010-07-05 23:35 . 2010-06-29 02:36 -------- d-----w- f:\program files\Security Task Manager
2010-06-29 02:36 . 2010-06-29 02:36 3568 ----a-w- f:\documents and settings\All Users\Application Data\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D.dll
2010-06-28 22:03 . 2009-11-09 21:00 -------- d-----w- f:\documents and settings\All Users\Application Data\nView_Profiles
2010-06-25 17:49 . 2009-11-09 20:07 -------- d-----w- f:\documents and settings\Priesha\Application Data\Uniblue
2010-06-23 04:51 . 2009-11-09 21:46 -------- d-----w- f:\program files\Google
2010-06-22 18:49 . 2009-11-17 03:02 1324 ----a-w- f:\windows\system32\d3d9caps.dat
2010-06-21 17:55 . 2009-12-06 23:01 -------- d-----w- f:\documents and settings\Priesha\Application Data\BitTorrent
2010-06-12 12:18 . 2009-12-15 23:11 -------- d-----w- f:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-07 15:14 . 2009-11-17 03:25 -------- d-----w- f:\program files\Microsoft Silverlight
2010-06-01 06:58 . 2010-04-04 11:04 -------- d-----w- f:\program files\Britannica 10.0
2010-06-01 04:46 . 2009-12-08 01:55 -------- d-----w- f:\documents and settings\Priesha\Application Data\vlc
2010-05-30 02:21 . 2009-12-07 00:23 -------- d-----w- f:\documents and settings\Priesha\Application Data\Vso
2010-05-20 04:34 . 2009-12-08 04:55 -------- d-----w- f:\documents and settings\Priesha\Application Data\dvdcss
2010-05-06 10:41 . 2006-03-15 12:00 916480 ----a-w- f:\windows\system32\wininet.dll
2010-05-05 08:14 . 2009-11-09 07:28 97549 ----a-w- f:\windows\system32\drivers\klick.dat
2010-05-05 08:14 . 2009-11-09 07:28 113933 ----a-w- f:\windows\system32\drivers\klin.dat
2010-05-04 19:37 . 2010-05-04 19:37 73000 ----a-w- f:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-02 05:22 . 2006-03-15 12:00 1851264 ----a-w- f:\windows\system32\win32k.sys
2010-04-21 21:54 . 2009-12-13 04:23 93096 ----a-w- f:\windows\system32\IncContxMenu.dll
2010-04-21 21:54 . 2009-12-13 04:23 2316712 ----a-w- f:\windows\system32\Incinerator.dll
2010-04-20 05:30 . 2006-03-15 12:00 285696 ----a-w- f:\windows\system32\atmfd.dll
2010-04-15 00:00 . 2010-05-05 20:07 10934656 ----a-w- f:\documents and settings\All Users\Application Data\iolo\System Shield\SSEngineUpd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="f:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2005-02-26 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="f:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"googletalk"="f:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"LogitechCommunicationsManager"="f:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="f:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"ElbyCheckAnyDVD"="f:\program files\SlySoft\AnyDVD\ElbyCheck.exe" [2003-09-20 45056]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-08 185896]
"nmctxth"="f:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SMSTray"="f:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-24 126976]
"MAAgent"="f:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-31 57344]
"AppleSyncNotifier"="f:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"NeroFilterCheck"="f:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

f:\documents and settings\Priesha\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - f:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
setup_9.0.0.722_28.06.2010_23-45.lnk - f:\documents and settings\Priesha\Desktop\Virus Removal Tool\setup_9.0.0.722_28.06.2010_23-45\startup.exe [2010-6-28 72208]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - f:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-12-21 67128]
Nike+ Utility.lnk - f:\program files\Nike+ Utility\Nike+ Utility.exe [2008-4-30 1228800]
Windows Search.lnk - f:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "f:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf f:\documents and settings\Priesha\Application Data\iolo"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\BitTorrent\\bittorrent.exe"=
"f:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"f:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"f:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"f:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 klbg;Kaspersky Lab Boot Guard Driver;f:\windows\system32\drivers\klbg.sys [10/14/2009 10:18 PM 36880]
R2 ioloFileInfoList;iolo FileInfoList Service;f:\program files\iolo\Common\Lib\ioloServiceManager.exe [12/12/2009 9:23 PM 704432]
R2 ioloSystemService;iolo System Service;f:\program files\iolo\Common\Lib\ioloServiceManager.exe [12/12/2009 9:23 PM 704432]
R2 WMP300NSvc;WMP300NSvc;f:\program files\Linksys\WMP300N\WLService.exe [11/15/2009 9:14 PM 53307]
R3 klmouflt;Kaspersky Lab KLMOUFLT;f:\windows\system32\drivers\klmouflt.sys [10/2/2009 8:39 PM 19472]
R3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;f:\windows\system32\drivers\WMP300Nv1.sys [11/15/2009 9:14 PM 822400]
S2 gupdate;Google Update Service (gupdate);f:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 12:55 AM 135664]
S2 LinksysUpdater;Linksys Updater;f:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 12:43 PM 204800]
S3 BS_DEF;BS_DEF;f:\windows\BS_DEF.sys [6/28/2010 11:45 AM 48035]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;f:\windows\system32\DRIVERS\klim5.sys --> f:\windows\system32\DRIVERS\klim5.sys [?]
S3 UCharger;Energizer Usb Charger Driver;f:\windows\system32\drivers\UCharger.sys [5/15/2007 8:43 AM 13765]
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-07-09 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 07:55]

2010-07-09 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 07:55]

2010-07-09 f:\windows\Tasks\User_Feed_Synchronization-{ABC29F50-9396-45B7-9645-240548896218}.job
- f:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - f:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - f:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.ca/s/v/61.17/uploader2.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
f:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2448)
f:\windows\system32\WININET.dll
f:\windows\system32\nview.dll
f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
f:\program files\MarkAny\ContentSafer\MaCSProHook.DLL
f:\program files\Windows Desktop Search\deskbar.dll
f:\program files\Windows Desktop Search\en-us\dbres.dll.mui
f:\program files\Windows Desktop Search\dbres.dll
f:\program files\Windows Desktop Search\wordwheel.dll
f:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
f:\program files\Windows Desktop Search\msnlExtRes.dll
f:\windows\system32\msi.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\webcheck.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-09 11:35:06
ComboFix-quarantined-files.txt 2010-07-09 18:35
ComboFix2.txt 2010-07-06 23:25
ComboFix3.txt 2010-06-23 23:28
ComboFix4.txt 2010-06-23 22:57
ComboFix5.txt 2010-07-09 18:28

Pre-Run: 274,992,406,528 bytes free
Post-Run: 274,978,353,152 bytes free

- - End Of File - - 053D37E6B765A541ECAAE3D6B19B7CB7
thks and apprecitae your help
geet
  • 0

#15
mpascal
Posted 10 July 2010 - 12:49 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

Can you maybe try reinstalling Internet Explorer and see if that fixes it? You could also try another browser such as Mozilla Firefox or Google Chrome as well, they've been known to be more secure than Internet Explorer.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP