Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

suspicous matters happen on my pc


  • This topic is locked This topic is locked

#1
asduskun

asduskun

    Member

  • Member
  • PipPip
  • 31 posts
hi all

i want to explain my issue with an example. For example i m writing a post for somewhere on internet, when i m somewhere in writing the cursor goes back somewhere and it messes up my post or whatever i m writing or it goes back somewhere in my writing and selects some words and deletes it completely...what might be the reason for this problem? it is not related to touchpad i m sure i don t touch anywhere on it, even if i touch it shouldn t delete my writing...and below are my OTL results

OTL logfile created on: 3/27/2011 11:15:30 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\NAime\Downloads\Programs
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 179.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 39.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 20.25 Gb Free Space | 41.48% Space Free | Partition Type: NTFS
Drive D: | 62.95 Gb Total Space | 4.31 Gb Free Space | 6.85% Space Free | Partition Type: NTFS

Computer Name: NAIME-PC | User Name: NAime | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/27 23:11:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\NAime\Downloads\Programs\OTL.exe
PRC - [2011/03/17 17:31:44 | 003,278,232 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2011/01/14 09:56:38 | 004,904,232 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
PRC - [2011/01/14 09:56:36 | 001,294,848 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/01/08 01:48:12 | 000,108,080 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2011/01/08 01:46:06 | 000,271,408 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2011/01/05 21:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/12/12 18:13:33 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/15 21:42:14 | 000,326,704 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/05/25 18:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/12/25 17:43:40 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
PRC - [2009/12/25 17:42:48 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
PRC - [2009/12/21 18:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009/10/31 08:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 04:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 04:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/03/19 03:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (SafeList) ==========

MOD - [2011/03/27 23:11:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\NAime\Downloads\Programs\OTL.exe
MOD - [2010/08/21 08:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/14 09:56:36 | 001,294,848 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011/01/08 01:48:18 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011/01/08 01:46:06 | 000,271,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2011/01/05 21:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/10/15 21:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/06/26 16:05:50 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/12/25 17:43:40 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)
SRV - [2009/12/21 18:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/03/22 02:15:50 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/03/17 18:52:34 | 000,086,280 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2010/09/22 22:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/09/22 22:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/12/14 13:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\CSCrySec.sys -- (CSCrySec)
DRV - [2009/12/14 13:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\klbg.sys -- (KLBG)
DRV - [2009/10/02 19:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/14 04:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 04:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 04:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 02:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 01:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/03/06 11:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/25 02:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/08/01 11:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/05/16 20:47:44 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://tr.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 14 AB FB 83 E8 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com.tr"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.192
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 18:13:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/11 12:33:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011/03/22 02:17:04 | 000,000,000 | ---D | M]

[2010/10/09 14:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NAime\AppData\Roaming\Mozilla\Extensions
[2010/10/09 14:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NAime\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/03/27 22:43:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NAime\AppData\Roaming\Mozilla\Firefox\Profiles\puxabu1w.default\extensions
[2011/03/21 22:59:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\NAime\AppData\Roaming\Mozilla\Firefox\Profiles\puxabu1w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/09 15:17:40 | 000,002,427 | ---- | M] () -- C:\Users\NAime\AppData\Roaming\Mozilla\Firefox\Profiles\puxabu1w.default\searchplugins\askcom.xml
[2010/10/12 19:55:04 | 000,001,819 | ---- | M] () -- C:\Users\NAime\AppData\Roaming\Mozilla\Firefox\Profiles\puxabu1w.default\searchplugins\bing.xml
[2011/03/23 18:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/28 13:11:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/19 15:48:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/12 14:36:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/05 17:50:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/21 21:44:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/23 18:50:56 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/03/22 02:18:35 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/03/22 02:20:29 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\NAIME\APPDATA\ROAMING\IDM\IDMMZCC3
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/10 02:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/09/15 00:21:23 | 000,001,182 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-tr.xml

O1 HOSTS File: ([2011/03/21 23:28:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [AutoKMS] C:\Windows\AutoKMS.exe ()
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\NAime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.140.21.129 193.140.21.100
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/24 19:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2011/03/24 01:11:33 | 000,000,000 | ---D | C] -- C:\Users\NAime\Desktop\htdocs
[2011/03/23 21:29:28 | 000,000,000 | ---D | C] -- C:\Users\NAime\AppData\Roaming\Synaptics
[2011/03/23 19:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/03/23 19:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe
[2011/03/23 19:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2011/03/23 19:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/03/23 19:51:05 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPCo5.dll
[2011/03/23 19:50:01 | 000,000,000 | ---D | C] -- C:\Users\NAime\AppData\Roaming\SystemRequirementsLab
[2011/03/23 18:51:02 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2011/03/23 18:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2011/03/23 18:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2011/03/22 02:20:50 | 000,000,000 | ---D | C] -- C:\Users\NAime\Desktop\smf_2-0-rc5_upgrade
[2011/03/22 02:20:16 | 000,000,000 | ---D | C] -- C:\Users\NAime\AppData\Roaming\IDM
[2011/03/22 02:20:14 | 000,000,000 | ---D | C] -- C:\Users\NAime\AppData\Roaming\DMCache
[2011/03/22 02:20:02 | 000,000,000 | ---D | C] -- C:\Users\NAime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2011/03/22 02:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2011/03/22 02:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2011/03/22 02:17:10 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys
[2011/03/22 02:17:10 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
[2011/03/22 02:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch
[2011/03/22 02:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE
[2011/03/22 02:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/03/22 02:15:50 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/03/22 02:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/03/22 02:07:41 | 004,352,544 | ---- | C] (Tonec Inc.) -- C:\Users\NAime\Desktop\idman605.exe
[2011/03/22 02:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/21 23:55:48 | 000,000,000 | ---D | C] -- C:\Users\NAime\AppData\Roaming\FileZilla
[2011/03/21 23:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/03/21 23:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/03/21 23:35:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/21 23:34:51 | 000,000,000 | ---D | C] -- C:\Users\NAime\AppData\Local\temp
[2011/03/21 23:28:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/21 23:16:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/21 23:16:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/21 23:16:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/21 23:16:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/21 23:16:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/21 23:15:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/21 23:15:48 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/03/17 18:55:45 | 000,086,280 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2011/03/06 22:59:33 | 000,000,000 | ---D | C] -- C:\Users\NAime\Desktop\paz.yön

========== Files - Modified Within 30 Days ==========

[2011/03/27 23:31:24 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-255813070-510787008-604792916-1000UA.job
[2011/03/27 22:01:12 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/27 22:01:12 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/27 21:56:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/27 21:56:00 | 603,131,904 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/26 20:50:08 | 000,000,735 | ---- | M] () -- C:\Users\NAime\Desktop\.HTACCESS.rar
[2011/03/26 12:58:23 | 002,518,226 | ---- | M] () -- C:\Users\NAime\Desktop\2010-07-04_before_ModHidePost.tar.gz
[2011/03/26 12:31:03 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-255813070-510787008-604792916-1000Core.job
[2011/03/26 00:41:46 | 000,067,266 | ---- | M] () -- C:\Users\NAime\Desktop\ModHidePost.zip
[2011/03/24 00:17:32 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011/03/24 00:17:32 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011/03/23 19:55:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/03/23 19:52:38 | 000,002,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2011/03/23 18:52:31 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
[2011/03/22 14:49:24 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/22 14:49:23 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/22 02:18:53 | 002,766,084 | ---- | M] () -- C:\Users\NAime\Desktop\smf_2-0-rc5_upgrade.zip
[2011/03/22 02:15:50 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/03/22 02:10:00 | 004,352,544 | ---- | M] (Tonec Inc.) -- C:\Users\NAime\Desktop\idman605.exe
[2011/03/22 00:03:19 | 000,019,638 | ---- | M] () -- C:\Users\NAime\Desktop\repair_settings.php
[2011/03/21 23:55:14 | 004,251,204 | ---- | M] () -- C:\Users\NAime\Desktop\FileZilla_3.3.5.1_win32-setup.exe
[2011/03/21 23:28:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/21 23:14:39 | 004,298,593 | R--- | M] () -- C:\Users\NAime\Desktop\ComboFix.exe
[2011/03/21 23:12:00 | 006,015,960 | ---- | M] () -- C:\Users\NAime\Desktop\HSS-1.57-tamindir.exe
[2011/03/17 18:52:34 | 000,086,280 | ---- | M] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys

========== Files Created - No Company Name ==========

[2011/03/26 20:50:08 | 000,000,735 | ---- | C] () -- C:\Users\NAime\Desktop\.HTACCESS.rar
[2011/03/26 12:57:20 | 002,518,226 | ---- | C] () -- C:\Users\NAime\Desktop\2010-07-04_before_ModHidePost.tar.gz
[2011/03/26 00:41:43 | 000,067,266 | ---- | C] () -- C:\Users\NAime\Desktop\ModHidePost.zip
[2011/03/23 19:55:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/03/23 19:52:38 | 000,002,669 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2011/03/23 18:52:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/03/22 02:17:59 | 000,114,243 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/03/22 02:17:59 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/03/22 02:02:26 | 002,766,084 | ---- | C] () -- C:\Users\NAime\Desktop\smf_2-0-rc5_upgrade.zip
[2011/03/22 00:03:18 | 000,019,638 | ---- | C] () -- C:\Users\NAime\Desktop\repair_settings.php
[2011/03/21 23:52:54 | 004,251,204 | ---- | C] () -- C:\Users\NAime\Desktop\FileZilla_3.3.5.1_win32-setup.exe
[2011/03/21 23:16:35 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/21 23:16:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/21 23:16:35 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/21 23:16:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/21 23:16:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/21 23:11:22 | 004,298,593 | R--- | C] () -- C:\Users\NAime\Desktop\ComboFix.exe
[2011/03/21 23:07:12 | 006,015,960 | ---- | C] () -- C:\Users\NAime\Desktop\HSS-1.57-tamindir.exe
[2011/02/01 23:28:47 | 000,012,920 | ---- | C] () -- C:\Windows\System32\apl001.sys
[2011/02/01 23:28:47 | 000,010,872 | ---- | C] () -- C:\Windows\System32\apf001.sys
[2010/12/06 16:30:30 | 000,615,936 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2010/12/06 16:30:30 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2010/11/10 22:55:57 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/09/29 17:45:42 | 001,156,876 | ---- | C] () -- C:\Users\NAime\AppData\Roaming\UserTile.png
[2010/06/26 23:31:38 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 07:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 07:33:53 | 000,411,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 05:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 05:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 05:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 05:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 05:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 05:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 03:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 02:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 02:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2011/03/27 01:06:03 | 000,000,000 | ---D | M] -- C:\Users\NAime\AppData\Roaming\DMCache
[2011/03/27 00:36:21 | 000,000,000 | ---D | M] -- C:\Users\NAime\AppData\Roaming\FileZilla
[2011/03/27 23:29:45 | 000,000,000 | ---D | M] -- C:\Users\NAime\AppData\Roaming\IDM
[2011/02/01 13:26:10 | 000,000,000 | ---D | M] -- C:\Users\NAime\AppData\Roaming\Softinterface, Inc
[2011/03/23 21:29:28 | 000,000,000 | ---D | M] -- C:\Users\NAime\AppData\Roaming\Synaptics
[2011/03/23 19:50:06 | 000,000,000 | ---D | M] -- C:\Users\NAime\AppData\Roaming\SystemRequirementsLab
[2010/10/11 11:14:56 | 000,000,000 | ---D | M] -- C:\Users\NAime\AppData\Roaming\uTorrent
[2011/02/01 14:51:11 | 000,000,000 | ---D | M] -- C:\Users\NAime\AppData\Roaming\YCanPDF
[2010/08/04 20:36:13 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2011/03/11 09:12:57 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by asduskun, 27 March 2011 - 03:43 PM.

  • 0

Advertisements


#2
asduskun

asduskun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
will somebody help?
  • 0

#3
asduskun

asduskun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
it has been 2 days and still no help! but you say you help!!!!
  • 0

#4
Tomk

Tomk

    Trusted Helper

  • Malware Removal
  • 211 posts
Hi asduskun,

Welcome to Posted Image

Sorry for the delay. As you can see the forum is a busy place.

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Double click on OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Processes

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
  • Reboot your computer
Please post the OTL log.

It looks like you've ran ComboFix. Please look for the log file found at C:\combofix.txt and post the contents.
  • 0

#5
asduskun

asduskun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi below is my otl results after running the fix

All processes killed
========== PROCESSES ==========
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
C:\autoexec.bat moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 12288337 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 21662570 bytes
->Flash cache emptied: 57166 bytes
 
User: NAime
->Temp folder emptied: 26647376 bytes
->Temporary Internet Files folder emptied: 9977750 bytes
->Java cache emptied: 786543 bytes
->FireFox cache emptied: 70428765 bytes
->Flash cache emptied: 3157 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1629339 bytes
RecycleBin emptied: 1279 bytes
 
Total Files Cleaned = 137.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 03302011_172021

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

and below is my combofix results i ran before

ComboFix 11-03-21.01 - NAime 03/21/2011  22:19:05.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.767.190 [GMT 2:00]
Running from: c:\users\NAime\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\NAime\AppData\Local\Bron.tok-10-1
c:\users\NAime\AppData\Local\Bron.tok-10-10
c:\users\NAime\AppData\Local\Bron.tok-10-2
c:\users\NAime\AppData\Local\Bron.tok-10-22
c:\users\NAime\AppData\Local\Bron.tok-10-23
c:\users\NAime\AppData\Local\Bron.tok-10-24
c:\users\NAime\AppData\Local\Bron.tok-10-25
c:\users\NAime\AppData\Local\Bron.tok-10-26
c:\users\NAime\AppData\Local\Bron.tok-10-27
c:\users\NAime\AppData\Local\Bron.tok-10-28
c:\users\NAime\AppData\Local\Bron.tok-10-29
c:\users\NAime\AppData\Local\Bron.tok-10-3
c:\users\NAime\AppData\Local\Bron.tok-10-30
c:\users\NAime\AppData\Local\Bron.tok-10-31
c:\users\NAime\AppData\Local\Bron.tok-10-4
c:\users\NAime\AppData\Local\Bron.tok-10-5
c:\users\NAime\AppData\Local\Bron.tok-10-6
c:\users\NAime\AppData\Local\Bron.tok-10-7
c:\users\NAime\AppData\Local\Bron.tok-10-8
c:\users\NAime\AppData\Local\Bron.tok-10-9
c:\users\NAime\AppData\Local\Bron.tok.A10.em.bin
c:\users\NAime\AppData\Local\csrss.exe
c:\users\NAime\AppData\Local\Kosong.Bron.Tok.txt
c:\users\NAime\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0EE8E16D-0352-4D70-9EAF-D91CD975FC7E}.xps
c:\users\NAime\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B8DA1098-EE29-4F1B-BFC2-C0738DF03053}.xps
c:\users\NAime\AppData\Roaming\Microsoft\Windows\Templates\WowTumpeh.com
C:\Win
c:\win\lsass.exe
c:\win\names.txt
.
.
(((((((((((((((((((((((((   Files Created from 2011-02-21 to 2011-03-21  )))))))))))))))))))))))))))))))
.
.
2011-03-21 20:15 . 2011-03-21 20:16	--------	d-----w-	C:\32788R22FWJFW
2011-03-09 10:36 . 2010-12-23 05:28	850432	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 10:36 . 2010-12-23 05:28	642048	----a-w-	c:\windows\system32\CPFilters.dll
2011-03-09 10:36 . 2010-12-23 05:28	534528	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 10:36 . 2010-12-23 05:24	199680	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 10:35 . 2010-12-18 05:30	2690560	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 10:35 . 2010-12-18 05:26	1034240	----a-w-	c:\windows\system32\mstsc.exe
2011-02-21 19:23 . 2011-02-21 19:23	--------	d-----w-	c:\program files\Common Files\Java
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 05:45 . 2011-02-10 17:06	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 19:40 . 2010-06-28 10:11	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-02-01 20:28 . 2011-02-01 20:28	12920	----a-w-	c:\windows\system32\apl001.sys
2011-02-01 20:28 . 2011-02-01 20:28	10872	----a-w-	c:\windows\system32\apf001.sys
2011-01-13 09:41 . 2011-02-08 12:22	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{76CFC372-15AA-45D0-AFDD-5E31EC98615A}\mpengine.dll
2011-01-07 07:27 . 2011-02-10 17:07	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-10 17:07	294400	----a-w-	c:\windows\system32\atmfd.dll
2011-01-05 05:37 . 2011-02-10 17:07	428032	----a-w-	c:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-10 17:07	2329088	----a-w-	c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
.
[-] 2010-06-26 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\users\NAime\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-03 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AutoKMS"="c:\windows\AutoKMS.exe" [2010-12-06 615936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\NAime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 apf001;apf001;c:\program files\SoftnyxGame\WolfTeamTS\apf001.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S4 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
S4 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CSCrySec
*Deregistered* - CSVirtualDiskDrv
*Deregistered* - KLIM6
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-255813070-510787008-604792916-1000Core.job
- c:\users\NAime\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-03 11:21]
.
2011-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-255813070-510787008-604792916-1000UA.job
- c:\users\NAime\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-03 11:21]
.
2010-08-04 c:\windows\Tasks\Install.job
- c:\windows\System32\Macromed\Shockwave 10\nssstub.exe [2010-08-04 15:46]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\NAime\AppData\Roaming\Mozilla\Firefox\Profiles\puxabu1w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com.tr
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-21  22:34:43
ComboFix-quarantined-files.txt  2011-03-21 20:34
.
Pre-Run: 21,735,301,120 bytes free
Post-Run: 23,960,588,288 bytes free
.
- - End Of File - - 1423F05548E5BC40358300E6D5C2A775

  • 0

#6
Tomk

Tomk

    Trusted Helper

  • Malware Removal
  • 211 posts
asduskun,

It looks like ComboFix took care of a nasty Brontok infection. This could have been partly responsible for your issues... and it is likely that you sent out a bunch of spam emails.

It is somewhat interesting that it got onto your system. Your Kaspersky anti-virus should have taken care of it. :D

Let's run another tool.

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

  • 0

#7
asduskun

asduskun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
hi here are my results

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6208

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/30/2011 9:24:09 PM
mbam-log-2011-03-30 (21-24-09).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 235024
Time elapsed: 35 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

  • 0

#8
Tomk

Tomk

    Trusted Helper

  • Malware Removal
  • 211 posts
Are your "issues" still happening?

Let's get an online scan.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#9
asduskun

asduskun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
hi back this is my eset and yes once i had one of the symptops i used to get

C:\Program Files\Hotspot Shield\bin\openvpnas.exe	a variant of Win32/HotSpotShield application
C:\Users\NAime\Desktop\HSS-1.57-tamindir.exe	a variant of Win32/HotSpotShield application
C:\Users\NAime\Downloads\Compressed\u.zip	a variant of Win32/Packed.Themida application
C:\Users\NAime\Downloads\Compressed\u\u1006.exe	a variant of Win32/Packed.Themida application
D:\NAIME-PC\Backup Set 2010-07-26 203025\Backup Files 2011-03-27 220643\Backup files 2.zip	a variant of Win32/HotSpotShield application

  • 0

#10
Tomk

Tomk

    Trusted Helper

  • Malware Removal
  • 211 posts
asduskun,

Ok... you have a couple decisions to make. Hotspot Shield reportedly can have some tracking capabilities. I'm not sure that I would call it malware, but it is questionable. It is kind of interesting that it does this seeing as how it is supposed to protect you from others tracking you. Some people love it... so it is up to you whether or not you want to remove it.

The other item, Themida, is a program that was developed to "hide" programs... specifically some business programs. The thing is that malware can also use it to hide from Anti-virus scanners. I don't know why you have it installed. I guess I'd suggest we remove it... but it is up to you.

Let me know how you'd like to proceed.
  • 0

Advertisements


#11
asduskun

asduskun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
i haven t installed a program called themida it may have been installed by means of, through other program installations, is it possible? i want to remove it but how? where is it?
  • 0

#12
Tomk

Tomk

    Trusted Helper

  • Malware Removal
  • 211 posts
It would appear that it was installed with a program called U.zip. I can give you a script to remove it.

How about the Hotspot Shield?
  • 0

#13
asduskun

asduskun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
let s make it stay...is it harmful? i need it...about the other one give me the script
  • 0

#14
Tomk

Tomk

    Trusted Helper

  • Malware Removal
  • 211 posts
asduskun,

Harmful is probably a little strong. It gets flagged by some scanners because apparently it tracks your online usage. Many people are uncomfortable with anybody "keeping tabs" on what they do or where they go.

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    File::
    C:\Users\NAime\Downloads\Compressed\u.zip
    
    Folder::
    C:\32788R22FWJFW
    C:\Users\NAime\Downloads\Compressed\u
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
  • 0

#15
asduskun

asduskun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
you know what happened just now? when i m online on firefox and when i was writing something on address bar it opened a new tab by itself!!! below is my combofix report

ComboFix 11-03-21.01 - NAime 03/31/2011  22:46:03.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.767.303 [GMT 3:00]
Running from: c:\users\NAime\Desktop\ComboFix.exe
Command switches used :: c:\users\NAime\Desktop\CFScript.txt
AV: Kaspersky PURE *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky PURE *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky PURE *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
FILE ::
"c:\users\NAime\Downloads\Compressed\u.zip"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\NAime\Downloads\Compressed\u
c:\users\NAime\Downloads\Compressed\u.zip
c:\users\NAime\Downloads\Compressed\u\u.ini
c:\users\NAime\Downloads\Compressed\u\u1006.exe
c:\users\NAime\Downloads\Compressed\u\utmp\~dcjlcdmpxmi4d7k
.
.
(((((((((((((((((((((((((   Files Created from 2011-02-28 to 2011-03-31  )))))))))))))))))))))))))))))))
.
.
2011-03-31 19:47 . 2011-03-31 19:48	--------	d-----w-	c:\users\NAime\AppData\Local\temp
2011-03-31 19:47 . 2011-03-31 19:47	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-03-31 19:47 . 2011-03-31 19:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-31 18:19 . 2011-03-31 18:19	--------	d-----w-	c:\programdata\Nokia
2011-03-31 17:47 . 2011-03-31 18:15	--------	d-----w-	c:\users\NAime\AppData\Local\Nokia
2011-03-31 17:47 . 2011-03-31 18:16	--------	d-----w-	c:\programdata\PC Suite
2011-03-31 17:47 . 2011-03-31 18:18	--------	d-----w-	c:\users\NAime\AppData\Roaming\PC Suite
2011-03-31 17:44 . 2011-03-31 17:45	--------	d-----w-	c:\program files\Common Files\Nokia
2011-03-31 17:44 . 2011-03-31 17:44	--------	d-----w-	c:\program files\DIFX
2011-03-31 17:44 . 2008-08-26 06:26	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys
2011-03-31 17:44 . 2011-03-31 17:44	--------	d-----w-	c:\program files\PC Connectivity Solution
2011-03-31 17:43 . 2010-07-30 11:17	75264	----a-w-	c:\windows\system32\nmwcdcls.dll
2011-03-31 17:37 . 2011-03-31 17:44	--------	d-----w-	c:\program files\Nokia
2011-03-31 07:00 . 2011-03-31 07:00	--------	d-----w-	c:\program files\ESET
2011-03-30 17:29 . 2010-12-20 15:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-30 17:29 . 2011-03-30 17:29	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-03-30 17:29 . 2010-12-20 15:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-30 16:46 . 2011-03-30 16:46	--------	d-----w-	c:\users\NAime\AppData\Roaming\Malwarebytes
2011-03-30 16:44 . 2011-03-30 16:44	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-30 14:20 . 2011-03-30 14:20	--------	d-----w-	C:\_OTL
2011-03-28 11:25 . 2011-03-28 11:25	--------	d-----w-	c:\users\NAime\AppData\Roaming\dvdcss
2011-03-24 17:38 . 2010-02-11 07:10	293376	----a-w-	c:\windows\system32\browserchoice.exe
2011-03-24 16:03 . 2011-03-24 16:03	--------	d-----w-	c:\programdata\hssff
2011-03-23 18:29 . 2011-03-23 18:29	--------	d-----w-	c:\users\NAime\AppData\Roaming\Synaptics
2011-03-23 16:55 . 2011-03-23 16:55	--------	d-----w-	c:\program files\SystemRequirementsLab
2011-03-23 16:52 . 2011-03-23 19:54	--------	d-----w-	c:\programdata\Synaptics
2011-03-23 16:52 . 2011-03-23 16:54	--------	d-----w-	c:\program files\Synaptics
2011-03-23 16:51 . 2010-12-22 18:18	169256	----a-w-	c:\windows\system32\SynTPAPI.dll
2011-03-23 16:51 . 2010-12-22 18:18	120104	----a-w-	c:\windows\system32\SynTPCo5.dll
2011-03-23 16:51 . 2010-12-22 18:18	218408	----a-w-	c:\windows\system32\SynCtrl.dll
2011-03-23 16:51 . 2010-12-22 18:18	173352	----a-w-	c:\windows\system32\SynCOM.dll
2011-03-23 16:51 . 2009-08-07 07:49	1461992	----a-w-	c:\windows\system32\WdfCoInstaller01009.dll
2011-03-23 16:51 . 2010-12-22 18:20	1321904	----a-w-	c:\windows\system32\drivers\SynTP.sys
2011-03-23 16:50 . 2011-03-23 16:50	--------	d-----w-	c:\users\NAime\AppData\Roaming\SystemRequirementsLab
2011-03-23 15:51 . 2011-03-23 15:53	--------	d-----w-	C:\Hotspot Shield
2011-03-23 15:50 . 2010-11-04 18:43	506880	----a-w-	c:\program files\Mozilla Firefox\extensions\[email protected]\components\afurladvisor.dll
2011-03-23 15:50 . 2011-03-23 15:53	--------	d-----w-	c:\program files\Hotspot Shield
2011-03-21 23:20 . 2011-03-31 11:30	--------	d-----w-	c:\users\NAime\AppData\Roaming\IDM
2011-03-21 23:20 . 2011-03-31 19:48	--------	d-----w-	c:\users\NAime\AppData\Roaming\DMCache
2011-03-21 23:19 . 2011-03-21 23:20	--------	d-----w-	c:\program files\Internet Download Manager
2011-03-21 23:18 . 2009-12-25 14:42	162320	----a-w-	c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
2011-03-21 23:17 . 2011-03-23 21:17	97859	----a-w-	c:\windows\system32\drivers\klick.dat
2011-03-21 23:17 . 2011-03-23 21:17	114243	----a-w-	c:\windows\system32\drivers\klin.dat
2011-03-21 23:17 . 2009-12-14 10:44	88632	----a-w-	c:\windows\system32\drivers\CSCrySec.sys
2011-03-21 23:17 . 2009-12-14 10:44	39352	----a-w-	c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-03-21 23:16 . 2011-03-21 23:16	--------	d-----w-	c:\program files\Common Files\InfoWatch
2011-03-21 23:16 . 2011-03-21 23:16	--------	d-----w-	c:\program files\Kaspersky Lab
2011-03-21 23:10 . 2011-03-21 23:10	--------	d-----w-	c:\programdata\Kaspersky Lab Setup Files
2011-03-21 23:03 . 2011-03-21 23:03	--------	d-----w-	c:\program files\CCleaner
2011-03-21 20:55 . 2011-03-30 17:12	--------	d-----w-	c:\users\NAime\AppData\Roaming\FileZilla
2011-03-21 20:55 . 2011-03-21 20:55	--------	d-----w-	c:\program files\FileZilla FTP Client
2011-03-17 15:55 . 2011-03-17 15:52	86280	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2011-03-09 10:36 . 2010-12-23 05:28	850432	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 10:36 . 2010-12-23 05:28	642048	----a-w-	c:\windows\system32\CPFilters.dll
2011-03-09 10:36 . 2010-12-23 05:28	534528	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 10:36 . 2010-12-23 05:24	199680	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 10:35 . 2010-12-18 05:30	2690560	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 10:35 . 2010-12-18 05:26	1034240	----a-w-	c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 05:45 . 2011-02-10 17:06	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 19:40 . 2010-06-28 10:11	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-02-01 20:28 . 2011-02-01 20:28	12920	----a-w-	c:\windows\system32\apl001.sys
2011-02-01 20:28 . 2011-02-01 20:28	10872	----a-w-	c:\windows\system32\apf001.sys
2011-01-13 09:41 . 2011-02-08 12:22	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{76CFC372-15AA-45D0-AFDD-5E31EC98615A}\mpengine.dll
2011-01-07 07:27 . 2011-02-10 17:07	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-10 17:07	294400	----a-w-	c:\windows\system32\atmfd.dll
2011-01-05 05:37 . 2011-02-10 17:07	428032	----a-w-	c:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-10 17:07	2329088	----a-w-	c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
.
[-] 2010-06-26 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 16:23	68216	----a-w-	c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2009-12-25 14:42	129552	----a-w-	c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\users\NAime\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-03 136176]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-03-17 3278232]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-01-31 703360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AutoKMS"="c:\windows\AutoKMS.exe" [2010-12-06 615936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2009-12-25 340456]
.
c:\users\NAime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scrybe.lnk - c:\windows\Installer\{13061CAA-0284-4F9A-B460-3D4699575B35}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-3-23 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 apf001;apf001;c:\program files\SoftnyxGame\WolfTeamTS\apf001.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1343400]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 88632]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 36880]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 39352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-03-17 86280]
S2 ScrybeUpdater;Scrybe Updater;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-01-14 1294848]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-255813070-510787008-604792916-1000Core.job
- c:\users\NAime\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-03 11:21]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-255813070-510787008-604792916-1000UA.job
- c:\users\NAime\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-03 11:21]
.
2010-08-04 c:\windows\Tasks\Install.job
- c:\windows\System32\Macromed\Shockwave 10\nssstub.exe [2010-08-04 15:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\NAime\AppData\Roaming\Mozilla\Firefox\Profiles\puxabu1w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com.tr
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-255813070-510787008-604792916-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3f,08,b4,6d,d4,11,a3,4e,67,19,95,59,d9,13,be,81,0d,e0,89,c4,c8,
   8f,bd,94,e7,48,e7,d2,54,e6,f6,04,dc,63,2f,24,79,59,ee,35,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-255813070-510787008-604792916-1000_Classes\CLSID\{6a7ee310-fbb6-493c-b9ad-0256793b023c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000059
"Therad"=dword:0000000b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-31  22:50:45
ComboFix-quarantined-files.txt  2011-03-31 19:50
ComboFix2.txt  2011-03-21 20:34
.
Pre-Run: 21,081,497,600 bytes free
Post-Run: 21,052,276,736 bytes free
.
- - End Of File - - 7A9B90CEAABDDF9970AB7C28F6410060

Edited by asduskun, 31 March 2011 - 01:55 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP