Internet access not allowed after TDSS rootkit removal

Inactive
By secretassasin69
May 30, 2011
Topic Status:
Not open for further replies.
  1. My hp a6635 PC used to get a few BSODs (i could only boot it in safe mode) they stopped after a while and then it started running very slowly during this time i would be redirected whilst on the internet, i suspect it was an adware tracking cooke. i ran SuperAntiSpyware many times but the cookies still remained.

    After running Malwareytes' it found some problems and cleaned it and then when i ran a kaspersky pure full scan it found a tdss rootkit on my system using tdss killer it got removed.

    Now the PC seems fine but i cannot get on the internet [\b] i've tried different browsers, my pc says it is connected to the internet and my router is fine, there aren't any ip conflicts or anything like that and another clean pc can connect to the internet.

    Please Help Right now i am following the 7 steps and will post results in next post.

    NB. I am the administrator and have full access

    Thanks for any help
  2. secretassasin69

    secretassasin69 Newcomer, in training Topic Starter Posts: 80

    ==================================================================
    MALWARE BYTES' RESULTS
    ==================================================================
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6710

    Windows 6.0.6002 Service Pack 2 (Safe Mode)
    Internet Explorer 8.0.6001.19048

    29/05/2011 10:54:49
    mbam-log-2011-05-29 (10-54-49).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 413140
    Time elapsed: 57 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 17
    Registry Values Infected: 0
    Registry Data Items Infected: 4
    Folders Infected: 0
    Files Infected: 16

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ECDB26B0-CBF4-0EC8-05DB-CEFFCA0AF8FF} (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{ECDB26B0-CBF4-0EC8-05DB-CEFFCA0AF8FF} (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\MPK\MPK.exe,C:\Windows\system32\MPK\MPK.exe,C:\Windows\system32\MPK\MPK.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\programdata\egonusiecuxaxgi.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
    c:\Users\Raj\AppData\Local\Temp\1B9D.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
    c:\Users\Raj\AppData\Local\Temp\8BCD.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
    c:\Users\Raj\AppData\Local\Temp\94C2.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
    c:\Users\Raj\AppData\Local\Temp\9C22.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
    c:\Users\Raj\AppData\Local\Temp\F336.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
    c:\Users\Raj\AppData\Local\Temp\44xfufbb.tmp\errorfix.exe (Rogue.ErrorFix) -> Quarantined and deleted successfully.
    c:\Users\Raj\AppData\Local\Temp\d69mdmq6.tmp\ccproxysetup.exe (PUP.CCProxy) -> Not selected for removal.
    c:\Users\Raj\AppData\Local\Temp\Rar$EX00.850\kemulator\kemulator.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Raj\AppData\Local\Temp\Rar$EX20.909\kemulator\kemulator.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Raj\AppData\LocalLow\Sun\Java\deployment\cache\6.0\56\94f2f78-6f04ecae (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Raj\AppData\Roaming\microsoft\jgexlt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\Raj\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
    c:\Windows\Temp\svhost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    c:\programdata\36626168.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Raj\AppData\Roaming\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    ==================================================================
    HELP PLease? Anyone?
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please follow the additional steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    You have a significant amount of malware on the system, but I do not have enough information yet. Perhaps I can save you from yourself asking you to stop running random programs trying to fix the problem.

    Please stay away from the FunWebSearch and similar sites. You do not get something for nothing! They are happy to put adware and spyware on the system.

    If you are using any file sharing programs are sites, please do not use them while I am helping you.Again, free file sharing really isn't> free!
  4. secretassasin69

    secretassasin69 Newcomer, in training Topic Starter Posts: 80

    Dds log

    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 8.0.6001.19048
    Run by Raj at 16:07:41 on 2011-05-30
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3582.1722 [GMT 1:00]
    .
    AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
    FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\LEXBCES.EXE
    C:\Windows\System32\LEXPPS.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
    C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    C:\Windows\system32\FsUsbExService.Exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Altaro\Oops!Backup\OopsBackup.Service.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
    C:\Program Files\Switcher\Switcher.exe
    C:\Program Files\Altaro\Oops!Backup\OopsBackup.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Altaro\Oops!Backup\OopsBackup.Engine.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\sdclt.exe
    K:\dds.scr
    C:\Windows\system32\WSCRIPT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bbc.co.uk/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=84&bd=Pavilion&pf=cndt
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=84&bd=Pavilion&pf=cndt
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=84&bd=Pavilion&pf=cndt
    mWinlogon: Userinit=Userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky pure\ievkbd.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
    BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [Switcher] "c:\program files\switcher\Switcher.exe" /quiet
    uRun: [Oops!Backup] c:\program files\altaro\oops!backup\OopsBackup.exe AUTOSTART
    uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [NPSStartup]
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure\avp.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html
    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky pure\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    TCP: {83F776CF-6AFD-44E8-A640-222AA9C9262F} = 156.154.70.22,156.154.71.22
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 20609872;20609872 Boot Guard Driver;c:\windows\system32\drivers\20609872.sys [2011-5-22 37392]
    R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2011-5-29 88632]
    R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
    R1 20609871;20609871;c:\windows\system32\drivers\20609871.sys [2011-5-22 128016]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 236600]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 34744]
    R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2011-5-29 39352]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-6 218688]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-7 390528]
    R1 RapportCerberus_26169;RapportCerberus_26169;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-2 57144]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\hp\dvdplay\000.fcl [2008-9-23 61424]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
    R2 AVP;Kaspersky PURE;c:\program files\kaspersky lab\kaspersky pure\avp.exe [2010-10-1 348760]
    R2 CSObjectsSrv;CryptoStorage control service;c:\program files\common files\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-7-27 238952]
    R2 OopsBackup.Service.exe;Oops!Backup Service;c:\program files\altaro\oops!backup\OopsBackup.Service.exe [2011-4-6 22016]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-11-20 240232]
    R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2011-5-1 4096]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-7-27 36608]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.2;c:\windows\system32\drivers\libusb0.sys [2006-5-30 29184]
    R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2008-12-30 53168]
    R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-8-15 552448]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 Ca810av;CA810A WebCam Driver;c:\windows\system32\drivers\Ca810av.sys [2009-9-7 2329216]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-19 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [2007-3-27 92032]
    S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2009-1-10 32512]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2011-5-28 98432]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2011-5-28 14848]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2011-5-28 123648]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
    S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-9-24 19968]
    S4 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
    .
    =============== Created Last 30 ================
    .
    2011-05-30 15:05:31 -------- d-----w- c:\users\raj\appdata\roaming\.
    2011-05-30 15:05:30 -------- d--h--w- C:\VritualRoot
    2011-05-30 15:05:30 -------- d-----w- c:\users\raj\appdata\roaming\..
    2011-05-30 15:05:30 -------- d-----w- c:\users\raj\appdata\local\..
    2011-05-30 15:05:30 -------- d-----w- c:\users\raj\appdata\local\.
    2011-05-30 15:05:30 -------- d-----w- c:\users\raj\..
    2011-05-30 15:05:30 -------- d-----w- c:\users\raj\.
    2011-05-30 15:05:30 -------- d-----w- C:\Users
    2011-05-30 14:47:05 -------- d-----w- c:\users\raj\appdata\local\Adobe
    2011-05-29 13:52:13 97859 ----a-w- c:\windows\system32\drivers\klick.dat
    2011-05-29 13:52:13 115369 ----a-w- c:\windows\system32\drivers\klin.dat
    2011-05-29 13:51:26 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
    2011-05-29 13:51:26 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
    2011-05-29 13:49:21 -------- d-----w- c:\program files\common files\InfoWatch
    2011-05-29 13:49:16 -------- d-----w- c:\program files\Kaspersky Lab
    2011-05-29 13:18:48 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2011-05-29 11:19:22 -------- d-----w- c:\users\raj\appdata\roaming\SUPERAntiSpyware.com
    2011-05-29 11:04:32 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-05-29 08:54:26 -------- d-----w- c:\users\raj\appdata\roaming\Malwarebytes
    2011-05-29 08:54:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 08:54:11 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-29 08:54:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-29 08:54:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-28 12:30:27 98432 ---ha-w- c:\windows\system32\drivers\ss_bbus.sys
    2011-05-28 12:30:27 14848 ---ha-w- c:\windows\system32\drivers\ss_bmdfl.sys
    2011-05-28 12:30:27 12416 ---ha-w- c:\windows\system32\drivers\ss_bcmnt.sys
    2011-05-28 12:30:27 12416 ---ha-w- c:\windows\system32\drivers\ss_bcm.sys
    2011-05-28 12:30:27 123648 ---ha-w- c:\windows\system32\drivers\ss_bmdm.sys
    2011-05-28 12:30:27 12288 ---ha-w- c:\windows\system32\drivers\ss_bwhnt.sys
    2011-05-28 12:30:27 12288 ---ha-w- c:\windows\system32\drivers\ss_bwh.sys
    2011-05-28 12:26:56 -------- d-----w- c:\program files\MarkAny
    2011-05-28 12:03:24 -------- d-----w- c:\users\raj\appdata\local\Downloaded Installations
    2011-05-28 06:37:38 -------- d-----w- c:\users\raj\appdata\roaming\CoreFTP
    2011-05-28 06:37:06 -------- d-----w- c:\program files\CoreFTP
    2011-05-28 06:31:12 -------- d-----w- c:\users\raj\appdata\local\Altaro
    2011-05-28 06:31:01 -------- d-----w- c:\programdata\OopsBackup
    2011-05-28 06:30:57 -------- d-----w- c:\program files\Altaro
    2011-05-26 15:14:37 -------- d-----w- c:\programdata\Samsung
    2011-05-26 06:09:54 -------- d-----w- c:\users\raj\appdata\local\Mango_Enterprise_-_http__
    2011-05-22 15:27:19 -------- d-----w- c:\windows\system32\AGEIA
    2011-05-22 15:27:08 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2011-05-22 07:17:53 37392 ---ha-w- c:\windows\system32\drivers\20609872.sys
    2011-05-22 07:17:53 311312 ---ha-w- c:\windows\system32\drivers\2060987.sys
    2011-05-22 07:17:53 128016 ---ha-w- c:\windows\system32\drivers\20609871.sys
    2011-05-21 18:02:11 -------- d-----w- c:\program files\RegDefense
    2011-05-21 16:35:00 -------- d-----w- c:\users\raj\appdata\roaming\ParetoLogic
    2011-05-21 16:35:00 -------- d-----w- c:\users\raj\appdata\roaming\DriverCure
    2011-05-21 16:34:56 -------- d-----w- c:\programdata\ParetoLogic
    2011-05-21 16:34:56 -------- d-----w- c:\program files\ParetoLogic
    2011-05-21 16:34:56 -------- d-----w- c:\program files\common files\ParetoLogic
    2011-05-21 12:37:10 -------- d-----w- c:\program files\Hide My IP
    2011-05-21 12:11:52 -------- d-----w- c:\users\raj\appdata\local\Media Get LLC
    2011-05-21 12:11:40 -------- d-----w- c:\users\raj\appdata\local\MediaGet2
    2011-05-21 12:06:00 -------- d-----w- c:\users\raj\appdata\local\SKIDROW
    2011-05-19 17:44:14 -------- d-----w- c:\users\raj\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2011-05-18 06:30:18 784136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
    2011-05-11 06:00:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-05-08 07:16:33 -------- d-----w- c:\program files\SystemRequirementsLab
    2011-05-01 13:05:32 -------- d-----w- c:\programdata\Blueberry
    2011-05-01 12:33:34 -------- d-----w- c:\users\raj\appdata\roaming\Blueberry
    2011-05-01 12:31:41 4608 ----a-w- c:\windows\system32\bbchlp.dll
    2011-05-01 12:31:41 4096 ---ha-w- c:\windows\system32\drivers\bbcap.sys
    2011-05-01 12:31:41 30720 ----a-w- c:\windows\system32\bbcap.dll
    2011-05-01 12:31:23 -------- d-----w- c:\users\raj\appdata\roaming\LogSys
    2011-05-01 12:31:22 -------- d-----w- c:\programdata\LogSys
    2011-05-01 12:31:14 -------- d-----w- c:\program files\common files\Blueberry Software
    2011-05-01 12:31:08 -------- d-----w- c:\program files\Blueberry Software
    2011-04-30 16:57:56 -------- d-----w- c:\program files\HyCam2
    .
    ==================== Find3M ====================
    .
    2011-04-28 13:34:50 53816 ---ha-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-04-06 20:49:32 218688 ---ha-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-03-12 21:55:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 15:40:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-03-03 13:35:36 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
    2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    .
    ============= FINISH: 16:12:26.29 ===============
  5. secretassasin69

    secretassasin69 Newcomer, in training Topic Starter Posts: 80

    Attach.txt for DDS

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/10/2008 01:56:24
    System Uptime: 30/05/2011 08:28:48 (8 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | VIOLA
    Processor: AMD Phenom(tm) 8550 Triple-Core Processor | CPU 1 | 1100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 583 GiB total, 382.855 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.749 GiB free.
    E: is CDROM (UDF)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is CDROM ()
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP733: 02/05/2011 11:25:44 - Scheduled Checkpoint
    RP734: 03/05/2011 07:34:57 - Scheduled Checkpoint
    RP736: 03/05/2011 16:47:30 - Installed Rapport
    RP737: 06/05/2011 12:19:19 - Scheduled Checkpoint
    RP738: 10/05/2011 11:17:41 - Scheduled Checkpoint
    RP739: 12/05/2011 17:40:47 - Windows Update
    RP740: 13/05/2011 21:34:59 - Scheduled Checkpoint
    RP741: 14/05/2011 09:51:09 - Scheduled Checkpoint
    RP742: 15/05/2011 09:45:24 - Removed BBC iPlayer Desktop
    RP743: 17/05/2011 12:13:06 - Scheduled Checkpoint
    RP744: 17/05/2011 21:16:45 - Windows Modules Installer
    RP745: 18/05/2011 17:05:32 - Scheduled Checkpoint
    RP746: 21/05/2011 15:34:11 - Scheduled Checkpoint
    RP747: 21/05/2011 16:55:37 - Restore Operation
    RP905: 30/05/2011 13:48:21 - Windows Backup
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    ABBYY FineReader 6.0 Sprint
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Community Help
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Photoshop CS5
    Adobe Reader 8.1.3
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Akamai NetSession Interface
    Any Video Converter 3.1.7
    AOL Toolbar 5.0
    Apple Application Support
    Apple Software Update
    µTorrent
    AutocompletePro
    AviSynth 2.5
    AVS Document Converter 1.0.3
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.3
    BB FlashBack Express
    Belkin F5D8053 N Wireless USB Adapter
    Cards_Calendar_OrderGift_DoMorePlugout
    CDDRV_Installer
    COMODO Internet Security
    Compatibility Pack for the 2007 Office system
    Connect
    Core FTP LE
    Counter-Strike 1.6
    CyberLink DVD Suite Deluxe
    DAEMON Tools Lite
    Driving Test Success - All Tests (2007-2008)
    Driving Test Success - Hazard Perception (2009-2010)
    DVD Play BD
    Enhanced Multimedia Keyboard Solution
    Epson Easy Photo Print 2
    Epson Event Manager
    EPSON Scan
    EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Manual
    EPSON SX600FW Series Printer Uninstall
    EpsonNet Config V3
    erLT
    Geekbench 2.1
    Google SketchUp Pro 8
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Demo
    HP Easy Setup - Frontend
    HP Photosmart Essential 2.5
    HP Photosmart Essential 3.0
    HP Picasso Media Center Add-In
    HP Product Detection
    HP Recovery Manager RSS
    HP Total Care Advisor
    HP Update
    HPAsset component for HP Active Support Library
    HPPhotoSmartPhotobookWebPack1
    Java(TM) SE Runtime Environment 6 Update 1
    Junk Mail filter update
    Kaspersky PURE
    KhalInstallWrapper
    kuler
    LabelPrint
    LibUSB-Win32-0.1.10.1
    LightScribe System Software 1.14.17.1
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Live Add-in 1.5
    Microsoft Office Outlook Connector
    Microsoft Office Standard Edition 2003
    Microsoft Protection Service
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Windows OneCare Live AntiSpyware and AntiVirus
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MioMore Desktop 2
    Mozilla Thunderbird (3.1.9)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My HP Games
    Notepad++
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    Oops!Backup
    PDF Settings CS4
    PDF Settings CS5
    Photoshop Camera Raw
    Power2Go
    PowerDirector
    PSSWCORE
    Python 2.5.2
    Quake Live Mozilla Plugin
    Rapport
    RocketDock 1.3.5
    Safari
    Samsung New PC Studio
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Skype™ 5.1
    Sony Picture Utility
    Sony USB Driver
    Spelling Dictionaries Support For Adobe Reader 8
    Suite Shared Configuration CS4
    SUPERAntiSpyware
    Switcher 2.0.0
    System Requirements Lab CYRI
    Ulead Burn.Now 1.5
    Uninstall 1.0.0.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    USB2.0 2MP UVC Camera
    VideoToolkit01
    VLC media player 1.0.1
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR archiver
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    30/05/2011 15:47:01, Error: MSFWDrv [9] - The device, , did not respond within the timeout period.
    30/05/2011 15:41:56, Error: bowser [8003] - The master browser has received a server announcement from the computer SECRETASSASIN69 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2205C147-47D3-4539-BC31-34. The master browser is stopping or an election is being forced.
    30/05/2011 12:51:39, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
    30/05/2011 12:37:05, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.170.149.194 for the Network Card with network address 001CDF9373F7 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    30/05/2011 12:36:29, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 001CDF9373F7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    30/05/2011 11:29:58, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 001CDF9373F7 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    30/05/2011 08:30:36, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    30/05/2011 08:30:34, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    30/05/2011 08:30:05, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    30/05/2011 08:29:59, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 86.18.141.193:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 81.103.55.233:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 80.6.26.224:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.2.4:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.2.3:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.2.2:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.100.10:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.4:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.3:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.2:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.91.21:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.66.202:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.51.182:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.254.74:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.251.209:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.235.126:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.227.178:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.223.99:63331. The error status code is contained within the returned data.
    30/05/2011 08:29:16, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.204.221:63331. The error status code is contained within the returned data.
    29/05/2011 18:37:37, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: Access is denied.
    29/05/2011 18:37:36, Error: Service Control Manager [7023] - The TPM Base Services service terminated with the following error: Access is denied.
    29/05/2011 18:37:36, Error: Service Control Manager [7023] - The KtmRm for Distributed Transaction Coordinator service terminated with the following error: Access is denied.
    29/05/2011 18:37:34, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {6295DF2D-35EE-11D1-8707-00C04FD93327} as /. The error: "5" Happened while starting this command: C:\Windows\System32\mobsync.exe -Embedding
    29/05/2011 18:37:32, Error: Service Control Manager [7023] - The Windows Font Cache Service service terminated with the following error: Access is denied.
    29/05/2011 18:31:41, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    29/05/2011 18:31:39, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: Windows Font Cache Service is not a valid Win32 application.
    29/05/2011 18:31:38, Error: Service Control Manager [7023] - The Windows Media Center Service Launcher service terminated with the following error: Access is denied.
    29/05/2011 17:28:41, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
    29/05/2011 14:36:11, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Automatic LiveUpdate Scheduler service to connect.
    29/05/2011 13:58:39, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
    29/05/2011 12:30:13, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    29/05/2011 11:37:50, Error: bowser [8003] - The master browser has received a server announcement from the computer SECRETASSASIN69 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CF54F713-18D6-41CB-9BD7-5D. The master browser is stopping or an election is being forced.
    29/05/2011 09:45:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
    29/05/2011 09:44:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    29/05/2011 09:36:22, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    29/05/2011 09:35:34, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
    29/05/2011 09:35:34, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    29/05/2011 09:34:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    29/05/2011 09:34:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    29/05/2011 09:34:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    29/05/2011 09:34:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    29/05/2011 08:39:10, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
    29/05/2011 08:39:10, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    29/05/2011 08:35:24, Error: EventLog [6008] - The previous system shutdown at 08:32:51 on 29/05/2011 was unexpected.
    29/05/2011 08:30:12, Error: EventLog [6008] - The previous system shutdown at 08:27:54 on 29/05/2011 was unexpected.
    28/05/2011 21:22:44, Error: EventLog [6008] - The previous system shutdown at 19:10:50 on 28/05/2011 was unexpected.
    28/05/2011 18:54:13, Error: EventLog [6008] - The previous system shutdown at 18:49:26 on 28/05/2011 was unexpected.
    28/05/2011 13:27:49, Error: Service Control Manager [7030] - The FsUsbExService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    27/05/2011 18:08:09, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.3 with the system having network hardware address 00-00-48-62-28-28. Network operations on this system may be disrupted as a result.
    27/05/2011 07:02:15, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.
    25/05/2011 18:53:55, Error: EventLog [6008] - The previous system shutdown at 18:51:45 on 25/05/2011 was unexpected.
    24/05/2011 20:57:23, Error: Service Control Manager [7001] - The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    24/05/2011 19:28:30, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    24/05/2011 19:28:30, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    24/05/2011 19:20:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    24/05/2011 18:22:02, Error: EventLog [6008] - The previous system shutdown at 18:18:08 on 24/05/2011 was unexpected.
    24/05/2011 18:17:14, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    24/05/2011 18:17:14, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    23/05/2011 11:46:38, Error: EventLog [6008] - The previous system shutdown at 11:43:36 on 23/05/2011 was unexpected.
    23/05/2011 11:43:17, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    23/05/2011 11:43:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    23/05/2011 11:43:16, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
    23/05/2011 11:40:46, Error: EventLog [6008] - The previous system shutdown at 11:37:25 on 23/05/2011 was unexpected.
    23/05/2011 11:36:35, Error: EventLog [6008] - The previous system shutdown at 11:33:37 on 23/05/2011 was unexpected.
    23/05/2011 11:32:15, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Stereoscopic 3D Driver Service service to connect.
    23/05/2011 11:32:15, Error: Service Control Manager [7000] - The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    23/05/2011 11:30:46, Error: EventLog [6008] - The previous system shutdown at 11:27:45 on 23/05/2011 was unexpected.
    23/05/2011 11:26:43, Error: EventLog [6008] - The previous system shutdown at 11:23:02 on 23/05/2011 was unexpected.
    23/05/2011 11:20:19, Error: EventLog [6008] - The previous system shutdown at 11:18:03 on 23/05/2011 was unexpected.
    23/05/2011 11:16:13, Error: EventLog [6008] - The previous system shutdown at 11:13:02 on 23/05/2011 was unexpected.
    23/05/2011 11:12:19, Error: EventLog [6008] - The previous system shutdown at 11:09:13 on 23/05/2011 was unexpected.
    23/05/2011 11:05:30, Error: EventLog [6008] - The previous system shutdown at 11:02:48 on 23/05/2011 was unexpected.
    23/05/2011 11:02:06, Error: EventLog [6008] - The previous system shutdown at 10:59:20 on 23/05/2011 was unexpected.
    20609871 cmdGuard i8042prt RapportKELL SASDIFSV SASKUTIL spldr Wanarpv6
    20609871 cmdGuard i8042prt RapportKELL SASDIFSV SASKUTIL spldr Wanarpv6
    20609871 cmdGuard i8042prt RapportKELL SASDIFSV SASKUTIL spldr Wanarpv6
    .
    ==== End Of File ===========================


    =======================================
    Thanks for letting me know :) and will do also there was a problem with running GMER; is it normal for it to take something around 3 / 4 hours to complete.

    And also what do you think is stopping me from getting on to the internet? I forgot to mention that i had quite a few BSoDs on this pc and i started a thread on that here. I'm not sure but does that have anything to do with this.

    Thanks again for your help
  6. secretassasin69

    secretassasin69 Newcomer, in training Topic Starter Posts: 80

    GMER does not load for me so i have attached the error message and the system properties page because in another forum i read that it does not work for people on Vista Home Premium because it is x64 but my system is a 32 bit but it still doesn't work. GMER does not load even when it is run as administrator.

    Attached Files:

  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please check these programs for contents:

    AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    http://usa.kaspersky.com/products-services/home-computer-security/pure

    SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
    FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
    https://forums.comodo.com/guides-cis/setting-up-defense-for-maximum-security-t30473.0.html

    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    c:\program files\SUPERAntiSpyware
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    c:\program files\trusteer\rapport
    =====================================
    Rule: One antivirus program
    Rule: One firewall
    2 or more antimalware programs
    ===================================
    You are so over-protected that the progrms are fighting to shut you down!!!
    From the Event Viewer:
    20609871 cmdGuard i8042prt RapportKELL SASDIFSV SASKUTIL spldr Wanarpv6
    20609871 cmdGuard i8042prt RapportKELL SASDIFSV SASKUTIL spldr Wanarpv6
    20609871 cmdGuard i8042prt RapportKELL SASDIFSV SASKUTIL spldr Wanarpv6

    cmdGuard is the Comado firewall;;

    The I8042prt.sys is a system function driver found in Microsoft Windows 2000 and later versions for PS/2-style keyboard and mouse devices.

    Rapportkell.sys with description RapportKE is a driver file from company Trusteer Ltd. belonging to product Rapport. Needs to be removed.

    SASDIFSV and SASKUTIL are both Drivers for the Super Antispyware security software.

    spldr is the Security Processor Loader Driver (Microsoft)

    Wanarpv6.sys = Remote Access IPv6 ARP Driver
    =========================================
    Suggest you get the security in order. In attempting to lock others out, you have-literally- locked yourself in. Then we can check for malware. Also suggest you stick to one thread. The problems you have posted in several other threads currently (in last week) are most likely related. Spreading them out over several threads is not going to work!
  8. secretassasin69

    secretassasin69 Newcomer, in training Topic Starter Posts: 80

    ok thanks for your help again so i have now uninstalled comodo av and fw btw what's sp? anyway the internet access is working now i think there may have been conflict between the two programs that stopped me from accessing the internet? GMER still won't work please help!!
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Run these instead:

    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ============================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
  10. secretassasin69

    secretassasin69 Newcomer, in training Topic Starter Posts: 80

    ==========================================================================
    COMBO FIX LOG
    ==========================================================================
    ComboFix 11-05-30.07 - Raj 31/05/2011 7:52.1.3 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3582.2328 [GMT 1:00]
    Running from: c:\users\Raj\AppData\Local\Temp\9357gxlj.tmp\ComboFix.exe
    AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\AutocompletePro
    c:\program files\AutocompletePro\64\AutocompletePro64.dll
    c:\program files\AutocompletePro\AutocompletePro.dll
    c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
    c:\program files\AutocompletePro\FireFoxExtension.exe
    c:\program files\AutocompletePro\InstTracker.exe
    c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
    c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
    c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
    c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
    c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
    c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
    c:\program files\AutocompletePro\support@predictad.com\install.rdf
    c:\program files\AutocompletePro\unins000.dat
    c:\program files\AutocompletePro\unins000.exe
    c:\users\Raj\AppData\Local\{C33DA028-E847-45A0-AB7E-3176C37C55FE}
    c:\users\Raj\AppData\Local\{C33DA028-E847-45A0-AB7E-3176C37C55FE}\chrome.manifest
    c:\users\Raj\AppData\Local\{C33DA028-E847-45A0-AB7E-3176C37C55FE}\chrome\content\_cfg.js
    c:\users\Raj\AppData\Local\{C33DA028-E847-45A0-AB7E-3176C37C55FE}\chrome\content\overlay.xul
    c:\users\Raj\AppData\Local\{C33DA028-E847-45A0-AB7E-3176C37C55FE}\install.rdf
    c:\users\Raj\AppData\Roaming\.#
    c:\users\Raj\AppData\Roaming\Microsoft\AdjMmsVista.dll
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\jusched.exe
    c:\windows\system32\Packet.dll
    c:\windows\system32\WanPacket.dll
    c:\windows\system32\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-31 07:11 . 2011-05-31 07:18 -------- d-----w- c:\users\Raj\AppData\Local\temp
    2011-05-31 07:11 . 2011-05-31 07:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-30 15:05 . 2011-05-30 15:05 -------- d-----w- C:\VritualRoot
    2011-05-30 14:47 . 2011-05-30 16:14 -------- d-----w- c:\users\Raj\AppData\Local\Adobe
    2011-05-29 16:49 . 2011-05-29 16:49 -------- d-----w- c:\program files\Safari
    2011-05-29 16:47 . 2011-05-29 16:47 -------- d-----w- c:\program files\Common Files\Apple
    2011-05-29 16:47 . 2011-05-29 16:47 -------- d-----w- c:\program files\Apple Software Update
    2011-05-29 13:52 . 2011-05-29 14:16 97859 ----a-w- c:\windows\system32\drivers\klick.dat
    2011-05-29 13:52 . 2011-05-29 14:16 115369 ----a-w- c:\windows\system32\drivers\klin.dat
    2011-05-29 13:51 . 2009-12-14 11:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
    2011-05-29 13:51 . 2009-12-14 11:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
    2011-05-29 13:49 . 2011-05-29 13:49 -------- d-----w- c:\program files\Common Files\InfoWatch
    2011-05-29 13:49 . 2011-05-29 13:49 -------- d-----w- c:\program files\Kaspersky Lab
    2011-05-29 13:18 . 2011-05-29 13:18 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2011-05-29 11:19 . 2011-05-29 11:19 -------- d-----w- c:\users\Raj\AppData\Roaming\SUPERAntiSpyware.com
    2011-05-29 11:04 . 2011-05-29 11:18 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-05-29 08:54 . 2011-05-29 08:54 -------- d-----w- c:\users\Raj\AppData\Roaming\Malwarebytes
    2011-05-29 08:54 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 08:54 . 2011-05-29 08:54 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-29 08:54 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-29 08:54 . 2011-05-29 08:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-28 12:30 . 2010-04-27 02:25 98432 ---ha-w- c:\windows\system32\drivers\ss_bbus.sys
    2011-05-28 12:30 . 2010-04-27 02:25 14848 ---ha-w- c:\windows\system32\drivers\ss_bmdfl.sys
    2011-05-28 12:30 . 2010-04-27 02:25 12416 ---ha-w- c:\windows\system32\drivers\ss_bcmnt.sys
    2011-05-28 12:30 . 2010-04-27 02:25 12416 ---ha-w- c:\windows\system32\drivers\ss_bcm.sys
    2011-05-28 12:30 . 2010-04-27 02:25 123648 ---ha-w- c:\windows\system32\drivers\ss_bmdm.sys
    2011-05-28 12:30 . 2010-04-27 02:25 12288 ---ha-w- c:\windows\system32\drivers\ss_bwhnt.sys
    2011-05-28 12:30 . 2010-04-27 02:25 12288 ---ha-w- c:\windows\system32\drivers\ss_bwh.sys
    2011-05-28 12:26 . 2011-05-28 12:26 -------- d-----w- c:\program files\MarkAny
    2011-05-28 12:03 . 2011-05-28 12:03 -------- d-----w- c:\users\Raj\AppData\Local\Downloaded Installations
    2011-05-28 06:37 . 2011-05-28 06:37 -------- d-----w- c:\users\Raj\AppData\Roaming\CoreFTP
    2011-05-28 06:37 . 2011-05-28 06:37 -------- d-----w- c:\program files\CoreFTP
    2011-05-28 06:31 . 2011-05-30 21:47 -------- d-----w- c:\users\Raj\AppData\Local\Altaro
    2011-05-28 06:31 . 2011-05-30 21:52 -------- d-----w- c:\programdata\OopsBackup
    2011-05-26 15:14 . 2011-05-26 15:14 -------- d-----w- c:\programdata\Samsung
    2011-05-26 06:09 . 2011-05-28 06:30 -------- d-----w- c:\users\Raj\AppData\Local\Mango_Enterprise_-_http__
    2011-05-22 15:27 . 2011-05-22 15:27 -------- d-----w- c:\program files\AGEIA Technologies
    2011-05-22 15:27 . 2011-05-22 15:27 -------- d-----w- c:\windows\system32\AGEIA
    2011-05-22 15:27 . 2011-05-22 15:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2011-05-22 14:37 . 2011-05-22 14:37 -------- d-----w- c:\program files\7-Zip
    2011-05-22 07:17 . 2009-10-22 12:54 37392 ---ha-w- c:\windows\system32\drivers\20609872.sys
    2011-05-22 07:17 . 2009-10-09 22:31 311312 ---ha-w- c:\windows\system32\drivers\2060987.sys
    2011-05-22 07:17 . 2009-09-25 16:59 128016 ---ha-w- c:\windows\system32\drivers\20609871.sys
    2011-05-21 18:02 . 2011-05-24 18:12 -------- d-----w- c:\program files\RegDefense
    2011-05-21 16:35 . 2011-05-21 16:35 -------- d-----w- c:\users\Raj\AppData\Roaming\ParetoLogic
    2011-05-21 16:35 . 2011-05-21 16:35 -------- d-----w- c:\users\Raj\AppData\Roaming\DriverCure
    2011-05-21 16:34 . 2011-05-21 16:34 -------- d-----w- c:\programdata\ParetoLogic
    2011-05-21 16:34 . 2011-05-21 16:34 -------- d-----w- c:\program files\ParetoLogic
    2011-05-21 16:34 . 2011-05-21 16:34 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2011-05-21 12:37 . 2011-05-21 14:42 -------- d-----w- c:\program files\Hide My IP
    2011-05-21 12:11 . 2011-05-21 12:11 -------- d-----w- c:\users\Raj\AppData\Local\Media Get LLC
    2011-05-21 12:11 . 2011-05-21 12:11 -------- d-----w- c:\users\Raj\AppData\Local\MediaGet2
    2011-05-21 12:06 . 2011-05-21 12:06 -------- d-----w- c:\users\Raj\AppData\Local\SKIDROW
    2011-05-19 17:44 . 2011-05-19 17:44 -------- d-----w- c:\users\Raj\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2011-05-18 17:04 . 2011-05-18 17:04 -------- d-----w- c:\windows\Sun
    2011-05-18 06:30 . 2011-05-18 06:30 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-05-11 06:00 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-05-08 07:16 . 2011-05-08 07:16 -------- d-----w- c:\program files\SystemRequirementsLab
    2011-05-08 07:16 . 2011-05-08 07:16 -------- d-----w- c:\users\Raj\AppData\Roaming\SystemRequirementsLab
    2011-05-01 13:05 . 2011-05-01 13:12 -------- d-----w- c:\programdata\Blueberry
    2011-05-01 12:33 . 2011-05-01 13:12 -------- d-----w- c:\users\Raj\AppData\Roaming\Blueberry
    2011-05-01 12:31 . 2011-05-01 12:31 4608 ----a-w- c:\windows\system32\bbchlp.dll
    2011-05-01 12:31 . 2011-05-01 12:31 4096 ---ha-w- c:\windows\system32\drivers\bbcap.sys
    2011-05-01 12:31 . 2011-05-01 12:31 30720 ----a-w- c:\windows\system32\bbcap.dll
    2011-05-01 12:31 . 2011-05-01 12:33 -------- d-----w- c:\users\Raj\AppData\Roaming\LogSys
    2011-05-01 12:31 . 2011-05-01 12:31 -------- d-----w- c:\programdata\LogSys
    2011-05-01 12:31 . 2011-05-01 12:31 -------- d-----w- c:\program files\Common Files\Blueberry Software
    2011-05-01 12:31 . 2011-05-01 12:31 -------- d-----w- c:\program files\Blueberry Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-28 13:34 . 2011-04-28 13:34 53816 ---ha-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-04-13 06:06 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2011-04-13 06:06 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-04-06 20:49 . 2011-04-06 20:49 218688 ---ha-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-03-12 21:55 . 2011-04-28 15:29 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-03-10 17:03 . 2011-04-15 06:28 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-10 17:03 . 2011-04-15 06:28 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-03 15:42 . 2011-04-15 06:28 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 15:40 . 2011-04-28 15:29 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-03-03 15:40 . 2011-04-28 15:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40 . 2011-04-28 15:29 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40 . 2011-04-28 15:29 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40 . 2011-04-28 15:29 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-03-03 13:35 . 2011-04-28 15:29 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-03-03 13:25 . 2011-04-15 06:28 2041856 ----a-w- c:\windows\system32\win32k.sys
    2011-03-02 15:44 . 2011-04-15 06:28 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
    @="{dd230880-495a-11d1-b064-008048ec2fc5}"
    [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
    2010-10-01 21:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Switcher"="c:\program files\Switcher\Switcher.exe" [2007-10-28 425984]
    "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2424192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-15 01:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 07:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
    2010-07-04 18:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAMONITOR]
    2007-10-16 17:32 249856 ----a-w- c:\program files\USB2.0 2MP UVC Camera\Monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
    2008-05-07 15:28 591696 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX600FW Series]
    2008-03-05 06:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEKE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON622828]
    2008-03-05 06:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEKE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    2008-06-02 14:14 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2008-11-05 21:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
    2008-06-06 18:17 203296 ----a-w- c:\windows\System32\nvraidservice.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    2007-09-02 13:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-04-07 01:56 132760 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-05-23 15:00 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher]
    2007-10-28 11:35 425984 ----a-w- c:\program files\Switcher\Switcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2011-03-17 18:18 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3699171474-4233505151-127562807-1000]
    "EnableNotificationsRef"=dword:00000002
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 ALSysIO;ALSysIO;c:\users\Raj\AppData\Local\Temp\ALSysIO.sys [x]
    R3 Ca810av;CA810A WebCam Driver;c:\windows\system32\Drivers\Ca810av.sys [2007-10-16 2329216]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
    R3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\DRIVERS\hmvmdm.sys [2007-03-27 92032]
    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
    R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
    R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
    R4 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-28 870200]
    S0 20609872;20609872 Boot Guard Driver;c:\windows\system32\DRIVERS\20609872.sys [2009-10-22 37392]
    S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 88632]
    S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 36880]
    S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-04-28 53816]
    S1 20609871;20609871;c:\windows\system32\DRIVERS\20609871.sys [2009-09-25 128016]
    S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 39352]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-06 218688]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
    S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-07 390528]
    S1 RapportCerberus_26169;RapportCerberus_26169;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [2011-05-02 57144]
    S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-04-28 66360]
    S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-04-28 158904]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\DVDPlay\000.fcl [2008-06-11 61424]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
    S2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
    S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
    S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2011-05-01 4096]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
    S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.2;c:\windows\system32\DRIVERS\libusb0.sys [2006-05-30 29184]
    S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-08-15 552448]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-30 c:\windows\Tasks\HPCeeScheduleForRaj.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-09-23 19:03]
    .
    2011-05-31 c:\windows\Tasks\User_Feed_Synchronization-{2BDB8D55-462F-4297-B3C2-3FE801E7AF2E}.job
    - c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bbc.co.uk/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=84&bd=Pavilion&pf=cndt
    IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
    IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{83F776CF-6AFD-44E8-A640-222AA9C9262F}: NameServer = 156.154.70.22,156.154.71.22
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-NPSStartup - (no file)
    MSConfigStartUp-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
    MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
    MSConfigStartUp-OneCareUI - c:\program files\Microsoft Windows OneCare Live\winssnotify.exe
    MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
    MSConfigStartUp-WinDefender - c:\users\Raj\AppData\Roaming\svchost.exe
    AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
    AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
    .
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
    "ImagePath"="\??\c:\program files\HP\DVDPlay\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(7136)
    c:\windows\System32\NLSData0009.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    c:\windows\system32\nvvsvc.exe
    c:\windows\System32\LEXBCES.EXE
    c:\windows\System32\LEXPPS.EXE
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    c:\windows\system32\sdclt.exe
    .
    **************************************************************************
    .
    Completion time: 2011-05-31 08:30:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-05-31 07:30
    .
    Pre-Run: 418,783,600,640 bytes free
    Post-Run: 418,024,968,192 bytes free
    .
    - - End Of File - - 5E0BE6253A360D83054F1EFEF044E1CF
    ==========================================================================
  11. secretassasin69

    secretassasin69 Newcomer, in training Topic Starter Posts: 80

    Results of ESET Scan

    ===================================================================
    C:\Program Files\IWONGEI\Installr\1.bin\9uEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application
    C:\Users\Raj\AppData\Local\_rr_odugoqoralosu.dll a variant of Win32/Kryptik.KNA trojan
    ===================================================================
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Sorry for delay- we've been swamped!

    For Eset:
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Program Files\[B]IWON[/B]GEI\Installr\1.bin\9uEIPlug.dll 
      C:\Users\Raj\AppData\Local\_rr_odugoqoralosu.dll 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ==================================
    If you have anything from iWon> Delete it
    It's a dirty site. Delete or uninstall all entries.
    ==================================
    STOP adding security:> C:\VritualRoot
    Be careful where and what you download. You install at least 9 new programs between 5/21-5/30/2011. You were already having BSOD, you could only boot into Safe Mode and you had malware. I am reasonable certain that the malware resulted from 1. Excessive security. 2. Bad download or bad site
    ===================================
    FYI: AV=antivirus, FW=firewall, SP=spyware (antimalware) programs.
    =====================================
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
  13. secretassasin69

    secretassasin69 Newcomer, in training Topic Starter Posts: 80

    All processes killed
    ========== FILES ==========
    C:\Program Files\IWONGEI\Installr\1.bin\9uEIPlug.dll moved successfully.
    DllUnregisterServer procedure not found in C:\Users\Raj\AppData\Local\_rr_odugoqoralosu.dll
    C:\Users\Raj\AppData\Local\_rr_odugoqoralosu.dll moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Raj
    ->Temp folder emptied: 176974395 bytes
    ->Temporary Internet Files folder emptied: 18303444 bytes
    ->Java cache emptied: 112029 bytes
    ->FireFox cache emptied: 65707216 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 20740096 bytes
    ->Flash cache emptied: 3207099 bytes

    User: RAJ_2
    ->Temp folder emptied: 0 bytes

    User: SHUBHAM.Kalyan
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 542 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49406726 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 331 bytes
    RecycleBin emptied: 30883311 bytes

    Total Files Cleaned = 348.00 mb


    OTM by OldTimer - Version 3.1.18.0 log created on 06052011_170821

    Files moved on Reboot...
    File C:\Users\Raj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4JMZ8RPM(38)\8a005e39ea57a367bc4b3140393fb470097cc658d530a0f37ee95e09b5401ca19e4a93320904af6a357b56e0345c9cb9e8c605e4dd58d5e1179c1d52b9cb0e7f8668fd41a97a11698d26029a738d[1].txt not found!
    File C:\Users\Raj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\18OPDXCH(36)\bbf4838ee9360caf26a4216076ca1f28ea7500a7f77b314c842af436e80365137160fb24087da950d631a4e471f90d0be6404ea1cd14c6610d50ab6e332356b4355c9be4bc9013ff951d03bf1b5f[1].txt not found!

    Registry entries deleted on Reboot...
    ==========================================================================
    btw in C:\Virtual Root there is only a folder named dds.scr which you told me to install
  14. secretassasin69

    secretassasin69 Newcomer, in training Topic Starter Posts: 80

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:17:40, on 05/06/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19048)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Switcher\Switcher.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\msfeedssync.exe
    C:\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=84&bd=Pavilion&pf=cndt
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [Switcher] "C:\Program Files\Switcher\Switcher.exe" /quiet
    O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{83F776CF-6AFD-44E8-A640-222AA9C9262F}: NameServer = 156.154.70.22,156.154.71.22
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
    O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    --
    End of file - 8223 bytes

    ====================================================================================================================
    Once again thank you for the help i appreciate it very much. :)
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You're welcome. Just a few entries in HJT to remove:

    Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
    See Option 1

    Option 1: You may have used GoToAssist at one time for remote help. IF you are not using this now, you should stop this process and remove the program.

    Close all Windows except HijackThis and click on "Fix Checked."
    ======================================
    C:\Virtual Root is the renamed "Sandbox" for the Comodo Internet Security. It is a new feature added into the newest Comodo Internet Security 4.
    Supposedly, a program is placed in that directory if the security status cannot be immediately identified. In some instances, this will allow the program to be run safely without alerts while it is investigated (eg via CIMA) by Comodo.

    It can have some drawbacks:
    Many don't realize that too much security can make a system more vulnerable, not less. When you are tempted to add any security, be sure you understand it's purpose and contents.

    Has the internet connection been restored? Are there any malware related problem remaining?
  16. secretassasin69

    secretassasin69 Newcomer, in training Topic Starter Posts: 80

    thank you the internet connection was restored quite a while ago and currently there aren't any malware problems that i can see.
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You're welcome. You can remove the cleaning tools now:

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    Let me know if you have any more questions.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.