bhargav141

This is my log from Hijack this!
Please diagnose it and tell me why My pc is getting slwoer.

Moreover I get multiple SVCHost processes when I open task manager.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:19 PM, on 9/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Iconoid\iconoid.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\BARAHA~1.0\Baraha.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Documents and Settings\NHW\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\NHW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\NHW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\NHW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\Explorer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [47ed3f7e] rundll32.exe "C:\WINDOWS\system32\kbrxbqpg.dll",b
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - E:\lotus\org6\organize\bandobjs.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\adialhk.dll hmheao.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 4003 bytes

forhockey

Hi bhargav141,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

• Download RSIT by random/random and save it to your desktop.
• Double click RSIT.exe to start the tool and click Continue at the disclaimer.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both here.

__________________

bhargav141

HI Forhockey...!!!

This is the data you wanted from me.

PLEASE See to it why i m not able to surf the net via IE6. Coz most of my business site are fairly compatible with IE only...

Similarly I get slow response form Firefox also...

Please help...!!!

Logfile of random's system information tool 1.02 (written by random/random)
Run by NHW at 2008-09-30 17:27:21
Microsoft Windows XP Professional Service Pack 2
System drive C: has 25 GB (61%) free of 40 GB
Total RAM: 1015 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:56 PM, on 9/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Iconoid\iconoid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Documents and Settings\NHW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\NHW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\NHW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\NHW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\Explorer.exe
D:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\NHW.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.in
O2 - BHO: (no name) - {01C41362-8189-4565-BA86-7903BDAFC377} - C:\WINDOWS\system32\aymylkxy.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: {1d9a58b6-7d5a-670a-6b94-1e6d2746f1a1} - {1a1f6472-d6e1-49b6-a076-a5d76b85a9d1} - C:\WINDOWS\system32\nuazev.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {B9DD4748-E4E0-425B-B3A5-6C577AD30C03} - C:\WINDOWS\system32\iifdeebx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {ED7717A2-79AC-44CE-A1FB-79E1882FD5C8} - C:\WINDOWS\system32\mlJApQJY.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BMdf361bc8] Rundll32.exe "C:\WINDOWS\system32\llhulaeq.dll",s
O4 - HKLM\..\Run: [dc052854] rundll32.exe "C:\WINDOWS\system32\mvajplph.dll",b
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\adialhk.dll nuazev.dll
O20 - Winlogon Notify: divxps - divxps.dll (file missing)
O20 - Winlogon Notify: mlJApQJY - C:\WINDOWS\SYSTEM32\mlJApQJY.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5147 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01C41362-8189-4565-BA86-7903BDAFC377}]
C:\WINDOWS\system32\aymylkxy.dll [2008-09-26 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1f6472-d6e1-49b6-a076-a5d76b85a9d1}]
C:\WINDOWS\system32\nuazev.dll [2008-09-30 115200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-09-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9DD4748-E4E0-425B-B3A5-6C577AD30C03}]
C:\WINDOWS\system32\iifdeebx.dll [2008-09-13 253440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-09-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED7717A2-79AC-44CE-A1FB-79E1882FD5C8}]
C:\WINDOWS\system32\mlJApQJY.dll [2008-09-13 26624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-08 227856]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-09-01 158208]
"BMdf361bc8"=C:\WINDOWS\system32\llhulaeq.dll [2008-09-30 108032]
"dc052854"=C:\WINDOWS\system32\mvajplph.dll [2008-09-30 80896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Iconoid"=C:\Program Files\Iconoid\iconoid.exe [2007-02-03 274432]
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2008-09-12 3061248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.EXE [2008-09-12 3061248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IJPLMSVC"=2
"BlueSoleil Hid Service"=2
"IDriverT"=3
"Adobe LM Service"=3
"WZCSVC"=2
"WmiApSrv"=3
"Schedule"=2
"SCardSvr"=3
"RichVideo"=2
"ERSvc"=2
"BITS"=2
"mnmsrvc"=3
"NBService"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\kasper~1\kasper~1.0\adialhk.dll nuazev.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\divxps]
divxps.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-02-08 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlJApQJY]
C:\WINDOWS\system32\mlJApQJY.dll [2008-09-13 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{ED7717A2-79AC-44CE-A1FB-79E1882FD5C8}"=C:\WINDOWS\system32\mlJApQJY.dll [2008-09-13 26624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\iifdeebx

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klite.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klite.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:explorer"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"
"C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.200808151631\win32\x86\notes2.exe"="C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.200808151631\win32\x86\notes2.exe:*:Enabled:Lotus Notes"
"C:\WINDOWS\System32\usmt\migwiz.exe"="C:\WINDOWS\System32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{849cc728-19b5-11dd-9613-001d7dfd5b40}]
shell\Auto\command - H:\asp.net
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL asp.net


======List of files/folders created in the last 3 months======

2008-09-30 17:27:21 ----D---- C:\rsit
2008-09-30 15:21:40 ----A---- C:\WINDOWS\system32\nuazev.dll
2008-09-30 15:21:39 ----A---- C:\WINDOWS\system32\nkqddjth.dll
2008-09-30 15:19:43 ----SH---- C:\WINDOWS\system32\hplpjavm.ini
2008-09-30 15:19:42 ----N---- C:\WINDOWS\system32\mvajplph.dll
2008-09-30 15:19:30 ----A---- C:\WINDOWS\system32\llhulaeq.dll
2008-09-30 13:41:32 ----A---- C:\WINDOWS\system32\dvepiw.dll
2008-09-30 13:41:31 ----A---- C:\WINDOWS\system32\gohncbey.dll
2008-09-30 13:38:34 ----SH---- C:\WINDOWS\system32\wnusxsbt.ini
2008-09-30 13:38:31 ----N---- C:\WINDOWS\system32\tbsxsunw.dll
2008-09-30 13:35:31 ----A---- C:\WINDOWS\system32\winftvms.dll
2008-09-29 19:15:11 ----D---- C:\Program Files\Common Files\L&H
2008-09-29 19:14:34 ----D---- C:\Program Files\Microsoft ActiveSync
2008-09-29 19:13:38 ----D---- C:\Program Files\Microsoft Works
2008-09-29 19:13:10 ----D---- C:\Program Files\Microsoft Visual Studio
2008-09-29 19:12:39 ----D---- C:\WINDOWS\SHELLNEW
2008-09-29 19:12:22 ----D---- C:\Program Files\Microsoft.NET
2008-09-29 13:33:01 ----ASH---- C:\WINDOWS\system32\oconvesg.ini
2008-09-29 13:32:43 ----A---- C:\WINDOWS\system32\rhialrsp.dll
2008-09-29 13:04:30 ----SHD---- C:\RECYCLER
2008-09-29 13:03:22 ----A---- C:\WINDOWS\system32\svkpepdr.dll
2008-09-29 13:03:22 ----A---- C:\WINDOWS\system32\mqwbbt.dll
2008-09-29 13:01:29 ----ASH---- C:\WINDOWS\system32\hndcaqps.ini
2008-09-29 13:01:16 ----A---- C:\WINDOWS\system32\qrjybmdc.dll
2008-09-29 12:55:07 ----A---- C:\syskey.txt
2008-09-28 15:07:45 ----A---- C:\WINDOWS\system32\d726ec2a-.txt
2008-09-28 15:05:57 ----A---- C:\WINDOWS\BMdf361bc8.txt
2008-09-27 15:08:10 ----A---- C:\WINDOWS\system32\xgjohd.dll
2008-09-27 15:08:09 ----A---- C:\WINDOWS\system32\qyxeytug.dll
2008-09-27 15:07:07 ----ASH---- C:\WINDOWS\system32\gfodoghk.ini
2008-09-27 1558 ----A---- C:\WINDOWS\system32\tsmdkrgc.dll
2008-09-27 13:58:47 ----A---- C:\remove boot MSG.txt
2008-09-27 13:54:04 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-09-27 13:36:58 ----D---- C:\Program Files\Lavasoft
2008-09-27 13:36:58 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-27 13:35:11 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-27 13:29:54 ----A---- C:\Del dat file.txt
2008-09-27 13:14:03 ----ASH---- C:\WINDOWS\system32\mdmxhwqu.ini
2008-09-27 13:00:47 ----A---- C:\WINDOWS\system32\rzvhzc.dll
2008-09-27 13:00:42 ----A---- C:\WINDOWS\system32\cvjlxmub.dll
2008-09-27 13:00:32 ----A---- C:\WINDOWS\system32\rlrbyycr.dll
2008-09-26 17:47:17 ----A---- C:\WINDOWS\system32\yxusgw.dll
2008-09-26 17:47:16 ----A---- C:\WINDOWS\system32\ebbelpnq.dll
2008-09-26 17:44:19 ----ASH---- C:\WINDOWS\system32\jntrcrvg.ini
2008-09-26 17:40:48 ----A---- C:\WINDOWS\system32\aymylkxy.dll
2008-09-26 17:38:49 ----A---- C:\WINDOWS\system32\otqlwuiy.dll
2008-09-26 12:39:55 ----A---- C:\WINDOWS\system32\igmeinjk.dll
2008-09-26 12:31:57 ----D---- C:\WINDOWS\Sun
2008-09-26 12:24:18 ----D---- C:\Program Files\Trend Micro
2008-09-25 18:09:22 ----ASH---- C:\WINDOWS\system32\hceejvfd.ini
2008-09-25 18:07:28 ----A---- C:\WINDOWS\system32\jcrjhc.dll
2008-09-25 18:07:28 ----A---- C:\WINDOWS\system32\cdmlunye.dll
2008-09-25 18:07:19 ----A---- C:\WINDOWS\system32\jwrulvee.dll
2008-09-25 16:38:13 ----D---- C:\Program Files\HijackThis
2008-09-25 15:31:06 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-25 15:31:06 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-25 15:31:06 ----A---- C:\WINDOWS\system32\java.exe
2008-09-25 15:31:06 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-09-25 15:28:30 ----D---- C:\Documents and Settings\NHW\Application Data\Sun
2008-09-25 12:58:15 ----ASH---- C:\WINDOWS\system32\gpqbxrbk.ini
2008-09-25 12:57:56 ----A---- C:\WINDOWS\system32\wldtkmxi.dll
2008-09-25 12:57:56 ----A---- C:\WINDOWS\system32\hmheao.dll
2008-09-25 12:57:17 ----A---- C:\WINDOWS\system32\ordowogj.dll
2008-09-25 12:37:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-25 12:37:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-25 12:01:20 ----SHD---- C:\FOUND.004
2008-09-25 11:59:34 ----D---- C:\Program Files\NKProds
2008-09-25 11:55:03 ----A---- C:\WINDOWS\system32\bluuzx.dll
2008-09-25 11:55:01 ----A---- C:\WINDOWS\system32\tymloxee.dll
2008-09-25 11:45:49 ----ASH---- C:\WINDOWS\system32\suprpbfe.ini
2008-09-25 11:45:32 ----A---- C:\WINDOWS\system32\uptxyyik.dll
2008-09-24 19:08:34 ----A---- C:\WINDOWS\system32\dopdfmn6.dll
2008-09-24 19:08:34 ----A---- C:\WINDOWS\system32\dopdfmi6.dll
2008-09-24 19:08:26 ----D---- C:\Program Files\Softland
2008-09-24 16:57:15 ----ASH---- C:\WINDOWS\system32\fxoumbfu.ini
2008-09-24 16:00:09 ----ASH---- C:\WINDOWS\system32\dqqeasmv.ini
2008-09-24 15:12:51 ----A---- C:\WINDOWS\barcode.ini
2008-09-23 16:04:15 ----ASH---- C:\WINDOWS\system32\wgplavme.ini
2008-09-22 18:33:47 ----D---- C:\WINDOWS\Minidump
2008-09-22 18:33:18 ----SHD---- C:\FOUND.003
2008-09-22 18:18:52 ----SHD---- C:\FOUND.002
2008-09-22 17:08:06 ----SHD---- C:\FOUND.001
2008-09-21 15:58:22 ----D---- C:\Program Files\Paint.NET
2008-09-21 15:56:04 ----ASH---- C:\WINDOWS\system32\lirsjwva.ini
2008-09-21 15:55:51 ----A---- C:\WINDOWS\system32\vzqbjm.dll
2008-09-21 15:55:51 ----A---- C:\WINDOWS\system32\ospthlvy.dll
2008-09-21 14:31:10 ----SHD---- C:\FOUND.000
2008-09-21 12:57:23 ----D---- C:\Program Files\Baraha 7.0
2008-09-21 12:52:35 ----A---- C:\WINDOWS\system32\olnxgwor.dll
2008-09-21 12:52:31 ----A---- C:\WINDOWS\system32\wuoomy.dll
2008-09-21 12:52:31 ----A---- C:\WINDOWS\system32\qckadqpc.dll
2008-09-21 12:49:41 ----ASH---- C:\WINDOWS\system32\ugbvlahc.ini
2008-09-21 12:48:04 ----ASH---- C:\WINDOWS\system32\mykywlwa.tmp
2008-09-21 12:48:04 ----ASH---- C:\WINDOWS\system32\mykywlwa.ini
2008-09-21 12:14:17 ----A---- C:\WINDOWS\system32\MRT.exe
2008-09-21 11:50:53 ----A---- C:\WINDOWS\system32\fwaskjre.dll
2008-09-20 15:09:09 ----D---- C:\Program Files\OrgUpgrade
2008-09-20 15:09:09 ----D---- C:\Program Files\Common Files\RandSync
2008-09-20 15:08:01 ----D---- C:\Program Files\IBM Lotus Organizer 6
2008-09-20 15:03:13 ----D---- C:\Documents and Settings\NHW\Application Data\OtakuSoftware
2008-09-20 14:22:23 ----D---- C:\Program Files\Internet Explorer 8 WinXP x86(ENG) WGA bypass
2008-09-20 11:52:20 ----ASH---- C:\WINDOWS\system32\bcktmhfl.ini
2008-09-20 11:52:14 ----A---- C:\WINDOWS\system32\gscwun.dll
2008-09-20 11:52:13 ----A---- C:\WINDOWS\system32\rnsxhnsw.dll
2008-09-20 11:44:10 ----D---- C:\Program Files\uTorrent
2008-09-19 11:44:06 ----ASH---- C:\WINDOWS\system32\nxsnamny.ini
2008-09-18 12:00:14 ----A---- C:\WINDOWS\system32\akwrmv.dll
2008-09-18 12:00:13 ----A---- C:\WINDOWS\system32\yfajmcot.dll
2008-09-18 11:45:12 ----ASH---- C:\WINDOWS\system32\njkmiygf.ini
2008-09-18 11:27:57 ----A---- C:\WINDOWS\cookies.ini
2008-09-17 14:36:24 ----D---- C:\WINDOWS\system32\appmgmt
2008-09-17 11:47:21 ----A---- C:\WINDOWS\system32\hynihm.dll
2008-09-17 11:47:21 ----A---- C:\WINDOWS\system32\fpthloff.dll
2008-09-17 11:44:23 ----ASH---- C:\WINDOWS\system32\pbneolpr.ini
2008-09-17 11:42:05 ----A---- C:\WINDOWS\system32\gvdveveg.dll
2008-09-17 11:37:36 ----A---- C:\WINDOWS\system32\cbsbxs.dll
2008-09-17 11:37:34 ----A---- C:\WINDOWS\system32\kcraomnd.dll
2008-09-17 11:35:40 ----ASH---- C:\WINDOWS\system32\inbclykx.ini
2008-09-17 11:35:20 ----A---- C:\WINDOWS\system32\voadlxno.dll
2008-09-16 19:21:21 ----RD---- C:\Favorites
2008-09-16 12:00:43 ----AHD---- C:\sysfiles
2008-09-16 11:17:06 ----A---- C:\WINDOWS\system32\yczbvn.dll
2008-09-16 11:17:05 ----A---- C:\WINDOWS\system32\ilnjmrgq.dll
2008-09-16 11:14:41 ----ASH---- C:\WINDOWS\system32\oyiqyucc.ini
2008-09-16 11:14:41 ----A---- C:\WINDOWS\system32\ccuyqiyo.dll
2008-09-16 11:14:03 ----A---- C:\WINDOWS\system32\wwrjpclg.dll
2008-09-15 11:21:35 ----ASH---- C:\WINDOWS\system32\xadoubke.ini
2008-09-15 11:18:57 ----A---- C:\WINDOWS\system32\qghjincy.dll
2008-09-13 17:28:00 ----A---- C:\Program Files\Uninstall Ask Toolbar.dll
2008-09-13 17:27:25 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-09-13 16:54:56 ----ASH---- C:\WINDOWS\system32\nueucwmn.ini
2008-09-13 16:54:44 ----A---- C:\WINDOWS\system32\vgevfnth.dll
2008-09-13 16:54:44 ----A---- C:\WINDOWS\system32\rhiztb.dll
2008-09-13 16:54:37 ----A---- C:\WINDOWS\pskt.ini
2008-09-13 16:54:37 ----A---- C:\WINDOWS\BM44de0ce2.txt
2008-09-13 16:54:03 ----A---- C:\WINDOWS\system32\4ccefb00-.txt
2008-09-13 16:53:13 ----ASH---- C:\WINDOWS\system32\xbeedfii.ini2
2008-09-13 16:53:13 ----ASH---- C:\WINDOWS\system32\xbeedfii.ini
2008-09-13 16:53:08 ----N---- C:\WINDOWS\system32\iifdeebx.dll
2008-09-13 16:51:46 ----A---- C:\WINDOWS\system32\efcDwXOI.dll
2008-09-13 16:51:45 ----A---- C:\WINDOWS\system32\efcyVllJ.dll
2008-09-13 16:51:18 ----A---- C:\WINDOWS\system32\wvUlihfF.dll
2008-09-13 16:51:18 ----A---- C:\WINDOWS\system32\urqOGvVp.dll
2008-09-13 16:50:55 ----A---- C:\WINDOWS\system32\vtUopQjh.dll
2008-09-13 16:50:54 ----A---- C:\WINDOWS\system32\mlJYPIab.dll
2008-09-13 16:49:57 ----A---- C:\WINDOWS\system32\iifeeFwv.dll
2008-09-13 16:49:56 ----A---- C:\WINDOWS\system32\fccaXqrS.dll
2008-09-13 16:47:40 ----A---- C:\WINDOWS\system32\opnolLff.dll
2008-09-13 16:47:40 ----A---- C:\WINDOWS\system32\mlJApQJY.dll
2008-09-12 14:58:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-12 14:58:38 ----D---- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-09-12 14:58:34 ----D---- C:\Program Files\DAP
2008-09-12 14:58:34 ----A---- C:\WINDOWS\system32\wbhelp2.dll
2008-09-11 19:51:06 ----D---- C:\Documents and Settings\NHW\Application Data\Opera
2008-09-11 19:51:00 ----D---- C:\Program Files\Opera
2008-09-11 16:43:57 ----D---- C:\Documents and Settings\NHW\Application Data\Sony Corporation
2008-09-11 16:41:25 ----D---- C:\Drivers
2008-09-11 16:41:25 ----A---- C:\WINDOWS\system32\SONYHCY.DLL
2008-09-11 16:41:02 ----A---- C:\WINDOWS\system32\PxInsI64.exe
2008-09-11 16:41:02 ----A---- C:\WINDOWS\system32\PxInsA64.exe
2008-09-11 16:41:02 ----A---- C:\WINDOWS\system32\PxCpyI64.exe
2008-09-11 16:41:02 ----A---- C:\WINDOWS\system32\PxCpyA64.exe
2008-09-11 16:39:47 ----D---- C:\Program Files\Sony
2008-09-11 13:13:48 ----D---- C:\New Folder
2008-09-11 12:45:52 ----D---- C:\Documents and Settings\NHW\Application Data\Talkback
2008-09-11 12:45:39 ----D---- C:\Documents and Settings\NHW\Application Data\Thunderbird
2008-09-10 19:30:44 ----D---- C:\Program Files\Java
2008-09-10 14:10:15 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-09-10 14:08:56 ----D---- C:\WINDOWS\system32\bits
2008-09-10 14:08:49 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-10 14:08:33 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-10 11:21:33 ----D---- C:\Program Files\IBM
2008-09-10 11:21:33 ----D---- C:\Documents and Settings\All Users\Application Data\Lotus
2008-09-08 17:22:49 ----D---- C:\Documents and Settings\NHW\Application Data\Help
2008-09-08 12:56:26 ----D---- C:\Documents and Settings\NHW\Application Data\gnupg
2008-09-08 12:03:53 ----D---- C:\Documents and Settings\NHW\Application Data\PDF reDirect
2008-09-06 11:17:07 ----D---- C:\Documents and Settings\NHW\Application Data\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
2008-09-06 11:13:53 ----D---- C:\Program Files\eBay Desktop
2008-09-06 11:13:48 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-09-06 10:53:24 ----D---- C:\Documents and Settings\NHW\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-05 19:18:46 ----D---- C:\WINDOWS\SxsCaPendDel
2008-09-05 13:53:44 ----A---- C:\WINDOWS\system32\NCTWMVFile.dll
2008-09-05 13:53:44 ----A---- C:\WINDOWS\system32\NCTVideoFile.dll
2008-09-05 13:53:44 ----A---- C:\WINDOWS\system32\NCTVideoCompress.dll
2008-09-05 13:53:44 ----A---- C:\WINDOWS\system32\NCTRMFile.dll
2008-09-05 13:53:44 ----A---- C:\WINDOWS\system32\NCTQuickTimeFile.dll
2008-09-05 13:53:44 ----A---- C:\WINDOWS\system32\mcdvd_32.dll
2008-09-05 13:53:43 ----A---- C:\WINDOWS\system32\NCTVideoCoreU.dll
2008-09-05 13:53:43 ----A---- C:\WINDOWS\system32\NCTVideoCoreM.dll
2008-09-05 13:53:43 ----A---- C:\WINDOWS\system32\NCTAVIFile.dll
2008-09-05 13:53:43 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
2008-09-05 13:53:43 ----A---- C:\WINDOWS\system32\NCTAudioCompress3.dll
2008-09-05 13:53:43 ----A---- C:\WINDOWS\system32\NCTAudioCompress2.dll
2008-09-05 13:53:43 ----A---- C:\WINDOWS\system32\lame_enc.dll
2008-09-05 13:46:23 ----D---- C:\Documents and Settings\NHW\Application Data\vlc
2008-09-05 11:02:57 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-09-04 20:03:11 ----A---- C:\WINDOWS\system32\sysfolderazipcnt.dll
2008-09-04 20:03:11 ----A---- C:\WINDOWS\system32\azipcontmn.dll
2008-09-04 20:03:07 ----D---- C:\Program Files\AlphaZIP
2008-09-04 16:43:47 ----A---- C:\WINDOWS\system32\igxprd32.dll
2008-09-04 16:43:46 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2008-09-04 16:43:45 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2008-09-04 16:43:45 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2008-09-04 16:43:45 ----A---- C:\WINDOWS\system32\igfxCoIn_v4926.dll
2008-09-04 16:43:40 ----D---- C:\WINDOWS\system32\DRVSTORE
2008-09-04 16:43:39 ----A---- C:\WINDOWS\system32\igxpun.exe
2008-09-04 16:43:39 ----A---- C:\WINDOWS\system32\difxapi.dll
2008-09-04 16:43:28 ----AHD---- C:\Intel
2008-09-04 16:17:42 ----D---- C:\Program Files\Celestia
2008-08-31 16:44:00 ----HD---- C:\WINDOWS\$NtUninstallWIC$
2008-08-31 13:37:29 ----D---- C:\Documents and Settings\NHW\Application Data\Google
2008-08-31 12:31:46 ----A---- C:\WINDOWS\system32\mon.txt
2008-08-13 14:26:26 ----D---- C:\Program Files\Microsoft Silverlight
2008-08-13 13:59:11 ----A---- C:\WINDOWS\system32\spmsg.dll
2008-08-13 13:58:35 ----D---- C:\TTAdvance
2008-08-13 13:56:42 ----RSD---- C:\WINDOWS\assembly
2008-08-13 13:56:19 ----D---- C:\WINDOWS\Microsoft.NET
2008-07-21 12:12:59 ----D---- C:\Documents and Settings\NHW\Application Data\Mozilla
2008-07-21 12:12:53 ----D---- C:\Program Files\Mozilla Firefox
2008-07-02 15:08:30 ----D---- C:\Program Files\Kaspersky Lab
2008-07-02 15:08:30 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-02 14:54:10 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

======List of files/folders modified in the last 3 months======

2008-09-30 17:27:19 ----D---- C:\WINDOWS\Temp
2008-09-30 15:21:40 ----D---- C:\WINDOWS\system32
2008-09-30 14:34:24 ----ASH---- C:\boot.ini
2008-09-30 14:34:24 ----A---- C:\WINDOWS\win.ini
2008-09-30 14:34:24 ----A---- C:\WINDOWS\system.ini
2008-09-30 12:41:30 ----D---- C:\WINDOWS\system32\wbem
2008-09-30 12:41:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-30 12:40:48 ----D---- C:\WINDOWS
2008-09-30 11:26:34 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-29 19:54:08 ----D---- C:\WINDOWS\security
2008-09-29 19:41:45 ----SHD---- C:\WINDOWS\Installer
2008-09-29 19:41:45 ----HD---- C:\Config.Msi
2008-09-29 19:41:40 ----A---- C:\WINDOWS\ODBC.INI
2008-09-29 19:15:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-29 19:15:25 ----RSD---- C:\WINDOWS\Fonts
2008-09-29 19:15:11 ----D---- C:\Program Files\Common Files
2008-09-29 19:14:34 ----RD---- C:\Program Files
2008-09-29 19:13:48 ----D---- C:\Program Files\Microsoft Office
2008-09-29 19:13:46 ----D---- C:\Program Files\Common Files\Designer
2008-09-29 19:12:45 ----D---- C:\Program Files\Common Files\System
2008-09-29 19:12:29 ----D---- C:\WINDOWS\Help
2008-09-29 19:08:58 ----D---- C:\WINDOWS\system
2008-09-29 18:11:20 ----D---- C:\WINDOWS\Prefetch
2008-09-29 13:36:16 ----D---- C:\WINDOWS\system32\drivers
2008-09-28 1512 ----SHD---- C:\System Volume Information
2008-09-24 17:00:58 ----A---- C:\WINDOWS\NeroDigital.ini
2008-08-13 13:09:32 ----A---- C:\WINDOWS\winamp.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-09-01 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-09-01 14848]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-09-01 9600]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-12-17 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-12-17 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-12-17 21744]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-09-01 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-08-07 98944]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-09-01 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 klite;KLite Codec 3.0; \??\C:\WINDOWS\system32\klite.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-09-01 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-09-01 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-27 611664]
R2 AVP;Kaspersky Internet Security 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-08 227856]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-25 147456]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-28 69632]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 208896]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936]

-----------------EOF-----------------

bhargav141

HI
one more request

Please see to it why my IE6 and Firefox is getting slow.
I used to download files from torrentz quiet often is that harmful...

Bhargav
from Pune India

forhockey

Hi bhargav141,

I would refrain from downloading anything from torrentz. A lot of infections out there can come in through torrentz.


-------------------------------------------------------


Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix


IMPORTANT: Make sure you install the Recovery Console before running ComboFix.

Reply back with the following:

• C:\ComboFix.txt
• C:\rist\info.txt

__________________

bhargav141

Would you please explain what is recovery console?

and one more thing: following is the address that pops up whenever I open IE6 (my system is XP Pro SP2)
**Removed Link**

when I opened the temp folder, to trace this I found two files that are
1) a Google Chrome file with this address
2) a Java script file with the same.

please give me some divine tech tips as I am too naive to solve these issues.

bhargav141

This is the log file of COMBOFIX

Actually i downloaded the required recovery console in out that into the combofix then the combofix starts up instantly

after that this log which i posted now says that the recovery console is not installed in your system:



ComboFix 08-09-30.03 - NHW 2008-10-01 19:18:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.556 [GMT 5.5:30]
Running from: D:\security softwares\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM44de0ce2.txt
C:\WINDOWS\BM44de0ce2.xml
C:\WINDOWS\BMdf361bc8.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\akwrmv.dll
C:\WINDOWS\system32\aymylkxy.dll
C:\WINDOWS\system32\bcktmhfl.ini
C:\WINDOWS\system32\bluuzx.dll
C:\WINDOWS\system32\cbsbxs.dll
C:\WINDOWS\system32\ccuyqiyo.dll
C:\WINDOWS\system32\cdmlunye.dll
C:\WINDOWS\system32\cvjlxmub.dll
C:\WINDOWS\system32\dqqeasmv.ini
C:\WINDOWS\system32\dvepiw.dll
C:\WINDOWS\system32\ebbelpnq.dll
C:\WINDOWS\system32\efcDwXOI.dll
C:\WINDOWS\system32\efcyVllJ.dll
C:\WINDOWS\system32\fccaXqrS.dll
C:\WINDOWS\system32\fpthloff.dll
C:\WINDOWS\system32\fxoumbfu.ini
C:\WINDOWS\system32\gfodoghk.ini
C:\WINDOWS\system32\gohncbey.dll
C:\WINDOWS\system32\gpqbxrbk.ini
C:\WINDOWS\system32\gscwun.dll
C:\WINDOWS\system32\gvdveveg.dll
C:\WINDOWS\system32\gvtqty.dll
C:\WINDOWS\system32\hceejvfd.ini
C:\WINDOWS\system32\hffcwmsi.dll
C:\WINDOWS\system32\hmheao.dll
C:\WINDOWS\system32\hndcaqps.ini
C:\WINDOWS\system32\hplpjavm.ini
C:\WINDOWS\system32\hynihm.dll
C:\WINDOWS\system32\igmeinjk.dll
C:\WINDOWS\system32\iifdeebx.dll
C:\WINDOWS\system32\iifeeFwv.dll
C:\WINDOWS\system32\ilnjmrgq.dll
C:\WINDOWS\system32\inbclykx.ini
C:\WINDOWS\system32\ismwcffh.ini
C:\WINDOWS\system32\jcrjhc.dll
C:\WINDOWS\system32\jwrulvee.dll
C:\WINDOWS\system32\kcraomnd.dll
C:\WINDOWS\system32\klite.sys
C:\WINDOWS\system32\knshkykl.dll
C:\WINDOWS\system32\lirsjwva.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdmxhwqu.ini
C:\WINDOWS\system32\mlJApQJY.dll
C:\WINDOWS\system32\mlJYPIab.dll
C:\WINDOWS\system32\mqwbbt.dll
C:\WINDOWS\system32\njkmiygf.ini
C:\WINDOWS\system32\nkqddjth.dll
C:\WINDOWS\system32\nuazev.dll
C:\WINDOWS\system32\nueucwmn.ini
C:\WINDOWS\system32\nxsnamny.ini
C:\WINDOWS\system32\oconvesg.ini
C:\WINDOWS\system32\olnxgwor.dll
C:\WINDOWS\system32\opnolLff.dll
C:\WINDOWS\system32\ordowogj.dll
C:\WINDOWS\system32\ospthlvy.dll
C:\WINDOWS\system32\otqlwuiy.dll
C:\WINDOWS\system32\oyiqyucc.ini
C:\WINDOWS\system32\pbneolpr.ini
C:\WINDOWS\system32\qckadqpc.dll
C:\WINDOWS\system32\qrjybmdc.dll
C:\WINDOWS\system32\qyxeytug.dll
C:\WINDOWS\system32\rhialrsp.dll
C:\WINDOWS\system32\rhiztb.dll
C:\WINDOWS\system32\rlrbyycr.dll
C:\WINDOWS\system32\rnsxhnsw.dll
C:\WINDOWS\system32\rzvhzc.dll
C:\WINDOWS\system32\suprpbfe.ini
C:\WINDOWS\system32\svkpepdr.dll
C:\WINDOWS\system32\tsmdkrgc.dll
C:\WINDOWS\system32\tymloxee.dll
C:\WINDOWS\system32\ugbvlahc.ini
C:\WINDOWS\system32\uptxyyik.dll
C:\WINDOWS\system32\urqOGvVp.dll
C:\WINDOWS\system32\vgevfnth.dll
C:\WINDOWS\system32\voadlxno.dll
C:\WINDOWS\system32\vtUopQjh.dll
C:\WINDOWS\system32\vzqbjm.dll
C:\WINDOWS\system32\wgplavme.ini
C:\WINDOWS\system32\wldtkmxi.dll
C:\WINDOWS\system32\wnusxsbt.ini
C:\WINDOWS\system32\wuoomy.dll
C:\WINDOWS\system32\wvUlihfF.dll
C:\WINDOWS\system32\wvupixtp.dll
C:\WINDOWS\system32\wwrjpclg.dll
C:\WINDOWS\system32\xadoubke.ini
C:\WINDOWS\system32\xbeedfii.ini
C:\WINDOWS\system32\xbeedfii.ini2
C:\WINDOWS\system32\xgjohd.dll
C:\WINDOWS\system32\yczbvn.dll
C:\WINDOWS\system32\yfajmcot.dll
C:\WINDOWS\system32\yxusgw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KLITE
-------\Service_klite


((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.

2008-10-01 17:34 . 2004-09-01 00:00 146,432 --a------ C:\regedit.exe
2008-09-30 17:27 . 2008-09-30 17:34 <DIR> d-------- C:\rsit
2008-09-29 19:15 . 2008-09-29 19:15 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-09-29 19:14 . 2008-09-29 19:14 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-09-29 19:13 . 2008-09-29 19:13 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-29 19:12 . 2008-09-29 19:14 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-29 19:12 . 2008-09-29 19:12 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-28 15:05 . 2008-09-28 15:05 0 --a------ C:\WINDOWS\BMdf361bc8.xml
2008-09-27 13:54 . 2008-09-27 13:54 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-27 13:36 . 2008-09-27 13:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-27 13:36 . 2008-09-27 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-27 13:35 . 2008-09-27 13:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-26 17:44 . 2008-09-26 17:44 121 --ahs---- C:\WINDOWS\system32\jntrcrvg.ini
2008-09-26 12:31 . 2008-09-26 12:31 <DIR> d-------- C:\WINDOWS\Sun
2008-09-26 12:24 . 2008-09-26 12:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-25 15:31 . 2008-09-25 15:30 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-09-25 12:37 . 2008-09-25 12:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-25 12:37 . 2008-09-25 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-25 12:01 . 2008-09-25 12:01 <DIR> d--hs---- C:\FOUND.004
2008-09-25 11:59 . 2008-09-25 11:59 <DIR> d-------- C:\Program Files\NKProds
2008-09-24 19:09 . 2008-09-24 19:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Softland
2008-09-24 19:08 . 2008-09-24 19:08 <DIR> d-------- C:\Program Files\Softland
2008-09-24 19:08 . 2008-09-19 14:48 21,656 --a------ C:\WINDOWS\system32\dopdfmn6.dll
2008-09-24 19:08 . 2008-09-19 14:48 18,072 --a------ C:\WINDOWS\system32\dopdfmi6.dll
2008-09-24 19:08 . 2008-09-08 12:44 7,481 --a------ C:\WINDOWS\system32\dopdf6.ctm
2008-09-24 15:12 . 2008-09-24 15:12 397 --a------ C:\WINDOWS\barcode.ini
2008-09-22 18:33 . 2008-09-22 18:33 <DIR> d--hs---- C:\FOUND.003
2008-09-22 18:18 . 2008-09-22 18:18 <DIR> d--hs---- C:\FOUND.002
2008-09-22 17:08 . 2008-09-22 17:08 <DIR> d--hs---- C:\FOUND.001
2008-09-21 15:58 . 2008-09-21 15:58 <DIR> d-------- C:\Program Files\Paint.NET
2008-09-21 14:31 . 2008-09-21 14:31 <DIR> d--hs---- C:\FOUND.000
2008-09-21 12:57 . 2008-09-21 12:57 <DIR> d-------- C:\Program Files\Baraha 7.0
2008-09-21 12:48 . 2008-09-21 12:48 294 --ahs---- C:\WINDOWS\system32\mykywlwa.tmp
2008-09-21 12:48 . 2008-09-21 12:48 294 --ahs---- C:\WINDOWS\system32\mykywlwa.ini
2008-09-21 11:50 . 2008-09-21 11:50 5,819 --a------ C:\WINDOWS\system32\fwaskjre.dll
2008-09-20 15:09 . 2008-09-20 15:09 <DIR> d-------- C:\Program Files\OrgUpgrade
2008-09-20 15:09 . 2008-09-20 15:09 <DIR> d-------- C:\Program Files\Common Files\RandSync
2008-09-20 15:09 . 2008-09-20 15:09 1,572 --a------ C:\WINDOWS\HRMY98.MIF
2008-09-20 15:08 . 2008-09-20 15:08 <DIR> d-------- C:\Program Files\IBM Lotus Organizer 6
2008-09-20 15:03 . 2008-09-20 15:03 <DIR> d-------- C:\Documents and Settings\NHW\Application Data\OtakuSoftware
2008-09-20 14:22 . 2008-09-20 14:22 <DIR> d-------- C:\Program Files\Internet Explorer 8 WinXP x86(ENG) WGA bypass
2008-09-20 11:44 . 2008-09-30 14:30 <DIR> d-------- C:\Program Files\uTorrent
2008-09-16 19:21 . 2008-09-16 19:21 <DIR> dr------- C:\Favorites
2008-09-16 12:00 . 2008-09-16 12:00 <DIR> d-ah----- C:\sysfiles
2008-09-15 11:18 . 2008-09-15 11:18 5,818 --a------ C:\WINDOWS\system32\qghjincy.dll
2008-09-13 17:28 . 2008-09-12 15:21 262,144 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-09-13 12:53 . 2008-09-13 12:53 5,559 --a------ C:\NHW.Theme
2008-09-12 14:58 . 2008-09-12 14:58 <DIR> d-------- C:\Program Files\DAP
2008-09-12 14:58 . 2008-10-01 20:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-12 14:58 . 2008-09-12 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-09-12 14:58 . 2008-09-12 14:58 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-09-12 14:58 . 2008-09-12 14:58 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-09-12 14:58 . 2008-09-12 14:58 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-09-11 19:51 . 2008-09-11 19:51 <DIR> d-------- C:\Program Files\Opera
2008-09-11 16:43 . 2008-09-11 16:43 <DIR> d-------- C:\Documents and Settings\NHW\Application Data\Sony Corporation
2008-09-11 16:39 . 2008-09-11 16:39 <DIR> d-------- C:\Program Files\Sony
2008-09-11 13:13 . 2008-09-11 13:13 <DIR> d-------- C:\New Folder
2008-09-11 12:45 . 2008-09-11 12:45 <DIR> d-------- C:\Documents and Settings\NHW\Application Data\Thunderbird
2008-09-11 12:45 . 2008-09-11 12:45 <DIR> d-------- C:\Documents and Settings\NHW\Application Data\Talkback
2008-09-10 19:31 . 2008-09-25 15:30 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-10 19:30 . 2008-09-10 19:30 <DIR> d-------- C:\Program Files\Java
2008-09-10 14:08 . 2008-09-10 14:08 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-10 14:08 . 2008-09-10 14:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-09-10 14:08 . 2007-03-29 18:26 7,168 --a------ C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-09-10 14:08 . 2007-03-29 18:26 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-09-10 11:21 . 2008-09-29 13:35 <DIR> d-------- C:\Program Files\IBM
2008-09-10 11:21 . 2008-09-10 11:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lotus
2008-09-08 13:02 . 2008-09-08 13:02 <DIR> d-------- C:\Documents and Settings\NHW\.camel_certs
2008-09-08 12:56 . 2008-09-08 12:56 <DIR> d-------- C:\Documents and Settings\NHW\Application Data\gnupg
2008-09-08 12:54 . 2008-09-08 12:54 <DIR> d-------- C:\Documents and Settings\NHW\.gnome2_private
2008-09-08 12:54 . 2008-09-08 12:54 <DIR> d-------- C:\Documents and Settings\NHW\.gnome2
2008-09-08 12:54 . 2008-09-08 12:54 <DIR> d-------- C:\Documents and Settings\NHW\.gconfd
2008-09-08 12:54 . 2008-09-08 12:54 <DIR> d-------- C:\Documents and Settings\NHW\.gconf
2008-09-08 12:54 . 2008-09-08 12:54 <DIR> d-------- C:\Documents and Settings\NHW\.evolution
2008-09-08 12:03 . 2008-09-08 12:03 <DIR> d-------- C:\Documents and Settings\NHW\Application Data\PDF reDirect
2008-09-06 11:17 . 2008-09-06 11:17 <DIR> d-------- C:\Documents and Settings\NHW\Application Data\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
2008-09-06 11:13 . 2008-09-06 11:13 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-06 10:53 . 2008-09-06 10:53 <DIR> d-------- C:\Documents and Settings\NHW\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-05 19:18 . 2008-09-05 19:18 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-05 13:46 . 2008-09-05 13:46 <DIR> d-------- C:\Documents and Settings\NHW\Application Data\vlc
2008-09-05 11:02 . 2008-02-15 13:45 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2008-09-04 20:03 . 2008-09-04 20:03 <DIR> d-------- C:\Program Files\AlphaZIP
2008-09-04 20:03 . 2008-09-04 20:04 58,904 --a------ C:\WINDOWS\system32\sysfolderazipcnt.dll
2008-09-04 20:03 . 2008-09-04 20:04 58,904 --a------ C:\WINDOWS\system32\azipcontmn.dll
2008-09-04 16:17 . 2008-09-04 16:17 <DIR> d-------- C:\Program Files\Celestia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 14:31 78,112 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-01 14:31 2,403,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-01 14:29 9,368 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-01 14:29 33,212 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-01 08:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-22 07:40 412 ----a-w C:\fixhttpmax.reg
2008-08-13 08:56 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-07 10:21 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-05 09:19 903 ----a-w C:\Documents and Settings\NHW\admin.exe
2004-09-28 02:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
2008-09-12 09:28 251,392 ----a-w C:\Program Files\opera\program\plugins\dapop.dll
.

------- Sigcheck -------

2004-09-01 00:00 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iconoid"="C:\Program Files\Iconoid\iconoid.exe" [2007-02-03 274432]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-09-12 3061248]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-15 135168]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-09-01 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klite.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-09-12 14:58 3061248 C:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IJPLMSVC"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)
"IDriverT"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"WZCSVC"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"RichVideo"=2 (0x2)
"ERSvc"=2 (0x2)
"BITS"=2 (0x2)
"mnmsrvc"=3 (0x3)
"NBService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"C:\\WINDOWS\\System32\\usmt\\migwiz.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=

R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-25 147456]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{849cc728-19b5-11dd-9613-001d7dfd5b40}]
\Shell\Auto\command - H:\asp.net
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL asp.net
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{01C41362-8189-4565-BA86-7903BDAFC377} - C:\WINDOWS\system32\aymylkxy.dll
BHO-{1badf163-595f-4569-8330-559345c973b6} - C:\WINDOWS\system32\gvtqty.dll
BHO-{DBA8EAF8-5CC6-4921-90DC-B8AF13054D74} - C:\WINDOWS\system32\iifdeebx.dll
BHO-{ED7717A2-79AC-44CE-A1FB-79E1882FD5C8} - C:\WINDOWS\system32\mlJApQJY.dll
HKLM-Run-BMdf361bc8 - C:\WINDOWS\system32\knshkykl.dll
HKLM-Run-dc052854 - C:\WINDOWS\system32\hffcwmsi.dll
ShellExecuteHooks-{ED7717A2-79AC-44CE-A1FB-79E1882FD5C8} - C:\WINDOWS\system32\mlJApQJY.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\NHW\Application Data\Mozilla\Firefox\Profiles\7bhc5v0z.default\
FF -: plugin - C:\Documents and Settings\NHW\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 20:01:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-01 2052 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-01 14:36:45

Pre-Run: 25,775,087,616 bytes free
Post-Run: 25,714,696,192 bytes free

305

forhockey

Hi bhargav141,

The recover console is for more of a preventable measure if we cannot get your system to boot, which will allow us to run special tasks to revert your system back incase of an emergency.

-----------------------------------------------------

We'll take care of the recovery console first... and then we will begin to do a cleanup of this infection.


Visit the following link: here

Download the file & save it as its originally named, next to ComboFix.exe.





Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Drag the setup package onto ComboFix.exe and drop it.
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
  
  
• When the tool is finished, it will produce a report for you.

-----------------------------------------------------

Disable S& D Spybot's Tea Timer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

Download http://www.techsupportforum.com/sect...etTeaTimer.zip
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

-----------------------------------------------------

Please download ATF Cleaner

* Double-click ATF-Cleaner.exe to run the program.
* Click Select All found at the bottom of the list.
* Click the Empty Selected button.

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

* Click Opera at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

--------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Save this as CFScript




Referring to the picture above, drag CFScript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------

Please reply back with the following:

C:\ComboFix.txt
Update on how your system is behaving

__________________