Antivirus 2009 - Can't get it off

[Darkfox3393]

I was infected with antivirus 2008 xp yesterday, I used several programs (Spyware Doctor, Kaspersky, System Mechanic, and the online panda scanner) but apparently it still lies in my hard drive somewhere. Now it is Antivirus 2009 that pops up and tries to get me to download it. Kaspersky (my antivirus) can't seem to get rid of it (neither could NOD32). In system mechanic, it tells me my hard drive has errors (hopefully this is from virus and can be fixed). I've tried using malware bytes and others but its still here. I'll use them again if necessary. My computer is running much slower than normal. Other problems are arrising. Thank you for any assisstance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:28 PM, on 8/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {620E9A81-588A-4076-8BA9-E312EAD26288} - C:\Windows\system32\cbXRIaaW.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wVPgdaxu.dll,#1
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [BM31bd9be3] Rundll32.exe "C:\Windows\system32\bjgusdpo.dll",s
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 8560 bytes

[Darkfox3393]

bump.

this virus seems popular. anyone just know exactly what procedures to take to get it ALL off?

[Ried]

Hello Darkfox3393,

This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleaning the system:

C:\ComboFix.txt
New HijackThis log.

[Darkfox3393]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:33 PM, on 8/14/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.52\aaCenter.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Trillian\trillian.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Siber Systems\AI RoboForm\Identities.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 9334 bytes


ComboFix 08-08-12.01 - Charles 2008-08-12 1214.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1122 [GMT -7:00]
Running from: C:\Users\Charles\Downloads\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 481282 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Charles\AppData\Roaming\macromedia\Flash Player\#SharedObjects\QZ3CMF7G\interclick.com
C:\Users\Charles\AppData\Roaming\macromedia\Flash Player\#SharedObjects\QZ3CMF7G\interclick.com\ud.sol
C:\Users\Charles\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\Charles\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Windows\system32\aavcvyqy.dll
C:\Windows\system32\cbXRIaaW.dll
C:\Windows\system32\crjxnjxy.dll
C:\Windows\system32\eqsmhsgu.ini
C:\Windows\system32\felgekak.ini
C:\Windows\System32\iupqwtdu.ini
C:\Windows\system32\iyuouiof.dll
C:\Windows\system32\jjnxwfaq.dll
C:\Windows\system32\kakeglef.dll
C:\Windows\System32\kdpabsis.ini
C:\Windows\system32\lwuompdl.dll
C:\Windows\system32\lyejrhrd.dll
C:\Windows\system32\ofacmnga.dll
C:\Windows\system32\opnnlKdE.dll
C:\Windows\system32\ppqnvkpd.dll
C:\Windows\system32\vlitqacc.dll
C:\Windows\System32\WaaIRXbc.ini
C:\Windows\System32\WaaIRXbc.ini2
C:\Windows\system32\weecgnjw.ini
C:\Windows\system32\xxinyj.dll
C:\Windows\system32\yayvWqpP.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2011-08-01 00:52 . 2010-01-01 18:24 <DIR> d-------- C:\Program Files\Hamachi
2010-01-01 18:21 . 2010-01-01 18:21 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-08-12 09:46 . 2008-08-12 11:52 96,976 --a------ C:\Windows\System32\drivers\klin.dat
2008-08-12 09:46 . 2008-08-12 09:46 87,855 --a------ C:\Windows\System32\drivers\klick.dat
2008-08-12 09:45 . 2008-08-12 11:51 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-08-12 09:45 . 2008-08-12 11:51 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-08-12 09:45 . 2008-08-12 12:14 294,944 --ahs---- C:\Windows\System32\drivers\fidbox2.dat
2008-08-12 09:45 . 2008-08-12 12:13 2,060 --ahs---- C:\Windows\System32\drivers\fidbox2.idx
2008-08-12 08:59 . 2008-08-12 08:59 2,048 --a------ C:\Windows\System32\dbwcpvjo.exe
2008-08-11 19:43 . 2008-08-11 19:43 2,048 --a------ C:\Windows\System32\tgvlfckd.exe
2008-08-11 14:51 . 2008-08-11 14:51 <DIR> d-------- C:\Users\Charles\AppData\Roaming\TuneUp Software
2008-08-11 14:51 . 2008-08-11 14:53 306,432 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-08-11 14:51 . 2007-12-20 10:44 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-08-11 14:50 . 2008-08-11 14:50 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-08-11 14:50 . 2008-08-11 14:50 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-08-11 14:50 . 2008-08-11 14:53 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-11 14:50 . 2007-12-20 10:41 29,440 --a------ C:\Windows\System32\uxtuneup.dll
2008-08-11 09:03 . 2008-08-11 09:03 2,048 --a------ C:\Windows\System32\ymtkcqux.exe
2008-08-11 01:40 . 2008-08-12 09:45 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-08-11 01:40 . 2008-08-12 12:08 3,204,128 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-08-11 01:40 . 2008-08-12 12:08 43,988 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-08-11 01:38 . 2008-08-12 09:34 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-08-11 01:38 . 2008-08-12 09:34 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-08-11 00:09 . 2008-08-11 00:09 249 --a------ C:\Windows\emug3.ini
2008-08-10 23:24 . 2008-08-10 23:24 2,048 --a------ C:\Windows\System32\jolmbgvc.exe
2008-08-10 17:42 . 2008-08-10 17:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-10 17:40 . 2008-08-10 17:40 <DIR> d-------- C:\Deckard
2008-08-10 13:09 . 2008-08-10 13:09 <DIR> d-------- C:\Program Files\IVT Corporation
2008-08-10 12:29 . 2008-03-03 14:25 5,702 --ah----- C:\Windows\nod32restoretemdono.reg
2008-08-10 12:29 . 2008-03-03 18:21 568 --ah----- C:\Windows\nod32fixtemdono.reg
2008-08-10 12:17 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-08-10 12:15 . 2008-08-10 12:15 <DIR> d-------- C:\Program Files\Panda Security
2008-08-10 02:09 . 2008-08-10 02:09 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-08-10 02:09 . 2008-08-10 02:09 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-08-10 02:07 . 2007-07-20 00:57 267,112 --a------ C:\Windows\System32\xactengine2_9.dll
2008-08-10 02:07 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
2008-08-10 02:07 . 2007-07-20 00:54 18,280 --a------ C:\Windows\System32\x3daudio1_2.dll
2008-08-10 01:49 . 2008-08-10 01:49 <DIR> d-------- C:\Users\All Users\RoboForm
2008-08-10 01:49 . 2008-08-10 01:49 <DIR> d-------- C:\ProgramData\RoboForm
2008-08-10 01:48 . 2008-08-10 01:48 <DIR> d-------- C:\Program Files\Siber Systems
2008-08-10 01:28 . 2008-08-10 02:10 <DIR> d-------- C:\Program Files\The Witcher
2008-08-10 01:26 . 2008-08-10 11:09 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-08-10 01:26 . 2008-08-10 01:26 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-10 01:17 . 2008-08-10 01:17 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-08-10 01:16 . 2008-08-10 01:16 <DIR> d-------- C:\Users\Charles\AppData\Roaming\DAEMON Tools
2008-08-08 17:53 . 2008-08-08 17:53 <DIR> d-------- C:\Users\Charles\AppData\Roaming\Malwarebytes
2008-08-08 17:53 . 2008-08-08 17:53 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-08 17:53 . 2008-08-08 17:53 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-08 17:53 . 2008-08-08 17:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-08 15:08 . 2008-08-08 15:12 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-08 15:08 . 2008-08-08 15:12 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-08 15:01 . 2008-08-08 15:09 <DIR> d-------- C:\Users\Charles\AppData\Roaming\Lavasoft
2008-08-08 15:00 . 2008-08-08 15:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-06 23:15 . 2008-08-08 14:25 <DIR> d-------- C:\Program Files\ESET
2008-08-06 21:54 . 2008-08-06 21:54 <DIR> d-------- C:\Users\All Users\ESET
2008-08-06 21:54 . 2008-08-06 21:54 <DIR> d-------- C:\ProgramData\ESET
2008-08-04 18:04 . 2008-08-10 13:10 779 --a------ C:\Windows\System32\bscs.ini
2008-08-04 17:33 . 2008-08-04 17:33 143,450 --a------ C:\Windows\System32\BsCommon.dll
2008-08-03 14:51 . 2008-05-09 20:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
2008-08-03 14:51 . 2008-05-09 15:22 9,127 --a------ C:\Windows\System32\RacUR.xml
2008-08-03 14:51 . 2008-05-09 15:22 153 --a------ C:\Windows\System32\RacUREx.xml
2008-08-03 12:39 . 2008-08-09 17:44 <DIR> d-------- C:\Users\Charles\AppData\Roaming\Xfire
2008-08-03 12:39 . 2008-08-09 17:44 <DIR> d-------- C:\Users\All Users\Xfire
2008-08-03 12:39 . 2008-08-09 17:44 <DIR> d-------- C:\ProgramData\Xfire
2008-08-03 12:39 . 2008-08-03 12:39 <DIR> d-------- C:\Program Files\Xfire
2008-08-02 21:14 . 2008-08-02 21:14 <DIR> d-------- C:\Windows\Sun
2008-08-02 21:14 . 2008-08-02 21:14 <DIR> d-------- C:\Windows\.jagex_cache_32
2008-08-02 21:14 . 2008-08-02 21:20 23 --a------ C:\Users\Charles\jagex_runescape_preferences.dat
2008-08-02 20:34 . 2008-08-02 20:34 <DIR> d-------- C:\Program Files\Java
2008-08-02 20:32 . 2008-08-02 20:32 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-02 19:06 . 2008-08-06 00:07 23 --a------ C:\Windows\BlendSettings.ini
2008-08-02 01:48 . 2008-08-02 01:48 187 --a------ C:\Windows\_delis43.ini
2008-08-02 01:14 . 2008-08-10 12:46 <DIR> d-------- C:\Program Files\Final Fantasy VII
2008-08-01 21:30 . 2008-08-01 21:30 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-08-01 15:58 . 2008-08-01 15:58 622,693 --a------ C:\Windows\System32\BSShell.dll
2008-08-01 15:58 . 2008-08-01 15:58 540,758 --a------ C:\Windows\System32\Bscdlg.dll
2008-08-01 15:58 . 2008-08-01 15:58 278,647 --a------ C:\Windows\System32\outlookAddin.dll
2008-08-01 15:58 . 2008-08-01 15:58 114,774 --a------ C:\Windows\System32\versit.dll
2008-08-01 15:58 . 2008-08-01 15:58 57,430 --a------ C:\Windows\System32\btfunc.dll
2008-08-01 15:57 . 2008-08-01 15:57 520,307 --a------ C:\Windows\System32\BlueSoleilCSps.dll
2008-08-01 15:57 . 2008-08-01 15:57 114,788 --a------ C:\Windows\System32\BsProfileFunc.dll
2008-08-01 15:57 . 2008-08-01 15:57 94,314 --a------ C:\Windows\System32\BsHelpCSps.dll
2008-08-01 15:56 . 2008-08-01 15:56 225,364 --a------ C:\Windows\System32\BsSDK.dll
2008-08-01 15:56 . 2008-08-01 15:56 98,403 --a------ C:\Windows\System32\Bs2Res.dll
2008-08-01 15:56 . 2008-08-01 15:56 28,766 --a------ C:\Windows\System32\PlayerCtrl.dll
2008-08-01 15:55 . 2008-08-01 15:55 118,880 --a------ C:\Windows\System32\BsMobileSDK.dll
2008-08-01 15:55 . 2008-08-01 15:55 28,760 --a------ C:\Windows\System32\BsTrace.dll
2008-08-01 15:55 . 2008-08-01 15:55 28,672 --a------ C:\Windows\System32\BsMobileCSps.dll
2008-08-01 15:46 . 2008-08-01 15:46 17,907,824 --a------ C:\Windows\System32\BsLangInDepRes.dll
2008-08-01 15:46 . 2008-08-01 15:46 65,536 --a------ C:\Windows\System32\BsVistaCommon.dll
2008-08-01 06:52 . 2008-08-01 06:52 <DIR> d-------- C:\NVIDIA
2008-08-01 00:31 . 2008-08-01 00:31 89,674 --a------ C:\Windows\WinVerCheck.exe
2008-08-01 00:25 . 2008-08-12 12:14 <DIR> d-------- C:\Users\Charles\AppData\Roaming\Hamachi
2008-07-31 23:26 . 2008-07-31 23:26 <DIR> d-------- C:\Users\Charles\WoW-BurningCrusade-enUS-Slim-Installer
2008-07-31 23:24 . 2008-07-31 23:24 <DIR> d-------- C:\Users\Charles\Bluetooth Software
2008-07-31 23:15 . 2008-08-01 01:12 <DIR> d-------- C:\Program Files\World of Warcraft
2008-07-31 22:34 . 2008-07-31 22:34 <DIR> d-------- C:\Program Files\WIDCOMM
2008-07-31 14:17 . 2007-04-04 18:55 261,480 --a------ C:\Windows\System32\xactengine2_7.dll
2008-07-31 14:17 . 2007-01-24 15:27 255,848 --a------ C:\Windows\System32\xactengine2_6.dll
2008-07-31 14:17 . 2006-12-08 12:02 251,672 --a------ C:\Windows\System32\xactengine2_5.dll
2008-07-31 14:17 . 2006-09-28 16:05 237,848 --a------ C:\Windows\System32\xactengine2_4.dll
2008-07-31 14:17 . 2006-07-28 09:30 236,824 --a------ C:\Windows\System32\xactengine2_3.dll
2008-07-31 14:17 . 2007-03-05 12:42 15,128 --a------ C:\Windows\System32\x3daudio1_1.dll
2008-07-31 14:16 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-07-31 14:15 . 2008-08-05 08:27 136,888 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-07-31 14:15 . 2008-07-31 14:15 22,328 --a------ C:\Users\Charles\AppData\Roaming\PnkBstrK.sys
2008-07-31 14:14 . 2008-08-05 08:27 111,928 --a------ C:\Windows\System32\PnkBstrB.exe
2008-07-31 14:14 . 2008-07-31 14:18 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-07-31 14:14 . 2008-07-31 14:14 319 --a------ C:\Windows\game.ini
2008-07-31 13:56 . 2008-07-31 13:56 <DIR> d-------- C:\Program Files\Activision
2008-07-31 13:54 . 2008-07-31 13:54 <DIR> d--hs---- C:\Windows\ftpcache
2008-07-31 13:44 . 2008-08-01 07:00 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-07-31 13:44 . 2008-08-01 07:00 <DIR> d-------- C:\ProgramData\NVIDIA
2008-07-31 13:36 . 2008-02-27 22:34 1,079,840 --a------ C:\Windows\System32\nvcpluir.dll
2008-07-31 13:36 . 2008-07-26 12:48 797,216 --a------ C:\Windows\System32\nvcplui.exe
2008-07-31 13:36 . 2008-07-26 12:48 420,384 --a------ C:\Windows\System32\nvcpl.cpl
2008-07-31 13:36 . 2008-02-27 22:34 313,888 --a------ C:\Windows\System32\nvexpbar.dll
2008-07-31 13:35 . 2008-07-23 15:24 446,464 --a------ C:\Windows\System32\NVUNINST.EXE
2008-07-31 13:08 . 2008-07-31 13:08 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2008-07-31 07:07 . 2008-07-31 07:07 <DIR> d-------- C:\Users\Charles\AppData\Roaming\JAM Software
2008-07-31 07:07 . 2008-07-31 07:07 <DIR> d-------- C:\Program Files\JAM Software
2008-07-31 07:03 . 2008-03-12 13:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-07-31 01:24 . 2008-07-31 01:24 <DIR> d-------- C:\PerfLogs
2008-07-31 01:01 . 2008-01-19 00:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-07-31 01:00 . 2008-01-19 00:32 5,714,432 --a------ C:\Windows\System32\logon.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 08:34 174 --sha-w C:\Program Files\desktop.ini
2008-07-31 08:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-31 08:25 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-31 08:25 --------- d-----w C:\Program Files\Windows Mail
2008-07-31 08:25 --------- d-----w C:\Program Files\Windows Journal
2008-07-31 08:25 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-31 08:25 --------- d-----w C:\Program Files\Windows Calendar
2008-07-31 08:24 --------- d-----w C:\Program Files\Windows Defender
2008-07-31 08:14 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-31 08:14 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-31 05:45 --------- d-----w C:\Program Files\MSBuild
2008-07-30 07:56 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-30 07:56 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-30 07:56 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-30 07:56 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-30 07:56 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-10 01:28 20,496 ----a-w C:\Windows\system32\drivers\klim6.sys
2008-07-02 21:58 15,368 ----a-w C:\Windows\System32\btinstall.dll
2008-06-27 08:40 335,872 ----a-w C:\Windows\system32\drivers\RTL8187.sys
2008-06-05 01:30 9,728 ----a-w C:\Windows\System32\BsMonUI.dll
2008-06-05 01:30 53,248 ----a-w C:\Windows\System32\HtmPrintHelper.dll
2008-06-05 01:30 405,589 ----a-w C:\Windows\System32\BsUI.dll
2008-06-05 01:30 18,432 ----a-w C:\Windows\System32\BsMonSvr.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-16 18:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-07-29 22:25 219952]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-17 05:20 490952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-04-01 12:44 49152]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-19 23:36 36864]
"iolo Startup"="C:\Program Files\iolo\Common\Lib\ioloLManager.exe" [2008-05-22 14:38 307568]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-02 09:32 1261568]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-07-26 12:48 13576736]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]

C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2010-01-01 18:21:29 624416]
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2008-07-29 22:59:03 1222144]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-04-12 10:37:48 643133]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_Dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HM3 Agent]
--a------ 2008-05-27 15:28 967680 C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3201450658-3788360155-2186558837-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C22038A4-8F31-4A86-8FF2-4BAC6C210B31}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{0FE34792-748C-41AE-A5E2-E40A45F27556}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{EDE574AF-FD27-486F-8F6B-F100C5376221}C:\\program files\\trillian\\trillian.exe"= UDP:C:\program files\trillian\trillian.exe:Trillian
"UDP Query User{0B146D4C-6E64-49E8-912D-1F0BCCE73357}C:\\program files\\trillian\\trillian.exe"= TCP:C:\program files\trillian\trillian.exe:Trillian
"{42BA4692-C9A6-4D52-801B-758E18CFE5C2}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{5A3D13EF-FFDD-4630-825E-D7E1FD79BA84}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{39ED498D-D5C8-4AEE-BD0D-6D529EB06E9A}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{7F1EBB73-DEC5-4D11-9584-43043FECE810}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{5828154D-3A45-4657-BE88-038D46F60A1E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E029D38D-8897-4D33-AEFA-C8831BB4E202}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{595B8549-F248-4E77-B952-60815D2E3329}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F139C02A-B92B-4D5C-8D65-DCC8E19733F5}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6D2BDBC0-F593-4B3D-9631-0132A028B036}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{87ED2C2B-4628-4B05-BF67-A1A388A36B33}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{2F8EF469-DEBF-4EA1-A088-8CF2737DF3EA}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{A0B378B1-5DE8-42B3-B40E-371CCBF52B34}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{6AA354EA-DBC2-4B51-9A71-BD9D6694ED62}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{288DB32D-F8B7-4262-91C6-FE8AA6F9634E}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{1D85DCEB-AA32-4348-8566-E89178E8C164}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{15CA602D-A3EF-4EFD-AF0D-5D4EDBC4127F}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{2BE42F1E-FB88-48BF-8E5D-661E5D234990}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{248CD53E-A646-4603-829E-79FD184CB784}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{B3F304D5-BF52-4B14-ABE8-C6052614C06D}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{8BB9B758-AF47-4949-A0E7-C9E862085494}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{EE253006-AFE9-488B-AD17-78AC194B1BB4}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2008-04-17 10:45]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 18:28]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-02 10:57]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-05 15:44]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-19 00:33]
R3 3xHybrid;SAA713x TV Card Service;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-07-06 20:00]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2008-06-27 01:40]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\system32\regedt32.exe [2006-11-02 02:45]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-11 14:53]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13aee98d-5e5d-11dd-a72e-101111111111}]
\shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{146a0479-5e69-11dd-8aa9-806e6f6e6963}]
\shell\AutoRun\command - E:\.\Bin\Assetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3a7d9fe-66b5-11dd-bc23-111111111111}]
\shell\AutoRun\command - G:\setup.exe
\shell\install\command - G:\setup.exe

*Newly Created Service* - KLIM6
.
Contents of the 'Scheduled Tasks' folder

2008-08-11 C:\Windows\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]

2008-08-12 C:\Windows\Tasks\RtlVistaStart.job
- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [2007-04-03 10:30]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MSServer - C:\Windows\system32\wVPgdaxu.dll
HKLM-Run-328ea87f - C:\Windows\system32\kakeglef.dll
HKLM-Run-BM31bd9be3 - C:\Windows\system32\jjnxwfaq.dll
MSConfigStartUp-BtTray - C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\pxvv0gfv.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 12:13:34
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-08-12 12:16:14 - machine was rebooted [Charles]
ComboFix-quarantined-files.txt 2008-08-12 19:16:09

Pre-Run: 396,297,572,352 bytes free
Post-Run: 396,802,482,176 bytes free

348 --- E O F --- 2008-08-03 21:53:13

[Darkfox3393]

Also note that I am running vista so the recovery console (repair mode) is in the boot disk.

And Update:
After running combofix.exe (and several scanners and kaspersky antivirus) I am not receiving popup virus alerts or anything. But in System Mechanic still gives me the "Hard Drive contains errors" problem and my vista takes much longer to boot up (2-5 minutes on the boot loading screen). I am pretty sure but not 100% its linked to something with the virus effecting my HD.

[Ried]

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/279474-antivirus-2009-can-t-get-off-post1650004.html#post1650004

Collect::
C:\Windows\WinVerCheck.exe

File::
C:\Windows\System32\dbwcpvjo.exe
C:\Windows\System32\tgvlfckd.exe
C:\Windows\System32\ymtkcqux.exe
C:\Windows\System32\jolmbgvc.exe

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.
• A browser will open.
• Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Kaspersky results
Update on system behavior

**It's much easier for us and would be greatly appreciated, if you'd kindly copy/paste the reports directly into the reply box unless otherwise requested.

[Darkfox3393]

When I ran kaspersky online scan it gave me a BSOD and when windows started up again an error came up (I'll attach it to this post). System seems to be running good. Still a little sketchy (kaspersky online scanner BSOD???).

ComboFix 08-08-12.01 - Charles 2008-08-15 0:00:32.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1064 [GMT -7:00]
Running from: C:\Users\Charles\Desktop\ComboFix.exe
Command switches used :: C:\Users\Charles\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\System32\dbwcpvjo.exe
C:\Windows\System32\jolmbgvc.exe
C:\Windows\System32\tgvlfckd.exe
C:\Windows\System32\ymtkcqux.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\dbwcpvjo.exe
C:\Windows\System32\jolmbgvc.exe
C:\Windows\System32\tgvlfckd.exe
C:\Windows\System32\ymtkcqux.exe
C:\Windows\WinVerCheck.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.

2011-08-01 00:52 . 2010-01-01 18:24 <DIR> d-------- C:\Program Files\Hamachi
2010-01-01 18:21 . 2010-01-01 18:21 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-08-13 23:05 . 2006-10-19 03:11 12,096 --a------ C:\Windows\System32\drivers\AsInsHelp64.sys
2008-08-13 23:05 . 2006-10-19 03:11 10,304 --a------ C:\Windows\System32\drivers\AsInsHelp32.sys
2008-08-13 00:18 . 2008-08-13 00:18 <DIR> dr------- C:\Users\Charles\AppData\Roaming\Brother
2008-08-13 00:16 . 2008-08-13 00:28 419 --a------ C:\Windows\BRWMARK.INI
2008-08-13 00:16 . 2008-08-13 00:28 27 --a------ C:\Windows\BRPP2KA.INI
2008-08-13 00:13 . 2008-08-13 00:13 <DIR> d-------- C:\Users\All Users\Brother
2008-08-13 00:13 . 2008-08-13 00:13 <DIR> d-------- C:\ProgramData\Brother
2008-08-13 00:01 . 2008-08-13 00:01 <DIR> d-------- C:\Windows\System32\MFC-240C
2008-08-12 17:56 . 2008-08-12 18:32 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-08-12 16:54 . 2008-08-12 17:55 <DIR> d-------- C:\Windows\BDOSCAN8
2008-08-12 15:21 . 2008-08-12 15:22 <DIR> d-------- C:\Program Files\Zune
2008-08-12 15:21 . 2008-08-12 15:21 0 --ah----- C:\Windows\System32\drivers\Msft_User_ZuneDriver_01_00_00.Wdf
2008-08-12 13:53 . 2008-07-15 18:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-12 13:44 . 2008-06-26 18:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-12 13:44 . 2008-06-26 21:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-12 13:44 . 2008-06-18 20:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-12 13:44 . 2008-04-17 22:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-12 13:43 . 2008-04-09 22:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-12 09:46 . 2008-08-12 11:52 96,976 --a------ C:\Windows\System32\drivers\klin.dat
2008-08-12 09:46 . 2008-08-12 09:46 87,855 --a------ C:\Windows\System32\drivers\klick.dat
2008-08-12 09:45 . 2008-08-14 19:32 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-08-12 09:45 . 2008-08-14 19:32 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-08-12 09:45 . 2008-08-14 18:23 376,864 --ahs---- C:\Windows\System32\drivers\fidbox2.dat
2008-08-12 09:45 . 2008-08-14 18:23 2,368 --ahs---- C:\Windows\System32\drivers\fidbox2.idx
2008-08-11 14:51 . 2008-08-11 14:51 <DIR> d-------- C:\Users\Charles\AppData\Roaming\TuneUp Software
2008-08-11 14:51 . 2008-08-11 14:53 306,432 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-08-11 14:51 . 2007-12-20 10:44 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-08-11 14:50 . 2008-08-11 14:50 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-08-11 14:50 . 2008-08-11 14:50 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-08-11 14:50 . 2008-08-12 13:23 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-11 14:50 . 2007-12-20 10:41 29,440 --a------ C:\Windows\System32\uxtuneup.dll
2008-08-11 01:40 . 2008-08-12 09:45 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-08-11 01:40 . 2008-08-14 18:23 3,204,128 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-08-11 01:40 . 2008-08-14 18:23 43,988 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-08-11 01:38 . 2008-08-12 09:34 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-08-11 01:38 . 2008-08-12 09:34 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-08-11 00:09 . 2008-08-11 00:09 249 --a------ C:\Windows\emug3.ini
2008-08-10 17:42 . 2008-08-10 17:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-10 17:40 . 2008-08-10 17:40 <DIR> d-------- C:\Deckard
2008-08-10 13:09 . 2008-08-10 13:09 <DIR> d-------- C:\Program Files\IVT Corporation
2008-08-10 12:29 . 2008-03-03 14:25 5,702 --ah----- C:\Windows\nod32restoretemdono.reg
2008-08-10 12:29 . 2008-03-03 18:21 568 --ah----- C:\Windows\nod32fixtemdono.reg
2008-08-10 12:17 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-08-10 12:15 . 2008-08-10 12:15 <DIR> d-------- C:\Program Files\Panda Security
2008-08-10 02:09 . 2008-08-10 02:09 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-08-10 02:09 . 2008-08-10 02:09 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-08-10 02:07 . 2007-07-20 00:57 267,112 --a------ C:\Windows\System32\xactengine2_9.dll
2008-08-10 02:07 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
2008-08-10 02:07 . 2007-07-20 00:54 18,280 --a------ C:\Windows\System32\x3daudio1_2.dll
2008-08-10 01:49 . 2008-08-10 01:49 <DIR> d-------- C:\Users\All Users\RoboForm
2008-08-10 01:49 . 2008-08-10 01:49 <DIR> d-------- C:\ProgramData\RoboForm
2008-08-10 01:48 . 2008-08-10 01:48 <DIR> d-------- C:\Program Files\Siber Systems
2008-08-10 01:28 . 2008-08-10 02:10 <DIR> d-------- C:\Program Files\The Witcher
2008-08-10 01:26 . 2008-08-10 11:09 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-08-10 01:26 . 2008-08-10 01:26 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-10 01:17 . 2008-08-10 01:17 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-08-10 01:16 . 2008-08-10 01:16 <DIR> d-------- C:\Users\Charles\AppData\Roaming\DAEMON Tools
2008-08-08 17:53 . 2008-08-08 17:53 <DIR> d-------- C:\Users\Charles\AppData\Roaming\Malwarebytes
2008-08-08 17:53 . 2008-08-08 17:53 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-08 17:53 . 2008-08-08 17:53 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-08 17:53 . 2008-08-08 17:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-08 15:08 . 2008-08-08 15:12 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-08 15:08 . 2008-08-08 15:12 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-08 15:01 . 2008-08-08 15:09 <DIR> d-------- C:\Users\Charles\AppData\Roaming\Lavasoft
2008-08-08 15:00 . 2008-08-08 15:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-06 23:15 . 2008-08-08 14:25 <DIR> d-------- C:\Program Files\ESET
2008-08-06 21:54 . 2008-08-06 21:54 <DIR> d-------- C:\Users\All Users\ESET
2008-08-06 21:54 . 2008-08-06 21:54 <DIR> d-------- C:\ProgramData\ESET
2008-08-04 18:04 . 2008-08-10 13:10 779 --a------ C:\Windows\System32\bscs.ini
2008-08-04 17:33 . 2008-08-04 17:33 143,450 --a------ C:\Windows\System32\BsCommon.dll
2008-08-03 14:51 . 2008-05-09 20:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
2008-08-03 14:51 . 2008-05-09 15:22 9,127 --a------ C:\Windows\System32\RacUR.xml
2008-08-03 14:51 . 2008-05-09 15:22 153 --a------ C:\Windows\System32\RacUREx.xml
2008-08-03 12:39 . 2008-08-09 17:44 <DIR> d-------- C:\Users\Charles\AppData\Roaming\Xfire
2008-08-03 12:39 . 2008-08-09 17:44 <DIR> d-------- C:\Users\All Users\Xfire
2008-08-03 12:39 . 2008-08-09 17:44 <DIR> d-------- C:\ProgramData\Xfire
2008-08-03 12:39 . 2008-08-03 12:39 <DIR> d-------- C:\Program Files\Xfire
2008-08-02 21:14 . 2008-08-02 21:14 <DIR> d-------- C:\Windows\Sun
2008-08-02 21:14 . 2008-08-02 21:14 <DIR> d-------- C:\Windows\.jagex_cache_32
2008-08-02 21:14 . 2008-08-02 21:20 23 --a------ C:\Users\Charles\jagex_runescape_preferences.dat
2008-08-02 20:34 . 2008-08-02 20:34 <DIR> d-------- C:\Program Files\Java
2008-08-02 20:32 . 2008-08-02 20:32 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-02 19:06 . 2008-08-06 00:07 23 --a------ C:\Windows\BlendSettings.ini
2008-08-02 01:48 . 2008-08-02 01:48 187 --a------ C:\Windows\_delis43.ini
2008-08-02 01:14 . 2008-08-10 12:46 <DIR> d-------- C:\Program Files\Final Fantasy VII
2008-08-01 21:30 . 2008-08-01 21:30 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-08-01 15:58 . 2008-08-01 15:58 622,693 --a------ C:\Windows\System32\BSShell.dll
2008-08-01 15:58 . 2008-08-01 15:58 540,758 --a------ C:\Windows\System32\Bscdlg.dll
2008-08-01 15:58 . 2008-08-01 15:58 278,647 --a------ C:\Windows\System32\outlookAddin.dll
2008-08-01 15:58 . 2008-08-01 15:58 114,774 --a------ C:\Windows\System32\versit.dll
2008-08-01 15:58 . 2008-08-01 15:58 57,430 --a------ C:\Windows\System32\btfunc.dll
2008-08-01 15:57 . 2008-08-01 15:57 520,307 --a------ C:\Windows\System32\BlueSoleilCSps.dll
2008-08-01 15:57 . 2008-08-01 15:57 114,788 --a------ C:\Windows\System32\BsProfileFunc.dll
2008-08-01 15:57 . 2008-08-01 15:57 94,314 --a------ C:\Windows\System32\BsHelpCSps.dll
2008-08-01 15:56 . 2008-08-01 15:56 225,364 --a------ C:\Windows\System32\BsSDK.dll
2008-08-01 15:56 . 2008-08-01 15:56 98,403 --a------ C:\Windows\System32\Bs2Res.dll
2008-08-01 15:56 . 2008-08-01 15:56 28,766 --a------ C:\Windows\System32\PlayerCtrl.dll
2008-08-01 15:55 . 2008-08-01 15:55 118,880 --a------ C:\Windows\System32\BsMobileSDK.dll
2008-08-01 15:55 . 2008-08-01 15:55 28,760 --a------ C:\Windows\System32\BsTrace.dll
2008-08-01 15:55 . 2008-08-01 15:55 28,672 --a------ C:\Windows\System32\BsMobileCSps.dll
2008-08-01 15:46 . 2008-08-01 15:46 17,907,824 --a------ C:\Windows\System32\BsLangInDepRes.dll
2008-08-01 15:46 . 2008-08-01 15:46 65,536 --a------ C:\Windows\System32\BsVistaCommon.dll
2008-08-01 06:52 . 2008-08-01 06:52 <DIR> d-------- C:\NVIDIA
2008-08-01 00:25 . 2008-08-14 23:58 <DIR> d-------- C:\Users\Charles\AppData\Roaming\Hamachi
2008-07-31 23:26 . 2008-07-31 23:26 <DIR> d-------- C:\Users\Charles\WoW-BurningCrusade-enUS-Slim-Installer
2008-07-31 23:24 . 2008-07-31 23:24 <DIR> d-------- C:\Users\Charles\Bluetooth Software
2008-07-31 23:15 . 2008-08-01 01:12 <DIR> d-------- C:\Program Files\World of Warcraft
2008-07-31 22:34 . 2008-07-31 22:34 <DIR> d-------- C:\Program Files\WIDCOMM
2008-07-31 14:17 . 2007-04-04 18:55 261,480 --a------ C:\Windows\System32\xactengine2_7.dll
2008-07-31 14:17 . 2007-01-24 15:27 255,848 --a------ C:\Windows\System32\xactengine2_6.dll
2008-07-31 14:17 . 2006-12-08 12:02 251,672 --a------ C:\Windows\System32\xactengine2_5.dll
2008-07-31 14:17 . 2006-09-28 16:05 237,848 --a------ C:\Windows\System32\xactengine2_4.dll
2008-07-31 14:17 . 2006-07-28 09:30 236,824 --a------ C:\Windows\System32\xactengine2_3.dll
2008-07-31 14:17 . 2007-03-05 12:42 15,128 --a------ C:\Windows\System32\x3daudio1_1.dll
2008-07-31 14:16 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-07-31 14:15 . 2008-08-05 08:27 136,888 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-07-31 14:15 . 2008-07-31 14:15 22,328 --a------ C:\Users\Charles\AppData\Roaming\PnkBstrK.sys
2008-07-31 14:14 . 2008-08-05 08:27 111,928 --a------ C:\Windows\System32\PnkBstrB.exe
2008-07-31 14:14 . 2008-07-31 14:18 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-07-31 14:14 . 2008-07-31 14:14 319 --a------ C:\Windows\game.ini
2008-07-31 13:56 . 2008-07-31 13:56 <DIR> d-------- C:\Program Files\Activision
2008-07-31 13:54 . 2008-07-31 13:54 <DIR> d--hs---- C:\Windows\ftpcache
2008-07-31 13:44 . 2008-08-01 07:00 <DIR> d-------- C:\Users\All Users\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 22:00 --------- d-----w C:\Program Files\Windows Mail
2008-07-31 08:34 174 --sha-w C:\Program Files\desktop.ini
2008-07-31 08:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-31 08:25 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-31 08:25 --------- d-----w C:\Program Files\Windows Journal
2008-07-31 08:25 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-31 08:25 --------- d-----w C:\Program Files\Windows Calendar
2008-07-31 08:24 --------- d-----w C:\Program Files\Windows Defender
2008-07-31 08:14 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-31 08:14 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-31 05:45 --------- d-----w C:\Program Files\MSBuild
2008-07-30 07:56 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-30 07:56 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-30 07:56 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-30 07:56 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-10 01:28 20,496 ----a-w C:\Windows\system32\drivers\klim6.sys
2008-07-02 21:58 15,368 ----a-w C:\Windows\System32\btinstall.dll
2008-06-27 08:40 335,872 ----a-w C:\Windows\system32\drivers\RTL8187.sys
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-05 01:30 9,728 ----a-w C:\Windows\System32\BsMonUI.dll
2008-06-05 01:30 53,248 ----a-w C:\Windows\System32\HtmPrintHelper.dll
2008-06-05 01:30 405,589 ----a-w C:\Windows\System32\BsUI.dll
2008-06-05 01:30 18,432 ----a-w C:\Windows\System32\BsMonSvr.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-16 18:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-07-29 22:25 219952]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-17 05:20 490952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-04-01 12:44 49152]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-19 23:36 36864]
"iolo Startup"="C:\Program Files\iolo\Common\Lib\ioloLManager.exe" [2008-05-22 14:38 307568]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-02 09:32 1261568]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-07-26 12:48 13576736]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"Ai Nap"="C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-12-10 21:49 1412608]
"CPU Power Monitor"="C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 11:35 626176]
"Cpu Level Up help"="C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 20:03 881152]

C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2010-01-01 18:21:29 624416]
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2008-07-29 22:59:03 1222144]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-04-12 10:37:48 643133]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_Dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HM3 Agent]
--a------ 2008-05-27 15:28 967680 C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3201450658-3788360155-2186558837-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C22038A4-8F31-4A86-8FF2-4BAC6C210B31}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{0FE34792-748C-41AE-A5E2-E40A45F27556}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{EDE574AF-FD27-486F-8F6B-F100C5376221}C:\\program files\\trillian\\trillian.exe"= UDP:C:\program files\trillian\trillian.exe:Trillian
"UDP Query User{0B146D4C-6E64-49E8-912D-1F0BCCE73357}C:\\program files\\trillian\\trillian.exe"= TCP:C:\program files\trillian\trillian.exe:Trillian
"{42BA4692-C9A6-4D52-801B-758E18CFE5C2}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{5A3D13EF-FFDD-4630-825E-D7E1FD79BA84}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{39ED498D-D5C8-4AEE-BD0D-6D529EB06E9A}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{7F1EBB73-DEC5-4D11-9584-43043FECE810}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{5828154D-3A45-4657-BE88-038D46F60A1E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E029D38D-8897-4D33-AEFA-C8831BB4E202}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{595B8549-F248-4E77-B952-60815D2E3329}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F139C02A-B92B-4D5C-8D65-DCC8E19733F5}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6D2BDBC0-F593-4B3D-9631-0132A028B036}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{87ED2C2B-4628-4B05-BF67-A1A388A36B33}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{2F8EF469-DEBF-4EA1-A088-8CF2737DF3EA}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{A0B378B1-5DE8-42B3-B40E-371CCBF52B34}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{6AA354EA-DBC2-4B51-9A71-BD9D6694ED62}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{288DB32D-F8B7-4262-91C6-FE8AA6F9634E}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{1D85DCEB-AA32-4348-8566-E89178E8C164}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{15CA602D-A3EF-4EFD-AF0D-5D4EDBC4127F}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{2BE42F1E-FB88-48BF-8E5D-661E5D234990}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{248CD53E-A646-4603-829E-79FD184CB784}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{B3F304D5-BF52-4B14-ABE8-C6052614C06D}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{8BB9B758-AF47-4949-A0E7-C9E862085494}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{EE253006-AFE9-488B-AD17-78AC194B1BB4}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"{604CF0BD-5AD4-424F-848A-E37C59996374}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3E702200-CF44-465A-9871-B8AE0AB5A278}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DF174D76-26FF-4588-ADB2-91209C4230D9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B6092BBF-8ECB-4B39-B076-D9691E2D3CCD}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2008-04-17 10:45]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 18:28]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-02 10:57]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-05 15:44]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-19 00:33]
R3 3xHybrid;SAA713x TV Card Service;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-07-06 20:00]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\system32\regedt32.exe [2006-11-02 02:45]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2008-06-27 01:40]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-11 14:53]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13aee98d-5e5d-11dd-a72e-101111111111}]
\shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{146a0479-5e69-11dd-8aa9-806e6f6e6963}]
\shell\AutoRun\command - E:\.\Bin\Assetup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-11 C:\Windows\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]

2008-08-15 C:\Windows\Tasks\RtlVistaStart.job
- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [2007-04-03 10:30]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 00:01:49
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-15 0:02:31
ComboFix-quarantined-files.txt 2008-08-15 07:02:28
ComboFix2.txt 2008-08-12 19:16:15

Pre-Run: 383,431,335,936 bytes free
Post-Run: 383,395,319,808 bytes free

313 --- E O F --- 2008-08-15 01:23:25

[Ried]

File received, thank you. You may delete the [4]-Submit_2008-08-15@0.00.zip from your desktop.

I don't know why the online scan would cause a shut down. It's the first I've heard of Kaspersky causing such an issue. Did you have your onboard AV disabled during the scan?

Try this scanner and see if it will complete for you:

Perform an online scan with Panda ActiveScan

• Click on Scan Your PC Now
• A "pop up" window will appear, or a new tab will open.
• Click on Register
• Choose the option you like most, but we recommend the Free Registration.
• Click on Register
• Enter your e-mail address, and create a password.
• Select "I do not want to receive any type of information". (unless you want to receive such information)
• Click on Send
• Confirm registration, and continue by entering your user name and password, then click on Enter
• Select Full Scan, then Click on Scan Now
• Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  
• If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
• Please ignore the offer to buy the program. Click on Export To
  
• Export the log and save it to your desktop.
• Please attach the contents of that log in your next reply.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

[Darkfox3393]

Kay this has happened before with this scanner. The online ones aren't working to well for me. It just paused on 88% but it did detect some infections. I left it for at least 4-5 hours. I also made sure I had no antivirus running in the background. I'll attach the picture.

[Ried]

Let's do this:

On your keyboard, press the Windows Logo key and the letter R to bring up the Run command box.

Copy/paste the following into the Run box and click OK:

ComboFix /u

Now try the Panda scan again.

[Darkfox3393]

Okay well at least its finished but this time it didn't detect anything.

[Ried]

Good. What Panda was likely seeing in the first scan, were quarantined backups created during the course of this fix, and items located in C:\System Volume Information\, which is where System Restore's cache is stored. Uninstalling ComboFix removed those backups and reset your System Restore.

Your logs are clean. To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.

[Darkfox3393]

Well I guess I should carry this problem into another thread but my computer is still having startup/shutdown issues, that only started occurring after the virus. This includes:

When I click restart, my computer freezing during vista loading screen on bootup. So I have to manually press the reset button to restart my computer.

Startup takes about 2 minutes anyways.

[Ried]

As I'm not finding any more malware, nor are the scanners, that may be your last recourse.

You mentioned that you used many tools trying to fix this yourself before posting here. To try to narrow down what is causing the remaining issues would be like finding a needle in a haystack.

Quote:

In system mechanic, it tells me my hard drive has errors (hopefully this is from virus and can be fixed).

Have you run chkdsk?

[Darkfox3393]

yeah still gettin little flaws.Ill try some more stuff. I think you can go ahead and call this resolved.