can't install software. need HELP!

Unknown

i'm trying to install SPSS software, but this msg keeps popping out.

Java Virtual machine launcher - coul not find main class. program will exit.



Any idea on how to fix it? Any help would be appreciated. Thanks,

i've tried to scan with lavasoft ad.aware but the msg keeps popping out.


Logfile of HijackThis v1.99.1
Scan saved at 7:45:00 AM, on 3/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Nakido\nakido.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Installer\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe

Katana

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. Please Read All Instructions Carefully
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you
4. Please continue to respond until I give you the "All Clear"
   (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

---

Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

nashwa

tanx for your reply.
this is my log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by n@shw@ at 2009-04-01 18:19:33
Microsoft Windows XP Professional Service Pack 2
System drive C: has 24 GB (59%) free of 40 GB
Total RAM: 502 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:10 PM, on 4/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nakido\nakido.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\n@shw@\Desktop\RSIT.exe
C:\Program Files\trend micro\n@shw@.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe

--
End of file - 8519 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-06 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-11-26 2193280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-11-28 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-06-18 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-25 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-11-26 2193280]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-13 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-13 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-13 138008]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-03-23 131072]
"DrvIcon"=C:\Program Files\Vista Drive Icon\DrvIcon.exe [2007-07-05 45056]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-11 206088]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-31 761946]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-05 515416]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-25 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe [2008-05-20 2474031]
"fsm"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
"RocketDock"=C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-28 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe [2004-09-03 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
C:\Program Files\Software Informer\softinfo.exe [2008-11-24 1359941]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe [2006-11-27 97357]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-28 68856]

C:\Documents and Settings\n@shw@\Start Menu\Programs\Startup
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-05 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Nakido\nakido.exe"="C:\Program Files\Nakido\nakido.exe:*:Enabled:Nakido"
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 8.0.0.358\English\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 8.0.0.358\English\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup"
"C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe"="C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1033)"
"C:\Program Files\SPSSInc\SPSS16\spss.com"="C:\Program Files\SPSSInc\SPSS16\spss.com:*:Disabled:SPSS 16.0 for Windows (1033:com)"
"C:\Program Files\SPSSInc\SPSS16\spss.exe"="C:\Program Files\SPSSInc\SPSS16\spss.exe:*:Disabled:SPSS 16.0 for Windows (1033:exe)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005bca3e-dd4d-11dd-9cc9-0016d31e6516}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c4a68fe-1678-11de-9d34-0016d31e6516}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c4a68ff-1678-11de-9d34-0016d31e6516}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe


======List of files/folders created in the last 1 months======

2009-04-01 18:19:37 ----D---- C:\Program Files\trend micro
2009-04-01 18:19:33 ----D---- C:\rsit
2009-03-25 07:36:57 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-25 07:36:57 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-25 07:36:57 ----A---- C:\WINDOWS\system32\java.exe
2009-03-24 22:43:37 ----D---- C:\Documents and Settings\All Users\Application Data\SPSS
2009-03-24 22:43:36 ----D---- C:\Program Files\Common Files\SPSS
2009-03-24 22:25:14 ----D---- C:\Program Files\Common Files\Java
2009-03-24 21:10:22 ----D---- C:\WINDOWS\system32\appmgmt
2009-03-24 20:50:20 ----A---- C:\WINDOWS\system32\prsgrc.dll
2009-03-24 20:50:20 ----A---- C:\WINDOWS\system32\grcauth2.dll
2009-03-24 20:50:20 ----A---- C:\WINDOWS\system32\grcauth1.dll
2009-03-24 20:49:48 ----D---- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
2009-03-24 20:47:17 ----D---- C:\Program Files\SPSSInc
2009-03-24 20:47:03 ----A---- C:\WINDOWS\system32\sysprs7.dll
2009-03-24 20:47:03 ----A---- C:\WINDOWS\system32\lsprst7.dll
2009-03-22 08:40:32 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-03-22 08:39:20 ----D---- C:\Program Files\MONOGRAM AMR SplitterDecoder
2009-03-22 08:39:12 ----D---- C:\Program Files\CD Audio Reader Filter
2009-03-22 08:39:07 ----D---- C:\Program Files\DScaler5
2009-03-22 08:38:48 ----D---- C:\Program Files\OpenSource Flash Video Splitter
2009-03-22 08:38:35 ----D---- C:\Program Files\RealMedia
2009-03-22 08:36:53 ----D---- C:\Program Files\SHOUTcast Source
2009-03-22 08:36:44 ----D---- C:\Program Files\Haali
2009-03-22 08:36:26 ----D---- C:\Program Files\DSP-worx
2009-03-22 08:35:59 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2009-03-22 08:34:39 ----D---- C:\Program Files\DirectVobSub
2009-03-22 08:34:01 ----D---- C:\Program Files\Zoom Player
2009-03-22 08:34:01 ----D---- C:\Documents and Settings\All Users\Application Data\Zoom Player
2009-03-19 16:51:07 ----D---- C:\Program Files\Java
2009-03-08 20:48:20 ----D---- C:\Program Files\NCH Software
2009-03-08 20:29:10 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2009-03-08 20:29:08 ----D---- C:\Documents and Settings\n@shw@\Application Data\NCH Swift Sound
2009-03-08 20:28:52 ----D---- C:\Program Files\NCH Swift Sound

======List of files/folders modified in the last 1 months======

2009-04-01 18:20:09 ----D---- C:\WINDOWS\Temp
2009-04-01 18:19:37 ----RD---- C:\Program Files
2009-04-01 18:19:33 ----D---- C:\WINDOWS\Prefetch
2009-04-01 18:17:51 ----D---- C:\Documents and Settings\n@shw@\Application Data\Free Download Manager
2009-04-01 17:54:52 ----D---- C:\Program Files\Mozilla Firefox
2009-04-01 17:41:34 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-04-01 17:40:46 ----D---- C:\Program Files\Nakido
2009-03-31 10:37:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-31 10:35:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-25 07:37:04 ----SHD---- C:\WINDOWS\Installer
2009-03-25 07:36:57 ----D---- C:\WINDOWS\system32
2009-03-25 07:36:28 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-24 22:43:36 ----D---- C:\Program Files\Common Files
2009-03-22 08:40:43 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-21 17:21:10 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-21 17:21:02 ----D---- C:\Program Files\Common Files\Adobe
2009-03-21 17:20:48 ----D---- C:\Program Files\Adobe
2009-03-20 21:30:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-20 21:30:15 ----D---- C:\WINDOWS\system32\drivers
2009-03-09 16:14:00 ----RSD---- C:\WINDOWS\Fonts
2009-03-09 16:10:48 ----D---- C:\Downloads
2009-03-05 07:22:57 ----D---- C:\WINDOWS
2009-03-05 07:19:34 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-05 07:18:41 ----A---- C:\WINDOWS\system32\lsdelete.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-11 213520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-02-28 60800]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-09-21 1123328]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-11-03 157696]
R3 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-08-24 594432]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-21 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-21 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-05 5761728]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-02-28 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2006-02-28 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-31 193056]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-21 730112]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-11 206088]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-03-15 135168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-25 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-15 951632]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-12-18 73728]
R2 Nakido;Nakido; C:\Program Files\Nakido\nakido.e [2009-03-31 65536]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-11-27 72704]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

---

EOF

---

and this is the info.txt

info.txt logfile of random's system information tool 1.06 2009-04-01 18:20:13

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Canon iP1200-->C:\WINDOWS\system32\CNMCP76.exe "-PRINTERNAMECanon iP1200" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Canon iP1600-->C:\WINDOWS\system32\CNMCP75.exe "-PRINTERNAMECanon iP1600" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
CD Audio Reader Filter (remove only)-->"C:\Program Files\CD Audio Reader Filter\uninstall.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -Iwis30B5a.INF
DC-Bass Source 1.1.1-->"C:\Program Files\DSP-worx\DC-Bass Source\Uninstall.exe"
DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DScaler 5 Mpeg Decoders-->"C:\Program Files\DScaler5\unins000.exe"
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Feeding Frenzy 2-->C:\PROGRA~1\GAMEHO~1\FEEDIN~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\FEEDIN~1\INSTALL.LOG
ffdshow [rev 2527] [2008-12-19]-->"C:\Program Files\Ringz Studio\Storm Codec\Codecs\unins000.exe"
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_SprtHD5m\UIU32m.exe -U -ISprtHD5m.inf
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Quick Launch Buttons 6.00 G2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Japanese Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-900000000003}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MONOGRAM AMR Splitter/Decoder (remove only)-->"C:\Program Files\MONOGRAM AMR SplitterDecoder\uninstall.exe"
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nakido-->C:\Program Files\Nakido\Uninstall.exe
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
OpenSource Flash Video Splitter (remove only)-->"C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
RealMedia (remove only)-->"C:\Program Files\RealMedia\uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\SETUP.EXE" -l0x9 anything
SHOUTcast Source (remove only)-->"C:\Program Files\SHOUTcast Source\uninstall.exe"
SmartAudio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}\setup.exe" -l0x9 -removeonly
Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe"
SPSS 16.0 for Windows-->MsiExec.exe /X{621025AE-3510-478E-BC27-1A647150976F}
Storm Codec-->C:\Program Files\Ringz Studio\Storm Codec\uninst7.01.19.exe
SureThing CD Labeler 4 SE-->C:\WINDOWS\mvuninst\App1\mvuninst.exe "SureThing CD Labeler 4 SE"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Vista Drive Icon 1.3-->C:\Program Files\Vista Drive Icon\uninst.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
Zoom Player (remove only)-->"C:\Program Files\Zoom Player\uninstall.exe"

======Security center information======

AV: Kaspersky Internet Security
FW: Kaspersky Internet Security

======System event log======

Computer Name: NASHWA
Event Code: 10010
Message: The server {49BD2028-1523-11D1-AD79-00C04FD8FDFF} did not register with DCOM within the required timeout.

Record Number: 2615
Source Name: DCOM
Time Written: 20090121161507.000000+480
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: NASHWA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 2497
Source Name: Tcpip
Time Written: 20090118214130.000000+480
Event Type: warning
User:

Computer Name: NASHWA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 2496
Source Name: Tcpip
Time Written: 20090118211849.000000+480
Event Type: warning
User:

Computer Name: NASHWA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 2474
Source Name: Tcpip
Time Written: 20090118191316.000000+480
Event Type: warning
User:

Computer Name: NASHWA
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001A7317624B. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 2429
Source Name: Dhcp
Time Written: 20090118102715.000000+480
Event Type: warning
User:

=====Application event log=====

Computer Name: NASHWA
Event Code: 1001
Message: Fault bucket 1001666645.

Record Number: 616
Source Name: Application Hang
Time Written: 20090103213228.000000+480
Event Type: error
User:

Computer Name: NASHWA
Event Code: 1002
Message: Hanging application YahooMessenger.exe, version 9.0.0.2034, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 615
Source Name: Application Hang
Time Written: 20090103213213.000000+480
Event Type: error
User:

Computer Name: NASHWA
Event Code: 1001
Message: Fault bucket 1003013240.

Record Number: 614
Source Name: Application Error
Time Written: 20090103213130.000000+480
Event Type: error
User:

Computer Name: NASHWA
Event Code: 1000
Message: Faulting application yahoomessenger.exe, version 9.0.0.2034, faulting module yahoomessenger.exe, version 9.0.0.2034, fault address 0x0037009d.

Record Number: 613
Source Name: Application Error
Time Written: 20090103213118.000000+480
Event Type: error
User:

Computer Name: NASHWA
Event Code: 1517
Message: Windows saved user NASHWA\n@shw@ registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 596
Source Name: Userenv
Time Written: 20090102000941.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

---

EOF

---

i really appreciate your help!!

Katana

There doesn't appear to be any infection, and I suspect that the problem is caused by a corrupt install of Java.
Lets try the easy route first.



Please download Java SE Runtime Environment (JRE) . ( don't install it yet )

• Scroll down to where it says "Java SE Runtime Environment (JRE)".
• Click the "Download" button to the right.
• • Platform = Windows
  • Language = Multi Language
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Now download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location.

Remove Programs

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,
click on the program to highlight it, and click on remove.

• Java(TM) 6 Update 13

Now close the Control Panel.

Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)

Please let me know if that sorts the problem (or not)

nashwa

hi. tnx for your reply.
i can't use the link for Java SE Runtime Environment (JRE) .

u mean that first i have to intall the javaRa right?

Katana

nashwa wrote:

hi. tnx for your reply.
i can't use the link for Java SE Runtime Environment (JRE) .

u mean that first i have to intall the javaRa right?

What happens when you click the Java link ?

JavaRa doesn't install anything, it removes older versions of Java.

nashwa

hi. i've tried to remove first with javaRa then i donwloaded the javaSE. unfortunately the problem does not solved...

Katana

Let's make sure that there is no infection hiding.


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
• If requested, please reboot
  
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK

• Click the Scan Now button
• Follow the prompts to install the Active X if necessary
• Go and make a cup of tea/coffee/beverage of your choice and watch some TV
• When the scan is finished, a report will be generated
• Next to Scan Details click the small export to notepad button and save the report to your desktop.
• Please post the report in your reply.

nashwa

hi. tnx for your reply

Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.35
Database version: 1936
Windows 5.1.2600 Service Pack 2

4/3/2009 9:12:17 PM
mbam-log-2009-04-03 (21-12-17).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 125289
Time elapsed: 28 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







Active Scan

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-04-03 22:48:39
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Internet Security 8.0.0.454 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\n@shw@\Cookies\n@shw@@ad.yieldmanager[1].txt
00375120 Adware/Borlander Adware No 0 Yes No C:\Program Files\Ringz Studio\Storm Codec\stormupd.dll
03587590 Adware/Yassist Adware No 0 No No C:\Downloads\Software\DivXWebPlayerInstaller.exe[²ÇÇ\y_toolbar.exe][²èÇ]
;===================================================================================================================================================================================
SUSPECTS
Sent Location N
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description N
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 N
184379 MEDIUM MS08-001 N
182048 HIGH MS07-069 N
182046 HIGH MS07-067 N
182043 HIGH MS07-064 N
179553 HIGH MS07-061 N
176382 HIGH MS07-057 N
176383 HIGH MS07-058 N
170911 HIGH MS07-050 N
170907 HIGH MS07-046 N
170906 HIGH MS07-045 N
170904 HIGH MS07-043 N
164915 HIGH MS07-035 N
164913 HIGH MS07-033 N
164911 HIGH MS07-031 N
160623 HIGH MS07-027 N
157262 HIGH MS07-022 N
157261 HIGH MS07-021 N
157260 HIGH MS07-020 N
157259 HIGH MS07-019 N
156477 HIGH MS07-017 N
150253 HIGH MS07-016 N
150249 HIGH MS07-013 N
150248 HIGH MS07-012 N
150247 HIGH MS07-011 N
150243 HIGH MS07-008 N
150242 HIGH MS07-007 N
150241 MEDIUM MS07-006 N
141034 HIGH MS06-076 N
141033 MEDIUM MS06-075 N
141030 HIGH MS06-072 N
137571 HIGH MS06-070 N
137568 HIGH MS06-067 N
133387 MEDIUM MS06-065 N
133386 MEDIUM MS06-064 N
133385 MEDIUM MS06-063 N
133379 HIGH MS06-057 N
131654 HIGH MS06-055 N
129977 MEDIUM MS06-053 N
129976 MEDIUM MS06-052 N
126093 HIGH MS06-051 N
126092 MEDIUM MS06-050 N
126087 HIGH MS06-046 N
126086 MEDIUM MS06-045 N
126083 HIGH MS06-042 N
126082 HIGH MS06-041 N
126081 HIGH MS06-040 N
123421 HIGH MS06-036 N
123420 HIGH MS06-035 N
120825 MEDIUM MS06-032 N
120823 MEDIUM MS06-030 N
120818 HIGH MS06-025 N
120815 HIGH MS06-022 N
120814 HIGH MS06-021 N
117384 MEDIUM MS06-018 N
114666 HIGH MS06-015 N
114664 HIGH MS06-013 N
108744 MEDIUM MS06-008 N
108743 MEDIUM MS06-007 N
108742 MEDIUM MS06-006 N
104567 HIGH MS06-002 N
104237 HIGH MS06-001 N
96574 HIGH MS05-053 N
93395 HIGH MS05-051 N
93394 HIGH MS05-050 N
93454 MEDIUM MS05-049 N
;===================================================================================================================================================================================



i appreciate your help

Katana

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

• You must download it to and run it from your Desktop
  
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  
• Double click combofix.exe & follow the prompts.
  
• When finished, it will produce a log. Please save that log to post in your next reply
  
• Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

How are things running now ?

nashwa

Katana wrote:

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

• You must download it to and run it from your Desktop
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply
• Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

How are things running now ?

i wonder, what do you mean by "STOP all your monitoring programs"?

Katana

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)

It means
Stop/disable your AntiVirus program
Stop/disable your AntiSpyware program
Stop/disable any other security/monitoring program

nashwa

hi. tanx for your concern.

this is the log after i ran the comboFix

ComboFix 09-04-04.01 - n@shw@ 2009-04-05 8:41:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.185 [GMT 8:00]
Running from: c:\documents and settings\n@shw@\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lsprst7.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\pthreadGC2.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-05 to 2009-04-05 )))))))))))))))))))))))))))))))
.

2009-04-03 21:16 . 2008-06-19 16:24 28,544 --a

---

c:\windows\system32\drivers\pavboot.sys
2009-04-03 21:15 . 2009-04-03 21:15 <DIR> d

---

c:\program files\Panda Security
2009-04-03 20:43 . 2009-04-03 20:43 <DIR> d

---

c:\documents and settings\n@shw@\Application Data\Malwarebytes
2009-04-03 20:43 . 2009-04-03 20:43 <DIR> d

---

c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 20:31 . 2009-04-02 20:31 73,728 --a

---

c:\windows\system32\javacpl.cpl
2009-04-02 20:30 . 2009-04-02 20:30 <DIR> d

---

c:\program files\Java
2009-04-01 23:45 . 2009-04-01 23:45 664 --a

---

c:\windows\system32\d3d9caps.dat
2009-04-01 18:19 . 2009-04-01 18:20 <DIR> d

---

C:\rsit
2009-04-01 18:19 . 2009-04-01 18:20 <DIR> d

---

c:\program files\trend micro
2009-03-24 23:18 . 2009-03-24 23:18 <DIR> d

---

c:\documents and settings\n@shw@\.spss
2009-03-24 22:43 . 2009-03-24 22:43 <DIR> d

---

c:\program files\Common Files\SPSS
2009-03-24 22:43 . 2009-03-24 22:43 <DIR> d

---

c:\documents and settings\All Users\Application Data\SPSS
2009-03-24 22:25 . 2009-03-24 22:25 <DIR> d

---

c:\program files\Common Files\Java
2009-03-24 20:50 . 2009-03-24 20:50 1,024 --a

---

c:\windows\system32\grcauth2.dll
2009-03-24 20:50 . 2009-03-24 20:50 1,024 --a

---

c:\windows\system32\grcauth1.dll
2009-03-24 20:50 . 2009-03-24 22:46 114 --a

---

c:\windows\system32\prsgrc.tgz
2009-03-24 20:49 . 2009-03-24 20:49 <DIR> d

---

c:\documents and settings\All Users\Application Data\SafeNet Sentinel
2009-03-24 20:47 . 2009-03-24 20:47 <DIR> d

---

c:\program files\SPSSInc
2009-03-24 20:47 . 2009-03-24 20:47 1,025 --a

---

c:\windows\system32\sysprs7.tgz
2009-03-24 20:47 . 2009-03-24 20:47 1,025 --a

---

c:\windows\system32\sysprs7.dll
2009-03-24 20:47 . 2009-03-24 22:43 219 --a

---

c:\windows\system32\lsprst7.tgz
2009-03-24 20:47 . 2009-03-24 22:43 16 ---h

---

c:\windows\system32\servdat.slm
2009-03-24 14:46 . 2009-03-24 22:42 0 --a

---

C:\law.sp
2009-03-22 08:40 . 2006-02-28 20:00 221,184 --a

---

c:\windows\system32\wmpns.dll
2009-03-22 08:39 . 2009-03-22 08:39 <DIR> d

---

c:\program files\MONOGRAM AMR SplitterDecoder
2009-03-22 08:39 . 2009-03-22 08:39 <DIR> d

---

c:\program files\DScaler5
2009-03-22 08:39 . 2009-03-22 08:39 <DIR> d

---

c:\program files\CD Audio Reader Filter
2009-03-22 08:38 . 2009-03-22 08:38 <DIR> d

---

c:\program files\RealMedia
2009-03-22 08:38 . 2009-03-22 08:38 <DIR> d

---

c:\program files\OpenSource Flash Video Splitter
2009-03-22 08:36 . 2009-03-22 08:36 <DIR> d

---

c:\program files\SHOUTcast Source
2009-03-22 08:36 . 2009-03-22 08:36 <DIR> d

---

c:\program files\Haali
2009-03-22 08:36 . 2009-03-22 08:36 <DIR> d

---

c:\program files\DSP-worx
2009-03-22 08:34 . 2009-03-22 08:34 <DIR> d

---

c:\program files\Zoom Player
2009-03-22 08:34 . 2009-03-22 08:34 <DIR> d

---

c:\program files\DirectVobSub
2009-03-22 08:34 . 2009-03-22 08:34 <DIR> d

---

c:\documents and settings\All Users\Application Data\Zoom Player
2009-03-20 21:30 . 2001-08-17 13:48 12,160 --a

---

c:\windows\system32\drivers\mouhid.sys
2009-03-20 21:30 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-03-20 21:29 . 2001-08-17 14:02 9,600 --a

---

c:\windows\system32\drivers\hidusb.sys
2009-03-20 21:29 . 2001-08-17 14:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-03-08 20:48 . 2009-03-08 20:48 <DIR> d

---

c:\program files\NCH Software
2009-03-08 20:29 . 2009-03-08 20:29 <DIR> d

---

c:\documents and settings\n@shw@\Application Data\NCH Swift Sound
2009-03-08 20:29 . 2009-03-08 20:29 <DIR> d

---

c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-03-08 20:28 . 2009-03-08 20:28 <DIR> d

---

c:\program files\NCH Swift Sound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 00:45

---

d

---

w c:\program files\Nakido
2009-04-05 00:45

---

d

---

w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-05 00:43 401,440 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-05 00:43 3,500 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-05 00:43 19,692 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-05 00:43 1,845,792 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-05 00:43

---

d

---

w c:\documents and settings\n@shw@\Application Data\Free Download Manager
2009-03-21 09:21

---

d

---

w c:\program files\Common Files\Adobe
2009-03-04 23:17 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-02-11 06:04 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
.

---

Sigcheck

---

2006-02-28 20:00 690176 3a5ee0514f56b1b775d7641cfba5ad37 c:\windows\system32\wininet.dll
2006-02-28 20:00 690176 3a5ee0514f56b1b775d7641cfba5ad37 c:\windows\system32\dllcache\wininet.dll

2006-02-28 20:00 974336 a5c1f2cf7c31874e66478910b43d6513 c:\windows\explorer.exe
2006-02-28 20:00 974336 a5c1f2cf7c31874e66478910b43d6513 c:\windows\system32\dllcache\explorer.exe

2006-02-28 20:00 100864 80cb133bd6c830e8ca7e90015e45c1cd c:\windows\system32\wuauclt.exe
2006-02-28 20:00 100864 80cb133bd6c830e8ca7e90015e45c1cd c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 630784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2007-07-05 45056]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-11 206088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-05 515416]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-02 148888]

c:\documents and settings\n@shw@\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-02 65536]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a

---

2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]

---

2004-09-03 16:58 65536 c:\program files\Ahead\ODD Toolkit\dvdtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a

---

2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a

---

2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
--a

---

2008-11-24 23:15 1359941 c:\program files\Software Informer\softinfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a

---

2006-11-27 02:30 97357 c:\program files\Ringz Studio\Storm Codec\StormSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a

---

2008-11-28 15:47 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nakido\\nakido.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 8.0.0.358\\English\\setup.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-21 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-04-03 28544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 951632]
R2 Nakido;Nakido;c:\program files\Nakido\nakido.exe [2008-09-19 320000]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005bca3e-dd4d-11dd-9cc9-0016d31e6516}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c4a68fe-1678-11de-9d34-0016d31e6516}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c4a68ff-1678-11de-9d34-0016d31e6516}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0cf199f-0314-11de-9d08-0016d31e6516}]
\shell\explore\Command - forever.exe
\shell\open\Command - forever.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-05 07:15]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-fsm - (no file)


.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.google.com.my/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\n@shw@\Application Data\Mozilla\Firefox\Profiles\r9yrstic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 08:45:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERS\S-1-5-21-1004336348-1659004503-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:e5,8d,7e,25,2b,d2,65,b1,35,ef,85,85,55,2d,de,85,ab,f0,66,6e,a3,
79,70,4e,e2,25,16,a4,61,0b,0e,f6,35,a9,ac,26,0e,34,bb,a0,4c,40,cf,d3,8f,0e,\
"rkeysecu"=hex:27,61,82,60,f3,e2,8a,e2,dc,1d,40,d3,1a,74,49,ca
.

---

Other Running Processes

---

.
c:\windows\system32\igfxsrvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-05 8:47:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-05 00:47:28

Pre-Run: 24,328,454,144 bytes free
Post-Run: 25,860,927,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

224

Katana

Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine.

Custom CFScript

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  

  http://icrontic.com/forum/showthread.php?p=679804#post679804
  Suspect::
  c:\windows\system32\wininet.dll
  c:\windows\explorer.exe
  c:\windows\system32\wuauclt.exe
  Registry::
  [-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0cf199f-0314-11de-9d08-0016d31e6516}]
  ADS::
  

• Save this as CFScript.txt and place it on your desktop.
  
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  
• When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper





Logs/Information to Post in Reply
Please post the following logs/Information in your reply

• Combofix Log
• How are things running now ?

nashwa

umm... sorry to ask, what do you mean by this?

"Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine."

Katana

Your log shows that you connect an external drive/storage using a USB connection.
Either a full hard drive, or a small portable memory stick
Please make sure that these are connected during any scans.

nashwa

hi. this is the combofix log

ComboFix 09-04-04.01 - n@shw@ 2009-04-07 16:18:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.179 [GMT 8:00]
Running from: c:\documents and settings\n@shw@\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\n@shw@\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 )))))))))))))))))))))))))))))))
.

2009-04-03 21:16 . 2008-06-19 16:24 28,544 --a

---

c:\windows\system32\drivers\pavboot.sys
2009-04-03 21:15 . 2009-04-03 21:15 <DIR> d

---

c:\program files\Panda Security
2009-04-03 20:43 . 2009-04-03 20:43 <DIR> d

---

c:\documents and settings\n@shw@\Application Data\Malwarebytes
2009-04-03 20:43 . 2009-04-03 20:43 <DIR> d

---

c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 20:31 . 2009-04-02 20:31 73,728 --a

---

c:\windows\system32\javacpl.cpl
2009-04-02 20:30 . 2009-04-02 20:30 <DIR> d

---

c:\program files\Java
2009-04-01 23:45 . 2009-04-01 23:45 664 --a

---

c:\windows\system32\d3d9caps.dat
2009-04-01 18:19 . 2009-04-01 18:20 <DIR> d

---

C:\rsit
2009-04-01 18:19 . 2009-04-01 18:20 <DIR> d

---

c:\program files\trend micro
2009-03-24 23:18 . 2009-04-06 20:21 <DIR> d

---

c:\documents and settings\n@shw@\.spss
2009-03-24 22:43 . 2009-03-24 22:43 <DIR> d

---

c:\program files\Common Files\SPSS
2009-03-24 22:43 . 2009-03-24 22:43 <DIR> d

---

c:\documents and settings\All Users\Application Data\SPSS
2009-03-24 22:25 . 2009-03-24 22:25 <DIR> d

---

c:\program files\Common Files\Java
2009-03-24 20:50 . 2009-03-24 20:50 1,024 --a

---

c:\windows\system32\grcauth2.dll
2009-03-24 20:50 . 2009-03-24 20:50 1,024 --a

---

c:\windows\system32\grcauth1.dll
2009-03-24 20:50 . 2009-03-24 22:46 114 --a

---

c:\windows\system32\prsgrc.tgz
2009-03-24 20:49 . 2009-03-24 20:49 <DIR> d

---

c:\documents and settings\All Users\Application Data\SafeNet Sentinel
2009-03-24 20:47 . 2009-03-24 20:47 <DIR> d

---

c:\program files\SPSSInc
2009-03-24 20:47 . 2009-03-24 20:47 1,025 --a

---

c:\windows\system32\sysprs7.tgz
2009-03-24 20:47 . 2009-03-24 20:47 1,025 --a

---

c:\windows\system32\sysprs7.dll
2009-03-24 20:47 . 2009-03-24 22:43 219 --a

---

c:\windows\system32\lsprst7.tgz
2009-03-24 20:47 . 2009-03-24 22:43 16 ---h

---

c:\windows\system32\servdat.slm
2009-03-24 14:46 . 2009-03-24 22:42 0 --a

---

C:\law.sp
2009-03-22 08:40 . 2006-02-28 20:00 221,184 --a

---

c:\windows\system32\wmpns.dll
2009-03-22 08:39 . 2009-03-22 08:39 <DIR> d

---

c:\program files\MONOGRAM AMR SplitterDecoder
2009-03-22 08:39 . 2009-03-22 08:39 <DIR> d

---

c:\program files\DScaler5
2009-03-22 08:39 . 2009-03-22 08:39 <DIR> d

---

c:\program files\CD Audio Reader Filter
2009-03-22 08:38 . 2009-03-22 08:38 <DIR> d

---

c:\program files\RealMedia
2009-03-22 08:38 . 2009-03-22 08:38 <DIR> d

---

c:\program files\OpenSource Flash Video Splitter
2009-03-22 08:36 . 2009-03-22 08:36 <DIR> d

---

c:\program files\SHOUTcast Source
2009-03-22 08:36 . 2009-03-22 08:36 <DIR> d

---

c:\program files\Haali
2009-03-22 08:36 . 2009-03-22 08:36 <DIR> d

---

c:\program files\DSP-worx
2009-03-22 08:34 . 2009-03-22 08:34 <DIR> d

---

c:\program files\Zoom Player
2009-03-22 08:34 . 2009-03-22 08:34 <DIR> d

---

c:\program files\DirectVobSub
2009-03-22 08:34 . 2009-03-22 08:34 <DIR> d

---

c:\documents and settings\All Users\Application Data\Zoom Player
2009-03-20 21:30 . 2001-08-17 13:48 12,160 --a

---

c:\windows\system32\drivers\mouhid.sys
2009-03-20 21:30 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-03-20 21:29 . 2001-08-17 14:02 9,600 --a

---

c:\windows\system32\drivers\hidusb.sys
2009-03-20 21:29 . 2001-08-17 14:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-03-08 20:48 . 2009-03-08 20:48 <DIR> d

---

c:\program files\NCH Software
2009-03-08 20:29 . 2009-03-08 20:29 <DIR> d

---

c:\documents and settings\n@shw@\Application Data\NCH Swift Sound
2009-03-08 20:29 . 2009-03-08 20:29 <DIR> d

---

c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-03-08 20:28 . 2009-03-08 20:28 <DIR> d

---

c:\program files\NCH Swift Sound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 08:19

---

d

---

w c:\documents and settings\n@shw@\Application Data\Free Download Manager
2009-04-07 08:16

---

d

---

w c:\program files\Nakido
2009-04-07 08:16

---

d

---

w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-07 08:14 409,632 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-07 08:14 3,528 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-07 08:14 19,776 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-07 08:14 1,856,544 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-02 12:31 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-21 09:21

---

d

---

w c:\program files\Common Files\Adobe
2009-03-04 23:18 15,688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-04 23:17 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-02-11 06:04 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
.

---

Sigcheck

---

2006-02-28 20:00 690176 3a5ee0514f56b1b775d7641cfba5ad37 c:\windows\system32\wininet.dll
2006-02-28 20:00 690176 3a5ee0514f56b1b775d7641cfba5ad37 c:\windows\system32\dllcache\wininet.dll

2006-02-28 20:00 974336 a5c1f2cf7c31874e66478910b43d6513 c:\windows\explorer.exe
2006-02-28 20:00 974336 a5c1f2cf7c31874e66478910b43d6513 c:\windows\system32\dllcache\explorer.exe

2006-02-28 20:00 100864 80cb133bd6c830e8ca7e90015e45c1cd c:\windows\system32\wuauclt.exe
2006-02-28 20:00 100864 80cb133bd6c830e8ca7e90015e45c1cd c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-05_ 8.46.36.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-05 00:31:46 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-07 08:05:27 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-04-05 00:31:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-04-07 08:05:27 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-04-07 08:16:15 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_398.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 630784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2007-07-05 45056]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-11 206088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-05 515416]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-02 148888]

c:\documents and settings\n@shw@\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-02 65536]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a

---

2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]

---

2004-09-03 16:58 65536 c:\program files\Ahead\ODD Toolkit\dvdtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a

---

2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a

---

2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
--a

---

2008-11-24 23:15 1359941 c:\program files\Software Informer\softinfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a

---

2006-11-27 02:30 97357 c:\program files\Ringz Studio\Storm Codec\StormSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a

---

2008-11-28 15:47 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nakido\\nakido.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 8.0.0.358\\English\\setup.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-21 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-04-03 28544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 951632]
R2 Nakido;Nakido;c:\program files\Nakido\nakido.exe [2008-09-19 320000]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005bca3e-dd4d-11dd-9cc9-0016d31e6516}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c4a68fe-1678-11de-9d34-0016d31e6516}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c4a68ff-1678-11de-9d34-0016d31e6516}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0cf199f-0314-11de-9d08-0016d31e6516}]
\shell\explore\Command - forever.exe
\shell\open\Command - forever.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-05 07:15]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.google.com.my/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\n@shw@\Application Data\Mozilla\Firefox\Profiles\r9yrstic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 16:20:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERS\S-1-5-21-1004336348-1659004503-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:e5,8d,7e,25,2b,d2,65,b1,35,ef,85,85,55,2d,de,85,ab,f0,66,6e,a3,
79,70,4e,e2,25,16,a4,61,0b,0e,f6,35,a9,ac,26,0e,34,bb,a0,4c,40,cf,d3,8f,0e,\
"rkeysecu"=hex:27,61,82,60,f3,e2,8a,e2,dc,1d,40,d3,1a,74,49,ca
.
Completion time: 2009-04-07 16:21:33
ComboFix-quarantined-files.txt 2009-04-07 08:21:30
ComboFix2.txt 2009-04-05 00:47:34

Pre-Run: 25,776,885,760 bytes free
Post-Run: 25,771,859,968 bytes free

210


tnx!

Katana

Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine.
Custom CFScript

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  

  Registry::
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0cf199f-0314-11de-9d08-0016d31e6516}]
  ADS::
  

• Save this as CFScript.txt and place it on your desktop.
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper





Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK

• Click the Scan Now button
• Follow the prompts to install the Active X if necessary
• Go and make a cup of tea/coffee/beverage of your choice and watch some TV
• When the scan is finished, a report will be generated
• Next to Scan Details click the small export to notepad button and save the report to your desktop.
• Please post the report in your reply.

nashwa

hi.
this is the combofix log

ComboFix 09-04-04.01 - n@shw@ 2009-04-08 22:37:37.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.243 [GMT 8:00]
Running from: c:\documents and settings\n@shw@\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\n@shw@\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.

2009-04-08 22:35 . 2006-03-02 23:42 73,728 --a

---

C:\pv.exe
2009-04-07 20:54 . 2004-08-03 23:10 19,328 --a

---

c:\windows\system32\drivers\WSTCODEC.SYS
2009-04-07 20:54 . 2004-08-03 23:10 19,328 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
2009-04-07 20:54 . 2004-08-04 00:56 16,384 --a

---

c:\windows\system32\ipsink.ax
2009-04-07 20:54 . 2004-08-04 00:56 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2009-04-07 20:54 . 2004-08-03 23:10 15,360 --a

---

c:\windows\system32\drivers\StreamIP.sys
2009-04-07 20:54 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\streamip.sys
2009-04-07 20:54 . 2004-08-03 23:10 11,136 --a

---

c:\windows\system32\drivers\SLIP.sys
2009-04-07 20:54 . 2004-08-03 23:10 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2009-04-07 20:54 . 2004-08-03 23:10 10,880 --a

---

c:\windows\system32\drivers\NdisIP.sys
2009-04-07 20:54 . 2004-08-03 23:10 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2009-04-07 20:54 . 2004-08-03 22:58 5,504 --a

---

c:\windows\system32\drivers\MSTEE.sys
2009-04-07 20:54 . 2004-08-03 22:58 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2009-04-07 17:03 . 2009-04-07 17:03 54,156 --ah

---

c:\windows\QTFont.qfn
2009-04-07 17:03 . 2009-04-07 17:03 1,409 --a

---

c:\windows\QTFont.for
2009-04-03 21:16 . 2008-06-19 16:24 28,544 --a

---

c:\windows\system32\drivers\pavboot.sys
2009-04-03 21:15 . 2009-04-03 21:15 <DIR> d

---

c:\program files\Panda Security
2009-04-03 20:43 . 2009-04-03 20:43 <DIR> d

---

c:\documents and settings\n@shw@\Application Data\Malwarebytes
2009-04-03 20:43 . 2009-04-03 20:43 <DIR> d

---

c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 20:31 . 2009-04-02 20:31 73,728 --a

---

c:\windows\system32\javacpl.cpl
2009-04-02 20:30 . 2009-04-02 20:30 <DIR> d

---

c:\program files\Java
2009-04-01 23:45 . 2009-04-01 23:45 664 --a

---

c:\windows\system32\d3d9caps.dat
2009-04-01 18:19 . 2009-04-01 18:20 <DIR> d

---

C:\rsit
2009-04-01 18:19 . 2009-04-01 18:20 <DIR> d

---

c:\program files\trend micro
2009-03-24 23:18 . 2009-04-06 20:21 <DIR> d

---

c:\documents and settings\n@shw@\.spss
2009-03-24 22:43 . 2009-03-24 22:43 <DIR> d

---

c:\program files\Common Files\SPSS
2009-03-24 22:43 . 2009-03-24 22:43 <DIR> d

---

c:\documents and settings\All Users\Application Data\SPSS
2009-03-24 22:25 . 2009-03-24 22:25 <DIR> d

---

c:\program files\Common Files\Java
2009-03-24 20:50 . 2009-03-24 20:50 1,024 --a

---

c:\windows\system32\grcauth2.dll
2009-03-24 20:50 . 2009-03-24 20:50 1,024 --a

---

c:\windows\system32\grcauth1.dll
2009-03-24 20:50 . 2009-03-24 22:46 114 --a

---

c:\windows\system32\prsgrc.tgz
2009-03-24 20:49 . 2009-03-24 20:49 <DIR> d

---

c:\documents and settings\All Users\Application Data\SafeNet Sentinel
2009-03-24 20:47 . 2009-03-24 20:47 <DIR> d

---

c:\program files\SPSSInc
2009-03-24 20:47 . 2009-03-24 20:47 1,025 --a

---

c:\windows\system32\sysprs7.tgz
2009-03-24 20:47 . 2009-03-24 20:47 1,025 --a

---

c:\windows\system32\sysprs7.dll
2009-03-24 20:47 . 2009-03-24 22:43 219 --a

---

c:\windows\system32\lsprst7.tgz
2009-03-24 20:47 . 2009-03-24 22:43 16 ---h

---

c:\windows\system32\servdat.slm
2009-03-24 14:46 . 2009-03-24 22:42 0 --a

---

C:\law.sp
2009-03-22 08:40 . 2006-02-28 20:00 221,184 --a

---

c:\windows\system32\wmpns.dll
2009-03-22 08:39 . 2009-03-22 08:39 <DIR> d

---

c:\program files\MONOGRAM AMR SplitterDecoder
2009-03-22 08:39 . 2009-03-22 08:39 <DIR> d

---

c:\program files\DScaler5
2009-03-22 08:39 . 2009-03-22 08:39 <DIR> d

---

c:\program files\CD Audio Reader Filter
2009-03-22 08:38 . 2009-03-22 08:38 <DIR> d

---

c:\program files\RealMedia
2009-03-22 08:38 . 2009-03-22 08:38 <DIR> d

---

c:\program files\OpenSource Flash Video Splitter
2009-03-22 08:36 . 2009-03-22 08:36 <DIR> d

---

c:\program files\SHOUTcast Source
2009-03-22 08:36 . 2009-03-22 08:36 <DIR> d

---

c:\program files\Haali
2009-03-22 08:36 . 2009-03-22 08:36 <DIR> d

---

c:\program files\DSP-worx
2009-03-22 08:34 . 2009-03-22 08:34 <DIR> d

---

c:\program files\Zoom Player
2009-03-22 08:34 . 2009-03-22 08:34 <DIR> d

---

c:\program files\DirectVobSub
2009-03-22 08:34 . 2009-03-22 08:34 <DIR> d

---

c:\documents and settings\All Users\Application Data\Zoom Player
2009-03-20 21:30 . 2001-08-17 13:48 12,160 --a

---

c:\windows\system32\drivers\mouhid.sys
2009-03-20 21:30 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-03-20 21:29 . 2001-08-17 14:02 9,600 --a

---

c:\windows\system32\drivers\hidusb.sys
2009-03-20 21:29 . 2001-08-17 14:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-03-08 20:48 . 2009-03-08 20:48 <DIR> d

---

c:\program files\NCH Software
2009-03-08 20:29 . 2009-03-08 20:29 <DIR> d

---

c:\documents and settings\n@shw@\Application Data\NCH Swift Sound
2009-03-08 20:29 . 2009-03-08 20:29 <DIR> d

---

c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-03-08 20:28 . 2009-03-08 20:28 <DIR> d

---

c:\program files\NCH Swift Sound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 14:39 417,824 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-08 14:39 3,556 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-08 14:37

---

d

---

w c:\documents and settings\n@shw@\Application Data\Free Download Manager
2009-04-08 13:52

---

d

---

w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-08 13:51

---

d

---

w c:\program files\Nakido
2009-04-07 16:14 19,776 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-07 16:14 1,856,544 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-02 12:31 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-21 09:21

---

d

---

w c:\program files\Common Files\Adobe
2009-03-04 23:18 15,688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-04 23:17 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-02-11 06:04 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
.

---

Sigcheck

---

2006-02-28 20:00 690176 3a5ee0514f56b1b775d7641cfba5ad37 c:\windows\system32\wininet.dll
2006-02-28 20:00 690176 3a5ee0514f56b1b775d7641cfba5ad37 c:\windows\system32\dllcache\wininet.dll

2006-02-28 20:00 974336 a5c1f2cf7c31874e66478910b43d6513 c:\windows\explorer.exe
2006-02-28 20:00 974336 a5c1f2cf7c31874e66478910b43d6513 c:\windows\system32\dllcache\explorer.exe

2006-02-28 20:00 100864 80cb133bd6c830e8ca7e90015e45c1cd c:\windows\system32\wuauclt.exe
2006-02-28 20:00 100864 80cb133bd6c830e8ca7e90015e45c1cd c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-05_ 8.46.36.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-05 00:31:46 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-08 13:51:40 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-04-05 00:31:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-04-08 13:51:40 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-05 00:31:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-08 13:51:40 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-08-03 15:10:18 17,024 -c--a-w c:\windows\system32\dllcache\ccdecode.sys
+ 2004-08-03 15:10:30 85,376 -c--a-w c:\windows\system32\dllcache\nabtsfec.sys
+ 2004-08-03 15:08:48 31,616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
+ 2004-08-03 15:10:12 78,464 -c--a-w c:\windows\system32\dllcache\usbvideo.sys
+ 2004-08-03 16:56:48 53,760 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
+ 2004-08-03 15:10:18 17,024 ----a-w c:\windows\system32\drivers\CCDECODE.sys
+ 2004-08-03 15:10:30 85,376 ----a-w c:\windows\system32\drivers\NABTSFEC.sys
+ 2004-08-03 15:08:48 31,616 ----a-w c:\windows\system32\drivers\usbccgp.sys
+ 2004-08-03 15:10:12 78,464 ----a-w c:\windows\system32\drivers\usbvideo.sys
+ 2004-08-03 16:56:48 53,760 ----a-w c:\windows\system32\vfwwdm32.dll
+ 2009-04-08 13:51:38 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 630784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2007-07-05 45056]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-11 206088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-05 515416]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-02 148888]

c:\documents and settings\n@shw@\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-02 65536]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a

---

2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]

---

2004-09-03 16:58 65536 c:\program files\Ahead\ODD Toolkit\dvdtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a

---

2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a

---

2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
--a

---

2008-11-24 23:15 1359941 c:\program files\Software Informer\softinfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a

---

2006-11-27 02:30 97357 c:\program files\Ringz Studio\Storm Codec\StormSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a

---

2008-11-28 15:47 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nakido\\nakido.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 8.0.0.358\\English\\setup.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-21 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-04-03 28544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 951632]
R2 Nakido;Nakido;c:\program files\Nakido\nakido.exe [2008-09-19 320000]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005bca3e-dd4d-11dd-9cc9-0016d31e6516}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0377f670-e7c5-11dd-9cea-0016d31e6516}]
\Shell\AutoRun\command - G:\8r.cmd
\Shell\open\Command - G:\8r.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c4a68fe-1678-11de-9d34-0016d31e6516}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c4a68ff-1678-11de-9d34-0016d31e6516}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-05 07:15]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.google.com.my/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\n@shw@\Application Data\Mozilla\Firefox\Profiles\r9yrstic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 22:39:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERS\S-1-5-21-1004336348-1659004503-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:e5,8d,7e,25,2b,d2,65,b1,35,ef,85,85,55,2d,de,85,ab,f0,66,6e,a3,
79,70,4e,e2,25,16,a4,61,0b,0e,f6,35,a9,ac,26,0e,34,bb,a0,4c,40,cf,d3,8f,0e,\
"rkeysecu"=hex:27,61,82,60,f3,e2,8a,e2,dc,1d,40,d3,1a,74,49,ca
.
Completion time: 2009-04-08 22:40:49
ComboFix-quarantined-files.txt 2009-04-08 14:40:46
ComboFix2.txt 2009-04-07 08:21:35
ComboFix3.txt 2009-04-05 00:47:34

Pre-Run: 25,162,612,736 bytes free
Post-Run: 25,762,451,456 bytes free

238

nashwa

this is the activescan log

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-04-09 08:04:48
PROTECTIONS: 1
MALWARE: 7
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Internet Security 8.0.0.454 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\n@shw@\Cookies\n@shw@@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\n@shw@\Cookies\n@shw@@atdmt[2].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\n@shw@\Cookies\n@shw@@hotlog[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\n@shw@\Cookies\n@shw@@ad.yieldmanager[1].txt
00375120 Adware/Borlander Adware No 0 Yes No C:\Program Files\Ringz Studio\Storm Codec\stormupd.dll
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{0E363F41-CDA4-4A66-857C-B183D761C807}\RP95\A0016982.sys
03587590 Adware/Yassist Adware No 0 No No C:\Downloads\Software\DivXWebPlayerInstaller.exe[²ÇÇ\y_toolbar.exe][²èÇ]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182048 HIGH MS07-069
182046 HIGH MS07-067
182043 HIGH MS07-064
179553 HIGH MS07-061
176382 HIGH MS07-057
176383 HIGH MS07-058
170911 HIGH MS07-050
170907 HIGH MS07-046
170906 HIGH MS07-045
170904 HIGH MS07-043
164915 HIGH MS07-035
164913 HIGH MS07-033
164911 HIGH MS07-031
160623 HIGH MS07-027
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150253 HIGH MS07-016
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
141034 HIGH MS06-076
141033 MEDIUM MS06-075
141030 HIGH MS06-072
137571 HIGH MS06-070
137568 HIGH MS06-067
133387 MEDIUM MS06-065
133386 MEDIUM MS06-064
133385 MEDIUM MS06-063
133379 HIGH MS06-057
131654 HIGH MS06-055
129977 MEDIUM MS06-053
129976 MEDIUM MS06-052
126093 HIGH MS06-051
126092 MEDIUM MS06-050
126087 HIGH MS06-046
126086 MEDIUM MS06-045
126083 HIGH MS06-042
126082 HIGH MS06-041
126081 HIGH MS06-040
123421 HIGH MS06-036
123420 HIGH MS06-035
120825 MEDIUM MS06-032
120823 MEDIUM MS06-030
120818 HIGH MS06-025
120815 HIGH MS06-022
120814 HIGH MS06-021
117384 MEDIUM MS06-018
114666 HIGH MS06-015
114664 HIGH MS06-013
108744 MEDIUM MS06-008
108743 MEDIUM MS06-007
108742 MEDIUM MS06-006
104567 HIGH MS06-002
104237 HIGH MS06-001
96574 HIGH MS05-053
93395 HIGH MS05-051
93394 HIGH MS05-050
93454 MEDIUM MS05-049
;===================================================================================================================================================================================


tnx!

Katana

Do you have more than one USB/external drive ?
Your log shows the infection returning.



Custom CFScript

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  

  File::
  G:\[COLOR=black]8r.cmd[/COLOR]
  Registry::
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0377f670-e7c5-11dd-9cea-0016d31e6516}]
  ADS::
  

• Save this as CFScript.txt and place it on your desktop.
  
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  
• When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

nashwa

hi. tnx for your reply.
actually it's my thumbdrive. i've always have to reformat it becoz of the viruses that always attacking our faculty's computers.








ComboFix 09-04-04.01 - n@shw@ 2009-04-09 21:06:29.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.267 [GMT 8:00]
Running from: c:\documents and settings\n@shw@\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\n@shw@\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

FILE ::
G:\8r.cmd
.

((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.

2009-04-08 22:35 . 2006-03-02 23:42 73,728 --a

---

C:\pv.exe
2009-04-07 20:54 . 2004-08-03 23:10 19,328 --a

---

c:\windows\system32\drivers\WSTCODEC.SYS
2009-04-07 20:54 . 2004-08-03 23:10 19,328 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
2009-04-07 20:54 . 2004-08-04 00:56 16,384 --a

---

c:\windows\system32\ipsink.ax
2009-04-07 20:54 . 2004-08-04 00:56 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2009-04-07 20:54 . 2004-08-03 23:10 15,360 --a

---

c:\windows\system32\drivers\StreamIP.sys
2009-04-07 20:54 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\streamip.sys
2009-04-07 20:54 . 2004-08-03 23:10 11,136 --a

---

c:\windows\system32\drivers\SLIP.sys
2009-04-07 20:54 . 2004-08-03 23:10 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2009-04-07 20:54 . 2004-08-03 23:10 10,880 --a

---

c:\windows\system32\drivers\NdisIP.sys
2009-04-07 20:54 . 2004-08-03 23:10 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2009-04-07 20:54 . 2004-08-03 22:58 5,504 --a

---

c:\windows\system32\drivers\MSTEE.sys
2009-04-07 20:54 . 2004-08-03 22:58 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2009-04-07 17:03 . 2009-04-07 17:03 54,156 --ah

---

c:\windows\QTFont.qfn
2009-04-07 17:03 . 2009-04-07 17:03 1,409 --a

---

c:\windows\QTFont.for
2009-04-03 21:16 . 2008-06-19 16:24 28,544 --a

---

c:\windows\system32\drivers\pavboot.sys
2009-04-03 21:15 . 2009-04-03 21:15 <DIR> d

---

c:\program files\Panda Security
2009-04-03 20:43 . 2009-04-03 20:43 <DIR> d

---

c:\documents and settings\n@shw@\Application Data\Malwarebytes
2009-04-03 20:43 . 2009-04-03 20:43 <DIR> d

---

c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 20:31 . 2009-04-02 20:31 73,728 --a

---

c:\windows\system32\javacpl.cpl
2009-04-02 20:30 . 2009-04-02 20:30 <DIR> d

---

c:\program files\Java
2009-04-01 23:45 . 2009-04-01 23:45 664 --a

---

c:\windows\system32\d3d9caps.dat
2009-04-01 18:19 . 2009-04-01 18:20 <DIR> d

---

C:\rsit
2009-04-01 18:19 . 2009-04-01 18:20 <DIR> d

---

c:\program files\trend micro
2009-03-24 23:18 . 2009-04-06 20:21 <DIR> d

---

c:\documents and settings\n@shw@\.spss
2009-03-24 22:43 . 2009-03-24 22:43 <DIR> d

---

c:\program files\Common Files\SPSS
2009-03-24 22:43 . 2009-03-24 22:43 <DIR> d

---

c:\documents and settings\All Users\Application Data\SPSS
2009-03-24 22:25 . 2009-03-24 22:25 <DIR> d

---

c:\program files\Common Files\Java
2009-03-24 20:50 . 2009-03-24 20:50 1,024 --a

---

c:\windows\system32\grcauth2.dll
2009-03-24 20:50 . 2009-03-24 20:50 1,024 --a

---

c:\windows\system32\grcauth1.dll
2009-03-24 20:50 . 2009-03-24 22:46 114 --a

---

c:\windows\system32\prsgrc.tgz
2009-03-24 20:49 . 2009-03-24 20:49 <DIR> d

---

c:\documents and settings\All Users\Application Data\SafeNet Sentinel
2009-03-24 20:47 . 2009-03-24 20:47 <DIR> d

---

c:\program files\SPSSInc
2009-03-24 20:47 . 2009-03-24 20:47 1,025 --a

---

c:\windows\system32\sysprs7.tgz
2009-03-24 20:47 . 2009-03-24 20:47 1,025 --a

---

c:\windows\system32\sysprs7.dll
2009-03-24 20:47 . 2009-03-24 22:43 219 --a

---

c:\windows\system32\lsprst7.tgz
2009-03-24 20:47 . 2009-03-24 22:43 16 ---h

---

c:\windows\system32\servdat.slm
2009-03-24 14:46 . 2009-03-24 22:42 0 --a

---

C:\law.sp
2009-03-22 08:40 . 2006-02-28 20:00 221,184 --a

---

c:\windows\system32\wmpns.dll
2009-03-22 08:39 . 2009-03-22 08:39 <DIR> d

---

c:\program files\MONOGRAM AMR SplitterDecoder
2009-03-22 08:39 . 2009-03-22 08:39 <DIR> d

---

c:\program files\DScaler5
2009-03-22 08:39 . 2009-03-22 08:39 <DIR> d

---

c:\program files\CD Audio Reader Filter
2009-03-22 08:38 . 2009-03-22 08:38 <DIR> d

---

c:\program files\RealMedia
2009-03-22 08:38 . 2009-03-22 08:38 <DIR> d

---

c:\program files\OpenSource Flash Video Splitter
2009-03-22 08:36 . 2009-03-22 08:36 <DIR> d

---

c:\program files\SHOUTcast Source
2009-03-22 08:36 . 2009-03-22 08:36 <DIR> d

---

c:\program files\Haali
2009-03-22 08:36 . 2009-03-22 08:36 <DIR> d

---

c:\program files\DSP-worx
2009-03-22 08:34 . 2009-03-22 08:34 <DIR> d

---

c:\program files\Zoom Player
2009-03-22 08:34 . 2009-03-22 08:34 <DIR> d

---

c:\program files\DirectVobSub
2009-03-22 08:34 . 2009-03-22 08:34 <DIR> d

---

c:\documents and settings\All Users\Application Data\Zoom Player
2009-03-20 21:30 . 2001-08-17 13:48 12,160 --a

---

c:\windows\system32\drivers\mouhid.sys
2009-03-20 21:30 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-03-20 21:29 . 2001-08-17 14:02 9,600 --a

---

c:\windows\system32\drivers\hidusb.sys
2009-03-20 21:29 . 2001-08-17 14:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 13:06

---

d

---

w c:\documents and settings\n@shw@\Application Data\Free Download Manager
2009-04-09 12:15

---

d

---

w c:\program files\Nakido
2009-04-09 12:15

---

d

---

w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-09 10:24 417,824 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-09 10:24 3,556 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-09 10:24 19,804 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-09 10:24 1,860,128 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-02 12:31 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-21 09:21

---

d

---

w c:\program files\Common Files\Adobe
2009-03-08 12:48

---

d

---

w c:\program files\NCH Software
2009-03-08 12:29

---

d

---

w c:\documents and settings\n@shw@\Application Data\NCH Swift Sound
2009-03-08 12:29

---

d

---

w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-03-08 12:28

---

d

---

w c:\program files\NCH Swift Sound
2009-03-04 23:18 15,688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-04 23:17 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-02-11 06:04 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
.

---

Sigcheck

---

2006-02-28 20:00 690176 3a5ee0514f56b1b775d7641cfba5ad37 c:\windows\system32\wininet.dll
2006-02-28 20:00 690176 3a5ee0514f56b1b775d7641cfba5ad37 c:\windows\system32\dllcache\wininet.dll

2006-02-28 20:00 974336 a5c1f2cf7c31874e66478910b43d6513 c:\windows\explorer.exe
2006-02-28 20:00 974336 a5c1f2cf7c31874e66478910b43d6513 c:\windows\system32\dllcache\explorer.exe

2006-02-28 20:00 100864 80cb133bd6c830e8ca7e90015e45c1cd c:\windows\system32\wuauclt.exe
2006-02-28 20:00 100864 80cb133bd6c830e8ca7e90015e45c1cd c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-05_ 8.46.36.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-05 00:31:46 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-09 07:19:19 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-04-05 00:31:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-04-09 07:19:19 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-03 15:10:18 17,024 -c--a-w c:\windows\system32\dllcache\ccdecode.sys
+ 2004-08-03 15:10:30 85,376 -c--a-w c:\windows\system32\dllcache\nabtsfec.sys
+ 2004-08-03 15:08:48 31,616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
+ 2004-08-03 15:10:12 78,464 -c--a-w c:\windows\system32\dllcache\usbvideo.sys
+ 2004-08-03 16:56:48 53,760 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
+ 2004-08-03 15:10:18 17,024 ----a-w c:\windows\system32\drivers\CCDECODE.sys
+ 2004-08-03 15:10:30 85,376 ----a-w c:\windows\system32\drivers\NABTSFEC.sys
+ 2004-08-03 15:08:48 31,616 ----a-w c:\windows\system32\drivers\usbccgp.sys
+ 2004-08-03 15:10:12 78,464 ----a-w c:\windows\system32\drivers\usbvideo.sys
+ 2004-08-03 16:56:48 53,760 ----a-w c:\windows\system32\vfwwdm32.dll
+ 2009-04-09 12:16:11 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_33c.dat
+ 2009-04-09 12:15:27 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_39c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 630784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2007-07-05 45056]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-11 206088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-05 515416]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-02 148888]

c:\documents and settings\n@shw@\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-02 65536]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a

---

2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]

---

2004-09-03 16:58 65536 c:\program files\Ahead\ODD Toolkit\dvdtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a

---

2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a

---

2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
--a

---

2008-11-24 23:15 1359941 c:\program files\Software Informer\softinfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a

---

2006-11-27 02:30 97357 c:\program files\Ringz Studio\Storm Codec\StormSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a

---

2008-11-28 15:47 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nakido\\nakido.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 8.0.0.358\\English\\setup.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-21 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-04-03 28544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 951632]
R2 Nakido;Nakido;c:\program files\Nakido\nakido.exe [2008-09-19 320000]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005bca3e-dd4d-11dd-9cc9-0016d31e6516}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c4a68fe-1678-11de-9d34-0016d31e6516}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c4a68ff-1678-11de-9d34-0016d31e6516}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-05 07:15]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.google.com.my/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\n@shw@\Application Data\Mozilla\Firefox\Profiles\r9yrstic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 21:08:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERS\S-1-5-21-1004336348-1659004503-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:e5,8d,7e,25,2b,d2,65,b1,35,ef,85,85,55,2d,de,85,ab,f0,66,6e,a3,
79,70,4e,e2,25,16,a4,61,0b,0e,f6,35,a9,ac,26,0e,34,bb,a0,4c,40,cf,d3,8f,0e,\
"rkeysecu"=hex:27,61,82,60,f3,e2,8a,e2,dc,1d,40,d3,1a,74,49,ca
.
Completion time: 2009-04-09 21:09:34
ComboFix-quarantined-files.txt 2009-04-09 13:09:32
ComboFix2.txt 2009-04-08 14:40:50
ComboFix3.txt 2009-04-07 08:21:35
ComboFix4.txt 2009-04-05 00:47:34

Pre-Run: 8,273,051,648 bytes free
Post-Run: 8,366,874,624 bytes free

237

Katana

Flash Disinfector by sUBs
Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Wait until the program has finished scanning, then please exit the program.
  The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.
  

Please restart your computer.



How are things running now, there is no sign of infection left.

nashwa

does the Flash_Disinfector.exe safe to run it?

do i have to disable my antivirus n spyware?
because my Lavasoft has blocked the Flash_Disinfector.exe from running.

Katana

In the first post I made it says :-

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

nashwa

owhh..tnx!
i.ve tried to run the Flash Disinfectant n my lptop seems to be ok..
can i use the flash disinfectant for normal usage?

i tried to install the SPSS again but the problem is still there...

Katana

You would be better using this for normal usage


Panda USB and AutoRun Vaccine

Please visit Panda USB and AutoRun Vaccine
Download and use the tool to vacinate your computer and also any USB drives you have.

This will help prevent infection in the future.

Please delete C:\RSIT (entire folder)
Now run RSIT (from Post #2 ) and post both logs in your reply.

nashwa

hi.
tnx for your suggestion.

this is the log.


info.txt logfile of random's system information tool 1.06 2009-04-11 23:14:21

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Canon iP1200-->C:\WINDOWS\system32\CNMCP76.exe "-PRINTERNAMECanon iP1200" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Canon iP1600-->C:\WINDOWS\system32\CNMCP75.exe "-PRINTERNAMECanon iP1600" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
CD Audio Reader Filter (remove only)-->"C:\Program Files\CD Audio Reader Filter\uninstall.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -Iwis30B5a.INF
DC-Bass Source 1.1.1-->"C:\Program Files\DSP-worx\DC-Bass Source\Uninstall.exe"
DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DScaler 5 Mpeg Decoders-->"C:\Program Files\DScaler5\unins000.exe"
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Feeding Frenzy 2-->C:\PROGRA~1\GAMEHO~1\FEEDIN~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\FEEDIN~1\INSTALL.LOG
ffdshow [rev 2527] [2008-12-19]-->"C:\Program Files\Ringz Studio\Storm Codec\Codecs\unins000.exe"
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_SprtHD5m\UIU32m.exe -U -ISprtHD5m.inf
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Quick Launch Buttons 6.00 G2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Japanese Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-900000000003}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MONOGRAM AMR Splitter/Decoder (remove only)-->"C:\Program Files\MONOGRAM AMR SplitterDecoder\uninstall.exe"
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nakido-->C:\Program Files\Nakido\Uninstall.exe
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
OpenSource Flash Video Splitter (remove only)-->"C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
RealMedia (remove only)-->"C:\Program Files\RealMedia\uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\SETUP.EXE" -l0x9 anything
SHOUTcast Source (remove only)-->"C:\Program Files\SHOUTcast Source\uninstall.exe"
SmartAudio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}\setup.exe" -l0x9 -removeonly
Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe"
SPSS 16.0 for Windows-->MsiExec.exe /X{621025AE-3510-478E-BC27-1A647150976F}
Storm Codec-->C:\Program Files\Ringz Studio\Storm Codec\uninst7.01.19.exe
SureThing CD Labeler 4 SE-->C:\WINDOWS\mvuninst\App1\mvuninst.exe "SureThing CD Labeler 4 SE"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Vista Drive Icon 1.3-->C:\Program Files\Vista Drive Icon\uninst.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
Zoom Player (remove only)-->"C:\Program Files\Zoom Player\uninstall.exe"

======Security center information======

AV: Kaspersky Internet Security
FW: Kaspersky Internet Security

======System event log======

Computer Name: NASHWA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 3400
Source Name: Tcpip
Time Written: 20090225201923.000000+480
Event Type: warning
User:

Computer Name: NASHWA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 3396
Source Name: Tcpip
Time Written: 20090225172803.000000+480
Event Type: warning
User:

Computer Name: NASHWA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 3393
Source Name: Tcpip
Time Written: 20090225160002.000000+480
Event Type: warning
User:

Computer Name: NASHWA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 3392
Source Name: Tcpip
Time Written: 20090225154527.000000+480
Event Type: warning
User:

Computer Name: NASHWA
Event Code: 10010
Message: The server {BA126AD1-2166-11D1-B1D0-00805FC1270E} did not register with DCOM within the required timeout.

Record Number: 3289
Source Name: DCOM
Time Written: 20090220192006.000000+480
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: NASHWA
Event Code: 1517
Message: Windows saved user NASHWA\n@shw@ registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1021
Source Name: Userenv
Time Written: 20090115002359.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: NASHWA
Event Code: 2002
Message: The MOF file created for the Outlook service could not be loaded. The
error code returned by the MOF Compiler is contained in the Record Data.
Before the performance counters of this service can be collected by WMI
the MOF file will need to be loaded manually. Contact the vendor of this
service for additional information.

Record Number: 1019
Source Name: LoadPerf
Time Written: 20090114130515.000000+480
Event Type: warning
User:

Computer Name: NASHWA
Event Code: 1001
Message: Fault bucket 768940547.

Record Number: 1010
Source Name: Application Hang
Time Written: 20090114083703.000000+480
Event Type: error
User:

Computer Name: NASHWA
Event Code: 1002
Message: Hanging application fdm.exe, version 2.5.758.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1009
Source Name: Application Hang
Time Written: 20090114083604.000000+480
Event Type: error
User:

Computer Name: NASHWA
Event Code: 1517
Message: Windows saved user NASHWA\n@shw@ registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1000
Source Name: Userenv
Time Written: 20090114003241.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

---

EOF

---

Logfile of random's system information tool 1.06 (written by random/random)
Run by n@shw@ at 2009-04-11 23:14:09
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (17%) free of 40 GB
Total RAM: 502 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:17 PM, on 4/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nakido\nakido.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Documents and Settings\n@shw@\Desktop\RSIT.exe
C:\Program Files\trend micro\n@shw@.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe

--
End of file - 8621 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-06 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-11-26 2193280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-11-28 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-06-18 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-02 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-02 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-11-26 2193280]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-13 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-13 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-13 138008]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-03-23 131072]
"DrvIcon"=C:\Program Files\Vista Drive Icon\DrvIcon.exe [2007-07-05 45056]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-11 206088]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-31 761946]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-05 515416]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-02 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe [2008-05-20 2474031]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
"RocketDock"=C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-28 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe [2004-09-03 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
C:\Program Files\Software Informer\softinfo.exe [2008-11-24 1359941]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe [2006-11-27 97357]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-28 68856]

C:\Documents and Settings\n@shw@\Start Menu\Programs\Startup
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-05 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Nakido\nakido.exe"="C:\Program Files\Nakido\nakido.exe:*:Enabled:Nakido"
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 8.0.0.358\English\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 8.0.0.358\English\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup"
"C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe"="C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1033)"
"C:\Program Files\SPSSInc\SPSS16\spss.com"="C:\Program Files\SPSSInc\SPSS16\spss.com:*:Disabled:SPSS 16.0 for Windows (1033:com)"
"C:\Program Files\SPSSInc\SPSS16\spss.exe"="C:\Program Files\SPSSInc\SPSS16\spss.exe:*:Disabled:SPSS 16.0 for Windows (1033:exe)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005bca3e-dd4d-11dd-9cc9-0016d31e6516}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c4a68fe-1678-11de-9d34-0016d31e6516}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c4a68ff-1678-11de-9d34-0016d31e6516}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe


======List of files/folders created in the last 1 months======

2009-04-11 23:14:09 ----D---- C:\rsit
2009-04-11 09:29:12 ----RASHD---- C:\autorun.inf
2009-04-10 08:11:58 ----SHD---- C:\RECYCLER
2009-04-09 21:09:36 ----A---- C:\ComboFix.txt
2009-04-08 22:35:57 ----A---- C:\pv.exe
2009-04-07 20:53:45 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-04-05 08:40:50 ----A---- C:\Boot.bak
2009-04-05 08:40:43 ----RASHD---- C:\cmdcons
2009-04-05 08:39:29 ----A---- C:\WINDOWS\zip.exe
2009-04-05 08:39:29 ----A---- C:\WINDOWS\VFIND.exe
2009-04-05 08:39:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-05 08:39:29 ----A---- C:\WINDOWS\SWSC.exe
2009-04-05 08:39:29 ----A---- C:\WINDOWS\SWREG.exe
2009-04-05 08:39:29 ----A---- C:\WINDOWS\sed.exe
2009-04-05 08:39:29 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-05 08:39:29 ----A---- C:\WINDOWS\grep.exe
2009-04-05 08:39:29 ----A---- C:\WINDOWS\fdsv.exe
2009-04-05 08:34:16 ----D---- C:\WINDOWS\ERDNT
2009-04-05 08:34:10 ----D---- C:\Qoobox
2009-04-03 21:15:15 ----D---- C:\Program Files\Panda Security
2009-04-03 20:43:37 ----D---- C:\Documents and Settings\n@shw@\Application Data\Malwarebytes
2009-04-03 20:43:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-02 20:31:26 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-02 20:31:26 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-02 20:31:26 ----A---- C:\WINDOWS\system32\java.exe
2009-04-02 20:30:55 ----D---- C:\Program Files\Java
2009-04-01 18:19:37 ----D---- C:\Program Files\trend micro
2009-03-24 22:43:37 ----D---- C:\Documents and Settings\All Users\Application Data\SPSS
2009-03-24 22:43:36 ----D---- C:\Program Files\Common Files\SPSS
2009-03-24 22:25:14 ----D---- C:\Program Files\Common Files\Java
2009-03-24 21:10:22 ----D---- C:\WINDOWS\system32\appmgmt
2009-03-24 20:50:20 ----A---- C:\WINDOWS\system32\grcauth2.dll
2009-03-24 20:50:20 ----A---- C:\WINDOWS\system32\grcauth1.dll
2009-03-24 20:49:48 ----D---- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
2009-03-24 20:47:17 ----D---- C:\Program Files\SPSSInc
2009-03-24 20:47:03 ----A---- C:\WINDOWS\system32\sysprs7.dll
2009-03-22 08:40:32 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-03-22 08:39:20 ----D---- C:\Program Files\MONOGRAM AMR SplitterDecoder
2009-03-22 08:39:12 ----D---- C:\Program Files\CD Audio Reader Filter
2009-03-22 08:39:07 ----D---- C:\Program Files\DScaler5
2009-03-22 08:38:48 ----D---- C:\Program Files\OpenSource Flash Video Splitter
2009-03-22 08:38:35 ----D---- C:\Program Files\RealMedia
2009-03-22 08:36:53 ----D---- C:\Program Files\SHOUTcast Source
2009-03-22 08:36:44 ----D---- C:\Program Files\Haali
2009-03-22 08:36:26 ----D---- C:\Program Files\DSP-worx
2009-03-22 08:34:39 ----D---- C:\Program Files\DirectVobSub
2009-03-22 08:34:01 ----D---- C:\Program Files\Zoom Player
2009-03-22 08:34:01 ----D---- C:\Documents and Settings\All Users\Application Data\Zoom Player

======List of files/folders modified in the last 1 months======

2009-04-11 23:14:10 ----D---- C:\WINDOWS\Temp
2009-04-11 23:11:57 ----D---- C:\Documents and Settings\n@shw@\Application Data\Free Download Manager
2009-04-11 22:49:12 ----D---- C:\WINDOWS\Prefetch
2009-04-11 15:51:40 ----D---- C:\Program Files\Nakido
2009-04-11 13:15:45 ----D---- C:\Program Files\Mozilla Firefox
2009-04-11 13:15:26 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-04-11 12:47:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-10 02:24:46 ----SD---- C:\Documents and Settings\n@shw@\Application Data\Microsoft
2009-04-09 21:09:38 ----D---- C:\WINDOWS\system32
2009-04-09 21:09:36 ----D---- C:\WINDOWS
2009-04-09 21:08:24 ----A---- C:\WINDOWS\system.ini
2009-04-09 21:07:44 ----D---- C:\WINDOWS\system32\drivers
2009-04-09 21:07:44 ----D---- C:\WINDOWS\AppPatch
2009-04-09 21:07:40 ----D---- C:\Program Files\Common Files
2009-04-09 21:06:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-09 12:07:58 ----D---- C:\Downloads
2009-04-07 20:54:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-05 18:03:21 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-05 08:42:54 ----D---- C:\WINDOWS\system32\config
2009-04-05 08:40:50 ----RASH---- C:\boot.ini
2009-04-03 22:49:59 ----RD---- C:\Program Files
2009-04-03 21:16:13 ----HD---- C:\WINDOWS\inf
2009-04-02 20:31:32 ----SHD---- C:\WINDOWS\Installer
2009-04-02 20:31:01 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-21 17:21:10 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-21 17:21:02 ----D---- C:\Program Files\Common Files\Adobe
2009-03-21 17:20:48 ----D---- C:\Program Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-11 213520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-02-28 60800]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-09-21 1123328]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-11-03 157696]
R3 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-08-24 594432]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-21 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-21 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-05 5761728]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-02-28 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2006-02-28 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-31 193056]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-21 730112]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-11 206088]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-03-15 135168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-02 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-15 951632]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-12-18 73728]
R2 Nakido;Nakido; C:\Program Files\Nakido\nakido.e [2009-04-11 65536]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-11-27 72704]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

---

EOF

---

tnx!

Katana

There is no sign of infection now, does the problem only occur when you try to install SPSS ?

There is a support page for SPSS, have you tried contacting them ?

nashwa

it just happened when i'm trying to activate my SPSS. all my friends have succeeded activating the SPSS in their lptop.

this what actually happened.

Katana

Have you tried uninstalling/reinstalling SPSS since we updated your Java ?

There is a support page for SPSS, have you tried contacting them ?