Hello, here is my combofix log and my new hijackthis log:
ComboFix 09-08-26.05 - calvin 27/08/2009 3:26.1.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1530 [GMT 1:00]
Running from: c:\users\calvin\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1289646755-2976081251-401195427-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\calvin\AppData\Roaming\.#
c:\windows\Installer\2495f11.msi
c:\windows\Installer\92cd8.msp
c:\windows\Installer\92da9.msp
c:\windows\system32\28463
c:\windows\system32\28463\key.bin
c:\windows\system32\28463\QTEO.006
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\nY.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
----- BITS: Possible infected sites -----
hxxp://ccp.vo.llnwd.net.
((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.
2009-08-27 02:38 . 2009-08-27 02:38 -------- d-----w- c:\users\calvin\AppData\Local\temp
2009-08-27 02:38 . 2009-08-27 02:38 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-08-27 02:38 . 2009-08-27 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-26 20:04 . 2009-08-26 20:04 -------- d-----w- c:\programdata\CCP
2009-08-26 20:04 . 2009-08-26 20:04 -------- d-----w- c:\users\calvin\AppData\Local\CCP
2009-08-26 18:17 . 2009-08-26 18:17 -------- d-----w- c:\windows\system32\Adobe
2009-08-26 02:01 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-25 23:10 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-25 23:10 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-25 11:46 . 2009-08-25 11:46 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-08-25 11:46 . 2009-08-25 11:46 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-08-25 11:46 . 2009-08-25 11:46 264720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-08-25 11:46 . 2009-08-25 11:46 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-08-25 11:46 . 2009-08-25 11:46 59920 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-08-25 11:46 . 2009-08-25 11:46 264720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-08-24 03:22 . 2009-08-24 03:22 -------- d-----w- c:\programdata\NortonInstaller
2009-08-20 22:41 . 2009-08-20 22:41 -------- d-----w- c:\program files\Sun
2009-08-19 01:33 . 2009-08-19 01:33 180224 ----a-w- c:\windows\system32\WinVd32.sys
2009-08-19 01:33 . 2009-08-19 01:33 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2009-08-19 01:33 . 2009-08-19 01:33 10752 ----a-w- c:\windows\system32\WinFLdrv.sys
2009-08-19 01:33 . 2009-08-19 01:41 -------- d-----w- c:\program files\Folder Lock 6
2009-08-19 01:13 . 2009-08-19 01:13 -------- d-----w- c:\users\calvin\AppData\Roaming\Uniblue
2009-08-19 01:13 . 2009-08-19 01:13 -------- d-----w- c:\program files\Uniblue
2009-08-18 23:34 . 2009-08-18 23:34 -------- d-----w- c:\users\calvin\AppData\Local\RadarSync
2009-08-18 17:21 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-18 17:21 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-14 16:55 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 16:55 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-14 16:55 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-14 16:55 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-14 16:55 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-14 16:55 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-14 16:55 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-14 16:55 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-14 10:52 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-14 10:52 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl(189).dll
2009-08-14 10:52 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-14 10:52 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32(190).dll
2009-08-14 10:52 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-14 10:52 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-14 10:52 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-14 10:52 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-13 22:40 . 2006-01-10 16:50 24576 ----a-r- c:\windows\system32\AsIO.dll
2009-08-13 22:40 . 2007-12-17 17:14 12400 ----a-r- c:\windows\system32\drivers\AsIO.sys
2009-08-13 22:40 . 2009-08-17 00:43 -------- d-----w- c:\program files\ASUS
2009-08-13 22:30 . 2007-08-20 21:31 151552 ------r- c:\windows\system32\xRaidAPI.dll
2009-08-13 22:30 . 2007-08-30 00:57 1966080 ------r- c:\windows\system32\xRaidSetup.exe
2009-08-13 22:29 . 2007-08-31 18:58 63360 ----a-w- c:\windows\system32\drivers\jraid.sys
2009-08-13 22:29 . 2006-08-30 20:33 319984 ------r- c:\windows\system32\DifxApi.dll
2009-08-13 22:29 . 2009-08-13 22:30 -------- d-----w- c:\windows\RaidTool
2009-08-13 22:16 . 2009-08-13 22:16 -------- d-----w- c:\program files\profile
2009-08-13 22:16 . 2009-08-13 22:16 -------- d-----w- c:\program files\bin32
2009-08-13 22:15 . 2009-08-13 22:15 -------- d-----w- c:\program files\log
2009-08-13 22:13 . 2008-01-17 11:52 110624 ----a-w- c:\windows\system32\drivers\nvstor32.sys
2009-08-13 22:13 . 2008-01-17 11:43 353280 ----a-w- c:\windows\system32\idecoi.dll
2009-08-13 22:13 . 2008-01-29 12:55 1042464 ----a-w- c:\windows\system32\drivers\nvmfdx32.sys
2009-08-13 22:13 . 2008-01-29 11:37 203264 ----a-w- c:\windows\system32\fdco1.dll
2009-08-13 22:05 . 2009-08-13 22:05 -------- d-----w- c:\windows\ASUSInstAll
2009-08-13 22:03 . 2009-08-13 22:03 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-13 22:03 . 2009-08-13 22:03 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-13 22:03 . 2009-08-13 22:03 -------- d-----w- c:\program files\Creative
2009-08-13 22:03 . 2007-07-03 12:11 1503232 ------w- c:\windows\system32\adi_oal.dll
2009-08-13 22:01 . 2009-08-13 22:01 -------- d-----w- c:\programdata\SonicFocus
2009-08-13 22:00 . 2006-10-18 05:44 7680 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2009-07-31 20:27 . 2009-07-31 20:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-31 19:55 . 2009-08-02 02:32 -------- d-----w- c:\users\calvin\AppData\Roaming\Hamachi
2009-07-31 19:33 . 2009-07-31 19:33 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-31 19:33 . 2009-07-31 19:34 -------- d-----w- c:\program files\Hamachi
2009-07-31 06:03 . 2009-08-02 09:49 -------- d-----w- c:\program files\Celtic Kings - Rage of War
2009-07-30 00:43 . 2009-07-30 00:43 -------- d-----w- c:\program files\NVIDIA Corporation
2009-07-30 00:39 . 2009-07-14 18:54 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-30 00:39 . 2009-07-14 18:54 9557216 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-07-30 00:39 . 2009-07-14 18:54 3287040 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-07-30 00:39 . 2009-07-14 18:54 2169376 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-30 00:39 . 2009-07-14 18:54 10854400 ----a-w- c:\windows\system32\nvoglv32.dll
2009-07-30 00:39 . 2009-07-14 18:54 1983488 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-30 00:39 . 2009-07-14 18:54 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-30 00:39 . 2009-07-14 18:54 151552 ----a-w- c:\windows\system32\nvcod157.dll
2009-07-30 00:39 . 2009-07-14 18:54 151552 ----a-w- c:\windows\system32\nvcod.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 01:26 . 2008-07-02 17:51 34 ----a-w- c:\users\calvin\jagex_runescape_preferences.dat
2009-08-27 00:53 . 2007-12-18 13:12 -------- d-----w- c:\program files\Steam
2009-08-26 21:21 . 2009-05-11 21:25 155810 ----a-w- c:\programdata\nvModes.dat
2009-08-26 16:13 . 2009-07-08 17:02 -------- d-----w- c:\programdata\Kaspersky Lab
2009-08-26 16:13 . 2007-10-30 02:57 -------- d-----w- c:\programdata\NVIDIA
2009-08-23 20:52 . 2007-12-18 13:12 -------- d-----w- c:\program files\Common Files\Steam
2009-08-20 22:40 . 2009-03-11 21:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-20 22:40 . 2007-12-25 17:02 -------- d-----w- c:\program files\Java
2009-08-19 12:23 . 2007-12-21 16:56 -------- d-----w- c:\program files\EA GAMES
2009-08-19 12:23 . 2007-10-30 02:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-18 17:02 . 2008-01-04 22:54 -------- d-----w- c:\users\calvin\AppData\Roaming\Ventrilo
2009-08-18 17:02 . 2009-03-19 18:25 -------- d-----w- c:\program files\Webshots
2009-08-18 17:02 . 2009-01-31 04:34 -------- d-----w- c:\program files\MTA San Andreas
2009-08-18 17:02 . 2008-11-23 23:58 -------- d-----w- c:\program files\PiraMod
2009-08-18 17:02 . 2008-11-18 21:28 -------- d-----w- c:\program files\Roger Wilco
2009-08-18 17:02 . 2007-12-20 19:32 -------- d-----w- c:\program files\PC Wizard 2008
2009-08-18 17:02 . 2009-07-16 22:22 -------- d-----w- c:\program files\Audacity
2009-08-18 17:02 . 2008-06-11 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 16:14 . 2008-06-25 02:11 -------- d-----w- c:\program files\wally
2009-08-14 17:44 . 2007-12-18 12:31 85184 ----a-w- c:\users\calvin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-14 17:03 . 2007-10-30 03:13 -------- d-----w- c:\programdata\Microsoft Help
2009-08-14 16:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-14 16:51 . 2007-10-30 03:04 -------- d-----w- c:\programdata\Sonic
2009-08-13 22:02 . 2009-08-13 22:01 -------- d-----w- c:\program files\Analog Devices
2009-08-02 14:47 . 2009-07-03 22:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-02 03:59 . 2009-06-13 01:01 -------- d-----w- c:\users\calvin\AppData\Roaming\vlc
2009-07-31 19:51 . 2008-03-14 14:53 -------- d-----w- c:\users\calvin\AppData\Roaming\HamachiBackup
2009-07-30 00:42 . 2007-10-30 02:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-30 00:42 . 2009-05-11 21:21 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-18 16:06 . 2009-07-29 11:00 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 11:00 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 02:53 . 2009-07-18 02:53 -------- d-----w- c:\users\calvin\AppData\Roaming\dBpoweramp
2009-07-18 02:17 . 2009-07-18 02:17 14362 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-07-18 02:17 . 2009-07-18 02:17 -------- d-----w- c:\users\calvin\AppData\Roaming\AccurateRip
2009-07-18 02:17 . 2009-07-18 02:17 -------- d-----w- c:\program files\dBpowerAMP
2009-07-18 02:16 . 2008-04-10 19:10 5433520 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-07-17 02:43 . 2009-07-17 02:43 58800 ----a-w- c:\programdata\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume2\Program Files\YouTube Downloader\Uninstall.exe
2009-07-16 22:14 . 2008-06-06 23:30 -------- d-----w- c:\users\calvin\AppData\Roaming\TeamViewer
2009-07-14 18:54 . 2009-07-30 00:39 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-07-14 18:54 . 2009-04-30 21:02 7565824 ----a-w- c:\windows\system32\nvd3dum.dll
2009-07-14 18:54 . 2007-09-17 12:56 1044992 ----a-w- c:\windows\system32\nvapi.dll
2009-07-12 01:27 . 2007-12-18 16:33 -------- d-----w- c:\users\calvin\AppData\Roaming\Xfire
2009-07-11 18:05 . 2007-12-18 16:33 -------- d-----w- c:\programdata\Xfire
2009-07-10 06:01 . 2007-12-21 15:57 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-07-09 15:38 . 2009-05-24 14:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-09 15:38 . 2009-07-09 15:38 280592 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\6.0\klif.sys
2009-07-09 15:38 . 2009-07-09 15:38 128016 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-08 18:10 . 2009-07-08 18:10 -------- d-----w- c:\program files\Ventrilo
2009-07-08 17:19 . 2009-07-08 17:19 932368 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-07-08 17:19 . 2009-07-08 17:19 678416 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-07-08 17:19 . 2009-07-08 17:19 604688 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-07-08 17:19 . 2009-07-08 17:19 522768 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-07-08 17:19 . 2009-07-08 17:19 1096208 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-07-08 17:17 . 2009-07-08 17:17 604140 --sha-w- c:\windows\system32\drivers\ISwift3(219).dat
2009-07-08 17:17 . 2009-07-08 17:17 604140 ------w- c:\windows\system32\drivers\ISwift3.dat
2009-07-08 17:02 . 2009-07-08 17:02 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-08 17:02 . 2009-07-08 17:02 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-08 17:02 . 2009-07-08 17:02 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-08 17:00 . 2009-07-08 17:00 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-07-07 07:44 . 2007-12-18 16:33 -------- d-----w- c:\program files\Xfire
2009-07-06 01:41 . 2008-11-14 16:24 139072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-06 01:35 . 2007-12-26 02:34 189672 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-03 22:45 . 2009-07-03 22:15 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-07-03 22:44 . 2007-10-30 03:00 -------- d-----w- c:\program files\Microsoft Works
2009-07-03 22:17 . 2009-07-03 22:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-03 22:17 . 2009-07-03 22:17 193824 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2009-07-03 22:17 . 2009-07-03 22:17 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-07-03 22:14 . 2009-07-03 22:14 -------- d-----w- c:\program files\Microsoft SDKs
2009-07-02 18:55 . 2009-07-02 18:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-15 15:24 . 2009-07-15 19:04 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 19:04 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 19:04 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 19:04 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\programdata\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume2\ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2008-04-12 20:34 . 2008-04-12 20:34 1958 ----a-w- c:\program files\Craftyov.ini
2007-10-30 10:29 . 2007-10-30 10:28 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\System32\msconfig.exe" [2008-01-19 227840]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-05-25 303376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-20 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^calvin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\users\calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^calvin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{43480A55-D18E-4381-AB74-6EAEAB13A0FC}"= c:\program files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{94BD8721-F148-4A21-B5B1-A239604354F2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3199CA81-4A27-4637-B841-EFEB702E5E57}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{839F1242-517A-4F1F-8995-83FDEA08BCCC}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{D1D1A9B9-AC79-4A8A-915F-B2C0501D8F02}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{ADC4A466-A878-45B7-A130-7B863F58E2BE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{272D0250-963E-42C7-9EEC-2CBC1F788F8D}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{C8D66AF2-6429-49CF-9FE6-72067EF42934}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{916C8BCA-F24B-498A-8017-E53D143803FA}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{F8AE743A-CAC1-4002-8D78-FF767D51BFE3}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CDF2F4D4-0BB9-4575-9D9E-10E1A6FDA319}"= UDP:c:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{9ECE737B-797A-4480-B932-1B28020E7977}"= TCP:c:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{3FC60B1F-ACED-42F2-BB14-35253D316210}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E640E087-C970-439B-8241-71EB2C0848EA}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{005B999A-7B78-4DDA-BDA1-B41E8496ECE6}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EFA27614-A6B3-496D-BC7D-D27ABDEE76A8}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{BD165888-4E9D-4543-99D4-5AB5AD098B71}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F4A073DF-BFE2-4720-B9D3-65049224AAD4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2DA94DD7-A362-4B13-AF84-53D669A850A5}c:\\program files\\steam\\steamapps\\makem\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\makem\half-life\hl.exe:Half-Life Launcher
"UDP Query User{4B3F13BF-345A-430D-922C-BEB2E3DF5D1D}c:\\program files\\steam\\steamapps\\makem\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\makem\half-life\hl.exe:Half-Life Launcher
"TCP Query User{0E4A6FB5-EB11-4F64-8465-61635F05A98C}c:\\program files\\steam\\steamapps\\makem\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\makem\garrysmod\hl2.exe:hl2
"UDP Query User{8B8E6930-FA96-4433-9E04-AC97E44C9C23}c:\\program files\\steam\\steamapps\\makem\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\makem\garrysmod\hl2.exe:hl2
"TCP Query User{B0C52F1E-AD64-4DB2-870A-664539701806}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{77D0B016-3438-47F7-B16D-FB708863D9F0}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{AB446EAD-07E8-42AD-8496-ADEFDD4D9166}c:\\program files\\steam\\steamapps\\makem\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\makem\source sdk base\hl2.exe:hl2
"UDP Query User{CE82983D-80D9-41E8-971E-42669BE20559}c:\\program files\\steam\\steamapps\\makem\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\makem\source sdk base\hl2.exe:hl2
"TCP Query User{4FFAB9F6-657F-43DA-A85A-36711A009448}c:\\program files\\steam\\steamapps\\elite265\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\elite265\half-life\hl.exe:Half-Life Launcher
"UDP Query User{D8FA7994-23D8-46BA-A8D5-4A29CB23ADAF}c:\\program files\\steam\\steamapps\\elite265\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\elite265\half-life\hl.exe:Half-Life Launcher
"TCP Query User{67F1413A-B155-4EFA-BAD0-ACA86F5F7BBD}c:\\program files\\steam\\steamapps\\makem\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\makem\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{89255F13-64A6-4115-A6FC-0CBD921477D5}c:\\program files\\steam\\steamapps\\makem\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\makem\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{68F6696F-81E8-48E2-A68E-3DC4F4B94C72}c:\\program files\\steam\\steamapps\\elite265\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\elite265\source sdk base\hl2.exe:hl2
"UDP Query User{36DBA262-AD00-46A6-9616-37689CDB4BAE}c:\\program files\\steam\\steamapps\\elite265\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\elite265\source sdk base\hl2.exe:hl2
"{664B5C32-B9F5-4FF1-96CB-A386CA441CEF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EA35CA3E-D40B-4D7A-8E77-E7B922207AD9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EE2B03C6-310E-44AA-9D4C-9D918B3992F4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E4DE802B-8858-4687-9592-D0BF595961EA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{94AFC2F0-B542-4554-81EC-574767EDD81A}c:\\program files\\steam\\steamapps\\ryanl0210\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\ryanl0210\half-life\hl.exe:Half-Life Launcher
"UDP Query User{67FB00BC-CC31-4301-9392-E835376EC248}c:\\program files\\steam\\steamapps\\ryanl0210\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\ryanl0210\half-life\hl.exe:Half-Life Launcher
"{4B7CC11B-672E-41AE-A3EC-FE3FA2EBFD5F}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{B3155339-72BF-4EBF-BEE0-6DF37C3843D8}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{9FBE0042-13CF-4AEE-9DF3-141D2DB9A776}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{BC1EBE39-FFAC-4620-92D0-EAE569272C3E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{1C065622-E6B5-4E07-8C7B-C7FBEEF0DB88}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{594F800B-FFBE-4F01-82D0-FF1FC83FCFA9}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{D4BB55E7-B4BA-4332-9C52-138C2A2BF893}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{53EA6DAF-A9AB-4DB9-8DA5-EA68511CDF7A}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{9D2624A0-1423-404B-9800-C44A5AA45FE9}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{F83CCC4E-9D8D-4E1C-9FCD-269A1F74A699}"= UDP:c:\program files\Steam\steamapps\common\call of duty 4\iw3sp.exe:Call of Duty 4: Modern Warfare
"{106C2E91-4D32-40F1-85E0-9E9D74FE3059}"= TCP:c:\program files\Steam\steamapps\common\call of duty 4\iw3sp.exe:Call of Duty 4: Modern Warfare
"{D929E63C-5900-43E9-B337-2380993C878E}"= UDP:c:\program files\Steam\steamapps\common\call of duty 4\iw3mp.exe:Call of Duty 4: Modern Warfare
"{B630214F-E41A-4E0F-BF81-B8BA19EC70C3}"= TCP:c:\program files\Steam\steamapps\common\call of duty 4\iw3mp.exe:Call of Duty 4: Modern Warfare
"{09310B8E-0F78-4823-ADE1-8A6156E9A8DA}"= UDP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{4E403EF3-0064-4FA6-8E3B-3D73BAFDDA6F}"= TCP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{47D46E80-19F9-4D2C-BBAA-7450ADC1058E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3DB4E2CA-F675-4F1D-BF84-E68B18F531B3}"= UDP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{A003AE50-5E6E-4900-AA5C-698B9109D5C8}"= TCP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{951A8900-A684-4117-892F-8E37ADEECCE4}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{54F72831-2370-4A8B-9464-E2A94DB44D77}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{3D1A82F7-B65A-4DE8-AE41-8E99E7844B33}"= UDP:c:\program files\Steam\steamapps\common\call of duty world at war\CoDWaW.exe:Call of Duty: World at War
"{D796AB85-CD79-46E0-8B88-6822C69DF159}"= TCP:c:\program files\Steam\steamapps\common\call of duty world at war\CoDWaW.exe:Call of Duty: World at War
"{0FE36651-F2FB-4048-8D83-ECB65D7E17E8}"= UDP:c:\program files\Steam\steamapps\common\call of duty world at war\CoDWaWmp.exe:Call of Duty: World at War
"{6B8BDCB2-47CA-4852-BB78-A089EE92D0F6}"= TCP:c:\program files\Steam\steamapps\common\call of duty world at war\CoDWaWmp.exe:Call of Duty: World at War
"{9CC62C32-25C3-42A3-84B5-0459319B0572}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{3A460F8F-09FF-4359-B6C8-F9E9057BB881}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{D446C5A9-62AB-4F30-B08E-E1AE85F6809C}"= UDP:c:\program files\Steam\steamapps\common\men of war\mow_editor.exe:Men of War
"{DA109A91-9CC7-495A-916B-B2ED0C532407}"= TCP:c:\program files\Steam\steamapps\common\men of war\mow_editor.exe:Men of War
"{B0B4AF33-BA22-4C22-AC22-F25251E3445A}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{6031D9FB-B78C-437F-BA2C-DA24B1270A7E}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [15/12/2008 20:41 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [15/05/2009 18:50 21008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [14/07/2009 12:28 239648]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [10/12/2008 09:49 185640]
R2 WinFLdrv;WinFLdrv;c:\windows\System32\WinFLdrv.sys [19/08/2009 02:33 10752]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [16/05/2009 20:59 19472]
R3 RecFltr;Reclusa Keyboard;c:\windows\System32\drivers\RecFltr.sys [18/12/2007 13:37 41984]
S3 SaiH075C;SaiH075C;c:\windows\System32\drivers\SaiH075C.sys [18/11/2008 22:15 176640]
.
Contents of the 'Scheduled Tasks' folder
2009-08-27 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-10-30 16:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\calvin\AppData\Roaming\Mozilla\Firefox\Profiles\rf7ysydv.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage -
http://www.runescape.comFF - prefs.js: keyword.URL -
hxxp://search.icq.com/search/afe_result ... id=afex&q=FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\calvin\AppData\Roaming\Mozilla\Firefox\Profiles\rf7ysydv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-27 03:38
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\sys_drv.dat 6024 bytes
c:\windows\system32\sys_drv_2.dat 5020 bytes
c:\users\calvin\AppData\Roaming\systemfl.$dk 990 bytes
scan completed successfully
hidden files: 3
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{416cda14-c08c-4352-a32c-b2f35631ca32}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001d60
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{4c7abab7-c174-4f70-a736-798b70e4459e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f7a7900
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{bb430a41-29c3-4116-85dd-2c355f542404}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f020054
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{bbc9af33-5643-43e7-9819-d6d2c9d3948c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f7a7900
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Completion time: 2009-08-27 3:42
ComboFix-quarantined-files.txt 2009-08-27 02:42
Pre-Run: 238,089,609,216 bytes free
Post-Run: 238,388,072,448 bytes free
411 --- E O F --- 2009-08-26 02:02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:46:48, on 27/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 1956764499O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 1956856774O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
--
End of file - 5750 bytes
i was not aware of that i still had norton 360 still installed... i have now removed it with the use of a norton remover tool. Please tell me if i still have this anti-virus as i do only wish to use Kaspersky
As for my pc, it's been running better... i have not had a bsod for around 2 days now... so some thing is going right, although i still feel some thing is wrong... for it to of bsod. If it turns out i am clean of malware, would it be possible for you to continue assisting me in finding out the cause of the bsod? or prehaps point me in the direction of another fourm that could?