Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Win32.Agent.abmh


  • This topic is locked This topic is locked
11 replies to this topic

#1 slamoya

slamoya

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 14 January 2010 - 01:34 PM

I am having problems with my antivirus security program (Kaspersky 2010). Kaspersky detects the virus and tries to delete it, has to restart and this happens continuously in 15-30 minute incraments. My laptop crashes, then has to repair winows and scans for a long period. I have to start from boot menu in order to get up and running. This is a terrible problem, please help, I've run out of ideas. Thank you in advanced.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Stan at 11:23:56.68 on Thu 01/14/2010
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2939.1560 [GMT -6:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\lxdqcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Lexmark Z2400 Series\lxdqMsdMon.exe
C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Stan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} -
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [lxdqmon.exe] "c:\program files\lexmark z2400 series\lxdqmon.exe"
mRun: [lxdqamon] "c:\program files\lexmark z2400 series\lxdqamon.exe"
mRun: [WireLessMouse] c:\program files\multimedia mouse driver\StartAutorun.exe MouseDrv.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Afobos] rundll32.exe "c:\users\stan\appdata\local\ilicaqiqejejohe.dll",Startup
StartupFolder: c:\users\stan\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\users\stan\appdata\roaming\mozilla\firefox\profiles\vdnwj0jd.default\
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {D523C4F0-822C-4F29-BA3C-6134AE34F35C} - c:\users\stan\appdata\local\{D523C4F0-822C-4F29-BA3C-6134AE34F35C}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-4-26 20384]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-5-15 21008]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-7-3 303376]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S2 LiveTurbineMessageService;Turbine Message Service - Live; [x]
S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdqserv.exe [2008-2-27 98984]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-26 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GarenaPEngine;GarenaPEngine;c:\users\stan\appdata\local\temp\YWH6F9A.tmp [2009-12-15 25616]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-4-26 954368]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; [x]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]

=============== Created Last 30 ================

2010-01-14 16:52:32 0 d-----w- c:\windows\system32\EventProviders
2010-01-07 23:43:41 215062535 ----a-w- c:\windows\MEMORY.DMP
2010-01-07 23:29:44 763904 ----a-w- c:\windows\system32\drivers\mmzcgiwz.sys
2010-01-07 23:29:25 28 ----a-w- c:\users\stan\appdata\roaming\fvgqad.dat
2010-01-07 23:29:19 4 ----a-w- c:\users\stan\appdata\roaming\avdrn.dat
2009-12-27 15:09:12 0 d-----w- c:\program files\SFO
2009-12-27 15:07:22 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-12-20 08:01:25 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-20 06:52:33 0 d-----w- c:\users\stan\appdata\roaming\DAEMON Tools Pro
2009-12-20 06:43:06 0 ----a-w- c:\windows\ToDisc.INI
2009-12-18 19:47:02 0 ---ha-w- c:\windows\SwSys2.bmp
2009-12-18 19:47:02 0 ---ha-w- c:\windows\SwSys1.bmp
2009-12-18 19:44:02 0 d-----w- c:\program files\Midway Home Entertainment
2009-12-18 04:33:24 0 d-----w- c:\program files\PowerISO
2009-12-16 02:05:43 258352 ----a-w- c:\windows\system32\unicows.dll
2009-12-16 00:59:10 0 d-----w- c:\users\stan\appdata\roaming\GetRightToGo

==================== Find3M ====================

2009-12-14 21:43:41 1218 ----a-w- c:\users\stan\appdata\roaming\wklnhst.dat
2009-12-14 03:39:36 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-13 23:21:49 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-13 23:21:49 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-13 23:21:47 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-16 09:13:14 216576 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-11-12 13:24:34 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-11-03 22:17:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-03 22:15:07 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-19 14:27:37 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-10-19 14:24:00 72704 ----a-w- c:\windows\system32\fontsub.dll
2008-09-30 19:36:56 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-08 16:07:45 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-06-08 16:07:41 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 11:26:21.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:25 AM

Posted 20 January 2010 - 04:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 slamoya

slamoya
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 22 January 2010 - 11:02 AM

2010 Kaspersky Internet Suite, constantly requests to restart to disinfect trojan/virus, but the actual problem does not disinfect. Not long after restarting it will ask to restart again. There is a warning sign on my protection and sometimes will not reboot as it normally should. I have uninstalled utorrent program as advised in another forum, but the problem still persists. Here is the OTL logs....


OTL Extras logfile created on: 1/22/2010 9:52:07 AM - Run 1
OTL by OldTimer - Version 3.1.25.4 Folder = C:\Users\Stan\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.37 Gb Total Space | 23.15 Gb Free Space | 16.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STAN-PC
Current User Name: Stan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4229604500-3487303875-4101604920-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ABB5DAA-52B1-4731-B339-CA77B69A3266}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8E38BB7D-A718-49E3-8F96-A614B6BB7460}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E1B797D7-5C4A-486F-AA05-79E5DC315775}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{082A1BD4-D6FD-416A-BFC6-C087CAD8B96F}" = protocol=17 | dir=in | app=c:\program files\lexmark z2400 series\lxdqamon.exe |
"{09F49881-B730-4860-9A4E-CCAA7496BA04}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{0CF9F5D4-9E58-472A-9795-E5CA8A2EBBE8}" = protocol=6 | dir=in | app=c:\windows\system32\lxdqcoms.exe |
"{11B0EB49-BC2A-4D09-B353-20FB949AF698}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{168A780D-183E-4889-B2EC-F353CDAC4EF1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{1E42E5A9-7424-426E-9889-2BCC018D04C9}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqtime.exe |
"{1FFA931B-DCB6-4F37-BBD6-7093BB1B62EA}" = protocol=6 | dir=in | app=c:\program files\lexmark z2400 series\lxdqmon.exe |
"{21A739D3-5B86-4371-8464-561A04D60FC5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{236062F7-4F3C-4490-9C78-3B247B59FFB7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{25A8731B-DD0B-4379-80FE-8E2181D9B8E7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2739AF62-CA76-4D4F-B5A6-9620299D96CF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{2D939A53-DA0B-401E-B32B-7C4416AA0142}" = protocol=17 | dir=in | app=c:\program files\lexmark z2400 series\frun.exe |
"{36FA151D-ED22-4851-91D2-14B6B6320670}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{40225FDB-739E-4735-81C0-D4BDB282DA24}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{406EFF9C-4BE1-4961-A5D9-209FAEB212E7}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{43C24151-2668-447E-9351-A045A1698BB5}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{47DBB34A-675B-4C4C-88DB-5B34F0F6012E}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{5E3CCD05-4B63-4FF1-B447-023DC4398BF6}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{5F7A9938-ED0E-4721-877B-F36699A33F18}" = protocol=17 | dir=in | app=c:\windows\system32\lxdqcfg.exe |
"{63333A44-87CD-4EA1-9B8C-2024C489FCD5}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{6F49ED07-6F61-4ACF-83A7-4155540B383B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{717E93F3-0299-40C5-ACA9-DA5ECA394556}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqtime.exe |
"{784114B8-0BBF-44D5-9773-181769A16460}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{793118C2-954B-4D73-9730-D20330504FFF}" = protocol=6 | dir=in | app=c:\program files\lexmark z2400 series\lxdqamon.exe |
"{87465C0B-49EB-48C2-98DC-02F40A4AB9B4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqjswx.exe |
"{87F58CB6-BA01-4FA9-8C8C-2B3F08E92BD7}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{8AC3F5FE-9822-4328-95DA-853821687092}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{8BDE07FB-E1C5-4F8C-893C-23F9D345B1DD}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{923422E3-7EC9-4E0A-B0BE-3F4E4CD49FDA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{966AC886-5ED4-4CB2-909B-CB552DA2984D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{9DA42B23-6C90-4542-B477-814FDD5FFE6A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe |
"{9DB65154-702C-42D5-9029-AB5E566B9043}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{A2B24F34-0AEE-45A6-80AC-2C784B8D1D61}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe |
"{A7784E42-86BA-406C-B015-63D9EDFDB8A9}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{AC47FA35-5AD5-477A-BB17-412AAE528C3C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B78A5595-E9D2-413F-B40F-BD3C3EDEC05A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B831EACD-BB9B-4988-8C0E-6972359664A6}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B9058768-A3E4-410E-8444-619F4E203F4B}" = protocol=17 | dir=in | app=c:\windows\system32\lxdqcoms.exe |
"{C7787865-23EB-4BCD-87BD-979DE09A7897}" = protocol=6 | dir=in | app=c:\windows\system32\lxdqcfg.exe |
"{C98EF3F9-5636-43E6-A643-59290D918D70}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{D44F5604-EB5C-489C-A0D2-0B363E80DE9E}" = protocol=6 | dir=in | app=c:\program files\lexmark z2400 series\frun.exe |
"{D57A9FD3-3C90-44AD-8098-69A866FAA611}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{DD6F91EB-7359-422D-BC72-59F70C9AC2CC}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{DEF76532-726E-4683-892F-CC3D9C74BDA8}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{EBF99820-B46B-4190-8AA8-E8580BB9AE06}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{F1C4D47E-AEA7-46F0-B61E-93F856BFBE5A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqjswx.exe |
"{F4B4C408-9FC0-4CAD-B222-6891F011D5F1}" = protocol=17 | dir=in | app=c:\program files\lexmark z2400 series\lxdqmon.exe |
"{FFFF8350-A2F1-43E3-B6FC-E1A7449D430D}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"TCP Query User{069D395C-A02C-47F0-A450-0A8D7E4AFDDC}C:\program files\steam\steamapps\svlboom\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\svlboom\day of defeat source\hl2.exe |
"TCP Query User{1BB351CD-C705-4923-98E7-50E00DE66820}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{1D9AF52C-BA1F-4A03-BDD0-40F9DC7520D9}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"TCP Query User{22F553BE-CB52-4AEF-8967-AEC1F0A46B70}C:\users\stan\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\stan\program files\dna\btdna.exe |
"TCP Query User{3852C127-1A2B-49FD-8180-24E52801AAF1}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{45835F41-105D-40B9-8BF4-8F82785D5B67}C:\program files\steam\steamapps\svlboom\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\svlboom\garrysmod\hl2.exe |
"TCP Query User{47DEFFE9-741B-46D4-B3A8-0BBC29B22CD4}C:\games\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\games\left 4 dead\left4dead.exe |
"TCP Query User{743F8C79-F877-4922-AE53-E5545B02CA90}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9464-to-3.0.8.9506-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9464-to-3.0.8.9506-enus-downloader.exe |
"TCP Query User{7DE51D1C-F149-4758-B7C0-0DCAD507EC3D}C:\games\onlineboxing\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\games\onlineboxing\jre\bin\java.exe |
"TCP Query User{846239CC-E701-4C2E-A4EE-6A393942728D}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{91A26A08-0791-4195-9DE4-A86B6F98333A}C:\users\stan\desktop\left 4 dead\l4d\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\users\stan\desktop\left 4 dead\l4d\left 4 dead\left4dead.exe |
"TCP Query User{955291F0-BC55-4FAC-9710-152EC801177B}C:\program files\turbine\turbine download manager\resources\new folder\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\resources\new folder\lotroclient.exe |
"TCP Query User{A580A692-0F36-40BA-AC1D-0A8087447D98}C:\program files\steam\steamapps\svlboom\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\svlboom\zombie panic! source\hl2.exe |
"TCP Query User{A5F6A4BA-5AC5-439E-AEA7-ED2C9342DCB9}C:\users\public\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"TCP Query User{B63E2DDF-EF50-43D8-B075-9219A2930382}C:\program files\game vindicator\game vindicator\gamevindicator.exe" = protocol=6 | dir=in | app=c:\program files\game vindicator\game vindicator\gamevindicator.exe |
"TCP Query User{D1153FFF-F155-4CC4-B978-CCC5EABB122A}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"TCP Query User{FE3F489F-CDE4-411D-853F-2FBB0DDB94B4}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{FF267BED-7B63-4510-9CFC-74E9E07B6BC3}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{0C7A5683-3153-486C-B38A-463981CF1531}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{43677743-972C-41B1-ADC5-7003B786C505}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{5354F5B3-9346-4112-846E-1657D7EE5A15}C:\users\public\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"UDP Query User{7574A452-D5D3-40D2-96B1-5F3F37B1688F}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9464-to-3.0.8.9506-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9464-to-3.0.8.9506-enus-downloader.exe |
"UDP Query User{78BDE410-5074-4237-B2DC-B1B978A1A65E}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{87C56BB6-2AEB-48E4-AADA-0C23DA4888CA}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"UDP Query User{95933F46-CE43-4305-819E-6B7FE36DF8C5}C:\games\onlineboxing\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\games\onlineboxing\jre\bin\java.exe |
"UDP Query User{96B55058-AE5F-46F1-AC24-A0A5EC420A5F}C:\program files\game vindicator\game vindicator\gamevindicator.exe" = protocol=17 | dir=in | app=c:\program files\game vindicator\game vindicator\gamevindicator.exe |
"UDP Query User{97D2FAB1-9A55-4F32-8540-C1FA2FA2F429}C:\users\stan\desktop\left 4 dead\l4d\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\users\stan\desktop\left 4 dead\l4d\left 4 dead\left4dead.exe |
"UDP Query User{B59AF900-1BAA-4364-9587-64BD8C989E14}C:\program files\steam\steamapps\svlboom\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\svlboom\zombie panic! source\hl2.exe |
"UDP Query User{B9EBB2AE-39D1-492E-AA00-037D8CBCB294}C:\program files\turbine\turbine download manager\resources\new folder\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\resources\new folder\lotroclient.exe |
"UDP Query User{C59C088C-7219-4644-B755-596756463963}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{CA3A4099-6068-4A42-A6B8-EBC7930BC39C}C:\games\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\games\left 4 dead\left4dead.exe |
"UDP Query User{CBC0F413-7393-4A34-B13A-F3E7C57311E8}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{D4E3C02A-710B-474D-AEBD-D841D1337072}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"UDP Query User{D66D2E61-3110-48C3-9AB8-ABCABCE5383D}C:\program files\steam\steamapps\svlboom\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\svlboom\day of defeat source\hl2.exe |
"UDP Query User{DBDAC064-7802-4160-929D-6D8874D30087}C:\program files\steam\steamapps\svlboom\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\svlboom\garrysmod\hl2.exe |
"UDP Query User{EFF8DB72-4AB1-40B8-BDF3-E70C0A6DB068}C:\users\stan\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\stan\program files\dna\btdna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99D518AB-77F2-405B-B52A-18FC22394CF8}" = NetZero Internet Access Installer
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE17CF38-C912-4EFE-9620-AFED5607F018}" = Multimedia Mouse Driver
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Champions Online" = Champions Online
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{AE17CF38-C912-4EFE-9620-AFED5607F018}" = Multimedia Mouse Driver
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Lexmark Z2400 Series" = Lexmark Z2400 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Picasa2" = Picasa 2
"PowerISO" = PowerISO
"Shockwave" = Shockwave
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4229604500-3487303875-4101604920-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"BitTorrent DNA" = DNA
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


OTL logfile created on: 1/22/2010 9:52:07 AM - Run 1
OTL by OldTimer - Version 3.1.25.4 Folder = C:\Users\Stan\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.37 Gb Total Space | 23.15 Gb Free Space | 16.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STAN-PC
Current User Name: Stan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/22 09:51:06 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Users\Stan\Desktop\OTL.exe
PRC - [2010/01/02 00:40:20 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/12/14 17:38:05 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/11/08 21:17:50 | 00,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/07/03 14:45:24 | 00,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/26 22:07:11 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/01 17:11:06 | 01,283,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/04/01 17:10:58 | 00,062,776 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/02/06 17:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008/10/29 00:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/14 11:40:44 | 00,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/08/14 11:40:36 | 01,348,904 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/07/18 21:39:30 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/25 16:06:06 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/06/25 16:06:02 | 00,145,944 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/06/25 16:05:58 | 00,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/06/25 16:05:50 | 00,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/06/02 14:26:48 | 00,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 12:49:30 | 00,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 14:03:12 | 00,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/17 01:21:24 | 01,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 01:19:48 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 01:19:16 | 00,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 18:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 18:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 16:14:50 | 06,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/27 09:04:28 | 00,656,040 | ---- | M] () -- C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe
PRC - [2008/03/27 09:04:22 | 00,025,256 | ---- | M] () -- C:\Program Files\Lexmark Z2400 Series\lxdqmsdmon.exe
PRC - [2008/02/27 17:09:44 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdqcoms.exe
PRC - [2008/02/06 14:52:52 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 14:52:40 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/20 20:33:24 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/20 20:33:00 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/03 18:03:52 | 00,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 18:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 13:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 17:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/07 18:22:36 | 00,798,720 | ---- | M] () -- C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe


========== Modules (SafeList) ==========

MOD - [2010/01/22 09:51:06 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Users\Stan\Desktop\OTL.exe
MOD - [2010/01/08 18:32:50 | 00,123,392 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
MOD - [2008/01/20 20:33:14 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineNetworkService)
SRV - File not found [Auto | Stopped] -- -- (LiveTurbineMessageService)
SRV - [2010/01/08 18:32:50 | 00,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/08/27 12:28:00 | 00,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/13 12:08:58 | 00,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe -- (lxdqCATSCustConnectService)
SRV - [2009/08/05 21:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/03 14:56:14 | 00,303,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/06/08 11:30:01 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/06 15:15:00 | 02,785,582 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/04/01 17:10:58 | 00,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/18 21:39:30 | 00,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/17 01:19:48 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 16:53:00 | 00,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 18:54:42 | 00,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/02/27 17:09:44 | 00,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdqcoms.exe -- (lxdq_device)
SRV - [2008/02/06 14:52:40 | 00,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 20:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 18:03:52 | 00,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 18:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/05 13:10:12 | 00,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 17:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/12/15 03:42:32 | 00,025,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Stan\AppData\Local\Temp\YWH6F9A.tmp -- (GarenaPEngine)
DRV - [2009/12/13 21:39:36 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/16 03:13:14 | 00,216,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/11/08 21:21:18 | 00,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/08/16 10:09:47 | 00,280,592 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/08/05 21:48:42 | 00,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/08/05 15:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/05 15:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/05 15:06:28 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/15 13:01:00 | 00,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/05/16 19:59:34 | 00,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/05/15 17:50:22 | 00,021,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/03/26 07:00:02 | 00,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/12/15 19:41:32 | 00,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2008/10/09 14:42:42 | 00,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/08/14 11:40:40 | 00,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/07/28 16:53:48 | 00,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 19:52:16 | 00,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/06/12 19:43:16 | 02,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/04/28 17:59:18 | 00,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 18:53:44 | 00,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/09 19:00:04 | 02,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/02/22 20:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/01/20 20:32:53 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:32:53 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:32:52 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:32:52 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:32:52 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:32:52 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:32:51 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:32:51 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:32:50 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:32:50 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 20:32:50 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:32:49 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:32:49 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:32:49 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:32:49 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:32:49 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:32:48 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:32:48 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:32:47 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:32:46 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:32:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:32:21 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:32:21 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:32:21 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 10:22:00 | 00,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 12:53:24 | 00,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 15:00:52 | 00,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 16:11:00 | 01,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 15:11:14 | 00,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 00:32:00 | 00,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 00:31:00 | 00,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 03:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\S-1-5-21-4229604500-3487303875-4101604920-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: {D523C4F0-822C-4F29-BA3C-6134AE34F35C}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{D523C4F0-822C-4F29-BA3C-6134AE34F35C}: C:\Users\Stan\AppData\Local\{D523C4F0-822C-4F29-BA3C-6134AE34F35C} [2010/01/07 18:35:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/08 19:01:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/27 09:10:13 | 00,000,000 | ---D | M]

[2009/07/05 00:40:05 | 00,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\Mozilla\Extensions
[2009/07/05 00:40:05 | 00,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\Mozilla\Firefox\Profiles\9y5ww57h.default\extensions
[2010/01/08 18:35:11 | 00,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\Mozilla\Firefox\Profiles\vdnwj0jd.default\extensions
[2010/01/08 18:35:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/20 02:57:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: ([2006/09/18 15:41:30 | 00,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [lxdqamon] C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe ()
O4 - HKLM..\Run: [lxdqmon.exe] C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4229604500-3487303875-4101604920-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 97.64.180.150 97.64.187.153
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\Stan\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Stan\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ee678cc7-eb8e-11de-8d7b-001e33b9929c}\Shell - "" = AutoRun
O33 - MountPoints2\{ee678cc7-eb8e-11de-8d7b-001e33b9929c}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\E\Shell\directx\command - "" = E:\DirectX9\dxsetup.exe -- File not found
O33 - MountPoints2\E\Shell\setup\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/22 09:51:03 | 00,547,840 | ---- | C] (OldTimer Tools) -- C:\Users\Stan\Desktop\OTL.exe
[2010/01/21 15:08:24 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/21 15:08:24 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/21 15:08:23 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/21 15:08:23 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/21 15:08:23 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/21 15:08:23 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/21 15:08:23 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/21 15:08:23 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/21 15:08:23 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/21 15:08:23 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/21 15:08:23 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/21 15:08:23 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/21 15:08:23 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/21 15:08:23 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/13 15:56:02 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/01/12 20:07:56 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/01/12 20:07:56 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/01/12 20:07:56 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/01/12 20:07:55 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/01/12 20:07:55 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/01/12 20:07:55 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/01/12 20:07:55 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/01/12 20:07:54 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/01/12 20:07:54 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/01/12 20:07:54 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/01/12 20:07:54 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/01/12 20:07:54 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/01/12 20:07:53 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/01/12 20:07:53 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/01/12 20:07:53 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/01/12 20:07:53 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/01/12 20:07:52 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/01/12 20:07:52 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/01/12 20:07:52 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2010/01/12 20:07:52 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/01/12 20:07:51 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/01/12 20:07:49 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/01/12 20:07:49 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/01/12 20:07:49 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/01/12 20:07:49 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/01/12 20:07:49 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/01/12 20:07:48 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/01/12 20:07:48 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/01/12 20:07:09 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/12 20:07:09 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/07 18:35:17 | 00,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{D523C4F0-822C-4F29-BA3C-6134AE34F35C}
[2010/01/07 17:44:31 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/12/28 06:54:38 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2009/12/28 06:54:37 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2009/12/28 06:54:34 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2009/12/28 06:54:29 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2009/12/28 06:54:29 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2009/12/28 06:54:28 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2009/12/28 06:54:28 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2009/12/28 06:54:27 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2009/12/28 06:54:27 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2009/12/28 06:54:25 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2009/12/28 06:54:25 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2009/12/28 06:54:24 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2009/12/28 06:54:24 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2009/12/28 06:54:23 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2009/12/28 06:54:23 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2009/12/28 06:54:22 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2009/12/28 06:54:21 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2009/12/28 06:54:19 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2009/12/28 06:54:19 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2009/12/28 06:54:17 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2009/12/28 06:54:16 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2009/12/28 06:54:13 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2009/12/28 06:54:13 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2009/12/28 06:54:11 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2009/12/28 06:54:08 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2009/12/28 06:54:08 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2009/12/28 06:54:06 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2009/12/28 06:54:06 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2009/12/28 06:54:04 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2009/12/28 06:42:57 | 00,000,000 | ---D | C] -- C:\Users\Stan\Desktop\champions
[2009/12/27 09:09:12 | 00,000,000 | ---D | C] -- C:\Program Files\SFO
[2009/12/27 09:07:22 | 00,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
[2009/12/27 05:56:40 | 00,000,000 | ---D | C] -- C:\Users\Stan\Desktop\No_limit_Winmugen_patch
[2009/10/15 21:32:46 | 00,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdqcoin.dll
[2009/07/05 12:16:20 | 00,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDQhcp.dll
[2009/07/05 12:16:19 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdqinpa.dll
[2009/07/05 12:16:19 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdqiesc.dll
[2009/07/05 12:16:18 | 01,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdqserv.dll
[2009/07/05 12:16:18 | 00,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdqusb1.dll
[2009/07/05 12:16:18 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdqprox.dll
[2009/07/05 12:16:17 | 00,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdqpmui.dll
[2009/07/05 12:16:17 | 00,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdqlmpm.dll
[2009/07/05 12:16:16 | 00,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdqhbn3.dll
[2009/07/05 12:16:14 | 00,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdqcomc.dll
[2009/07/05 12:16:14 | 00,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdqcomm.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/22 09:54:49 | 00,763,904 | ---- | M] () -- C:\Windows\System32\drivers\mmzcgiwz.sys
[2010/01/22 09:52:25 | 02,883,584 | -HS- | M] () -- C:\Users\Stan\ntuser.dat
[2010/01/22 09:51:06 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Users\Stan\Desktop\OTL.exe
[2010/01/22 08:31:29 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/22 08:31:29 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/22 05:07:27 | 00,000,098 | -HS- | M] () -- C:\Windows\klif.spi
[2010/01/22 04:31:43 | 00,000,000 | -HS- | M] () -- C:\Windows\System32\drivers\ISwift3.dat
[2010/01/22 04:31:30 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/22 04:31:21 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/22 04:30:55 | 30,828,17536 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/22 04:29:12 | 00,524,288 | -HS- | M] () -- C:\Users\Stan\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/01/22 04:29:12 | 00,065,536 | -HS- | M] () -- C:\Users\Stan\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/01/22 04:29:09 | 06,291,456 | -H-- | M] () -- C:\Users\Stan\AppData\Local\IconCache.db
[2010/01/20 01:28:08 | 12,884,2348 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/20 00:21:40 | 00,000,120 | ---- | M] () -- C:\Users\Stan\AppData\Local\Jhokuj.dat
[2010/01/20 00:21:40 | 00,000,000 | ---- | M] () -- C:\Users\Stan\AppData\Local\Rzateramiy.bin
[2010/01/14 11:30:05 | 00,000,000 | ---- | M] () -- C:\Users\Stan\Desktop\settings.dat
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/12 19:07:22 | 00,604,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/12 19:07:21 | 00,704,434 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/12 19:07:21 | 00,105,376 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/07 17:29:30 | 00,000,028 | ---- | M] () -- C:\Users\Stan\AppData\Roaming\fvgqad.dat
[2010/01/07 17:29:19 | 00,000,004 | ---- | M] () -- C:\Users\Stan\AppData\Roaming\avdrn.dat
[2010/01/02 00:33:32 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/02 00:33:32 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/02 00:32:51 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/02 00:32:46 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/02 00:32:33 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/02 00:32:33 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/02 00:32:33 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/02 00:32:32 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/02 00:32:32 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/02 00:32:26 | 00,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/01 22:57:00 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/01 22:56:50 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/01 22:56:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/01 22:55:54 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/12/28 06:54:49 | 00,000,810 | ---- | M] () -- C:\Users\Stan\Desktop\Champions Online.lnk
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/22 05:07:27 | 00,000,098 | -HS- | C] () -- C:\Windows\klif.spi
[2010/01/22 04:31:43 | 00,000,000 | -HS- | C] () -- C:\Windows\System32\drivers\ISwift3.dat
[2010/01/14 11:30:05 | 00,000,000 | ---- | C] () -- C:\Users\Stan\Desktop\settings.dat
[2010/01/12 20:09:32 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/01/07 18:35:18 | 00,000,120 | ---- | C] () -- C:\Users\Stan\AppData\Local\Jhokuj.dat
[2010/01/07 18:35:18 | 00,000,000 | ---- | C] () -- C:\Users\Stan\AppData\Local\Rzateramiy.bin
[2010/01/07 18:28:55 | 30,828,17536 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/07 17:43:41 | 12,884,2348 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/01/07 17:29:44 | 00,763,904 | ---- | C] () -- C:\Windows\System32\drivers\mmzcgiwz.sys
[2010/01/07 17:29:25 | 00,000,028 | ---- | C] () -- C:\Users\Stan\AppData\Roaming\fvgqad.dat
[2010/01/07 17:29:19 | 00,000,004 | ---- | C] () -- C:\Users\Stan\AppData\Roaming\avdrn.dat
[2009/12/28 06:54:49 | 00,000,810 | ---- | C] () -- C:\Users\Stan\Desktop\Champions Online.lnk
[2009/12/20 00:43:06 | 00,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009/12/20 00:19:54 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009/12/13 21:39:34 | 00,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/12/01 18:28:16 | 00,000,092 | ---- | C] () -- C:\Users\Stan\AppData\Local\fusioncache.dat
[2009/08/13 14:32:48 | 00,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 08:02:58 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdqgrd.dll
[2009/07/05 12:53:34 | 00,000,309 | ---- | C] () -- C:\ProgramData\lxdqDiagnostics.log
[2009/07/05 12:53:04 | 00,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2009/07/05 12:16:34 | 00,000,044 | ---- | C] () -- C:\Windows\System32\lxdqrwrd.ini
[2009/07/05 12:16:20 | 00,348,160 | ---- | C] () -- C:\Windows\System32\LXDQinst.dll
[2009/07/01 00:01:26 | 00,008,192 | ---- | C] () -- C:\Users\Stan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/09 08:54:14 | 00,001,218 | ---- | C] () -- C:\Users\Stan\AppData\Roaming\wklnhst.dat
[2009/06/08 10:07:45 | 00,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/06/08 10:07:41 | 00,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/04/26 21:26:34 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/04/26 21:26:34 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/04/26 21:26:34 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/04/26 21:26:34 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/03/05 05:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/09/30 13:36:25 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/09/30 13:25:14 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/09/30 13:25:14 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/09/30 13:25:14 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/09/30 13:25:14 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/09/30 13:25:14 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/09/30 13:25:14 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/06/12 19:59:22 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2007/11/28 11:51:49 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdqvs.dll
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 10:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

Edited by slamoya, 22 January 2010 - 11:10 AM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:25 AM

Posted 22 January 2010 - 01:11 PM

Hi,

are you getting help in anoteher forum as well?

Could you please tell me which files are detected as malicious by Kaspersky?

Please also run a scan with gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 slamoya

slamoya
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 25 January 2010 - 11:32 PM

As requested: The main files that kaspersky keeps trying to disinfect is in C:/window/system32/drivers/mmzcgiwz.sys. Here is the log from GMER: Note: There was a warning at the end of the scan rootkit has made some modifications....

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-25 22:19:33
Windows 6.0.6002 Service Pack 2
Running: xk92wix7.exe; Driver: C:\Users\Stan\AppData\Local\Temp\pwddypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x9194EE06] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x9194EF84] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x9194F014] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x9194DDF8] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x9194E4EA] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x9194E816] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x9194DF66] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x9194E6EE] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x9194D9D2] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x9194E5AA] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x9194DB8C] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x9194E948] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x9194E64C] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x9194E0C4] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x9194E8B8] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x9194DE34] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x9194E786] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x9194F45C] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x9194E9EA] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x9194F214] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x9194ED74] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x9194EC3A] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x9194E1F0] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x9194F2C8] <-- ROOTKIT !!!
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x9153B0B0] <-- ROOTKIT !!!

INT 0x72 ? 86F3BF00
INT 0x82 ? 86F3BF00
INT 0x92 ? 86F3BF00
INT 0xA2 ? 857FABF8
INT 0xA2 ? 86F3BF00
INT 0xA2 ? 86F3BF00
INT 0xA2 ? 857FABF8
INT 0xB2 ? 86F3BF00
INT 0xB2 ? 86F3BF00
INT 0xB2 ? 86F3BF00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 13D 822B0880 8 Bytes [06, EE, 94, 91, 84, EF, 94, ...] {PUSH ES; OUT DX, AL ; XCHG ESP, EAX; XCHG ECX, EAX; TEST BH, CH; XCHG ESP, EAX; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 181 822B08C4 4 Bytes [14, F0, 94, 91] {ADC AL, 0xf0; XCHG ESP, EAX; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1A9 822B08EC 4 Bytes [F8, DD, 94, 91]
.text ntkrnlpa.exe!KeSetEvent + 1C1 822B0904 4 Bytes JMP 309194E4
.text ntkrnlpa.exe!KeSetEvent + 1D1 822B0914 4 Bytes CALL 6EB39AAD
.text ...
? System32\Drivers\spfc.sys The system cannot find the path specified. !
? System32\Drivers\mmzcgiwz.sys A device attached to the system is not functioning. !
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AB55480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AB96900, 0x3CA, 0x48000040]
.text USBPORT.SYS!DllUnload 8F9CF41B 5 Bytes JMP 86F3B4E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[652] USER32.dll!CreateWindowExW 75BD1305 5 Bytes JMP 6BF8D9BC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[652] USER32.dll!DialogBoxParamW 75BF10B0 5 Bytes JMP 6BEB5689 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[652] USER32.dll!DialogBoxIndirectParamW 75BF2EF5 5 Bytes JMP 6C0843F7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[652] USER32.dll!DialogBoxParamA 75C08152 5 Bytes JMP 6C084394 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[652] USER32.dll!DialogBoxIndirectParamA 75C0847D 5 Bytes JMP 6C08445A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[652] USER32.dll!MessageBoxIndirectA 75C1D4D9 5 Bytes JMP 6C084329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[652] USER32.dll!MessageBoxIndirectW 75C1D5D3 5 Bytes JMP 6C0842BE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[652] USER32.dll!MessageBoxExA 75C1D639 5 Bytes JMP 6C08425C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[652] USER32.dll!MessageBoxExW 75C1D65D 5 Bytes JMP 6C0841FA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1088] C:\Windows\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1088] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1088] USER32.dll!SetScrollInfo + 7A8 75BD7980 4 Bytes [70, 11, 32, 6D]
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] USER32.dll!SetWindowsHookExW 75BC87AD 5 Bytes JMP 6BF89B29 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] USER32.dll!CallNextHookEx 75BC8E3B 5 Bytes JMP 6BF7D171 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] USER32.dll!UnhookWindowsHookEx 75BC98DB 5 Bytes JMP 6BEF486E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] USER32.dll!CreateWindowExW 75BD1305 5 Bytes JMP 6BF8D9BC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] USER32.dll!DialogBoxParamW 75BF10B0 5 Bytes JMP 6BEB5689 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] USER32.dll!DialogBoxIndirectParamW 75BF2EF5 5 Bytes JMP 6C0843F7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] USER32.dll!DialogBoxParamA 75C08152 5 Bytes JMP 6C084394 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] USER32.dll!DialogBoxIndirectParamA 75C0847D 5 Bytes JMP 6C08445A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] USER32.dll!MessageBoxIndirectA 75C1D4D9 5 Bytes JMP 6C084329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] USER32.dll!MessageBoxIndirectW 75C1D5D3 5 Bytes JMP 6C0842BE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] USER32.dll!MessageBoxExA 75C1D639 5 Bytes JMP 6C08425C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] USER32.dll!MessageBoxExW 75C1D65D 5 Bytes JMP 6C0841FA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] ole32.dll!OleLoadFromStream 770C1E12 5 Bytes JMP 6C084778 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] ole32.dll!CoCreateInstance 770F9EA6 5 Bytes JMP 6BF8DA18 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] WS2_32.dll!closesocket 75B6330C 5 Bytes JMP 6A8DEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] WS2_32.dll!recv 75B6343A 5 Bytes JMP 6A8DF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] WS2_32.dll!socket 75B636D1 5 Bytes JMP 6A8DE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] WS2_32.dll!connect 75B640D9 5 Bytes JMP 6A8DE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] WS2_32.dll!getaddrinfo 75B6418A 5 Bytes JMP 6A8DE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4248] WS2_32.dll!send 75B6659B 5 Bytes JMP 6A8DE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[5132] C:\Windows\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[5132] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[5132] USER32.dll!SetScrollInfo + 7A8 75BD7980 4 Bytes [70, 11, 32, 6D]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806916D6] \SystemRoot\System32\Drivers\spfc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80691042] \SystemRoot\System32\Drivers\spfc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80691800] \SystemRoot\System32\Drivers\spfc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806910C0] \SystemRoot\System32\Drivers\spfc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069113E] \SystemRoot\System32\Drivers\spfc.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A0B90] \SystemRoot\System32\Drivers\spfc.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F22190
Device \FileSystem\Ntfs \Ntfs 857FC1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{33A008A6-E696-464A-8C85-F41BB59A2309} 87CB8240

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 857F81F8
Device \Driver\usbuhci \Device\USBPDO-0 8730A1F8
Device \Driver\usbuhci \Device\USBPDO-1 8730A1F8
Device \Driver\usbehci \Device\USBPDO-2 873091F8
Device \Driver\usbuhci \Device\USBPDO-3 8730A1F8
Device \Driver\usbuhci \Device\USBPDO-4 8730A1F8

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbuhci \Device\USBPDO-5 8730A1F8
Device \Driver\usbuhci \Device\USBPDO-6 8730A1F8
Device \Driver\volmgr \Device\HarddiskVolume1 857F81F8
Device \Driver\usbehci \Device\USBPDO-7 873091F8
Device \Driver\volmgr \Device\HarddiskVolume2 857F81F8
Device \Driver\cdrom \Device\CdRom0 873C81F8
Device \Driver\iaStor \Device\Ide\iaStor0 [8A44AEB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8A44AEB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8A44AEB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume3 857F81F8
Device \Driver\netbt \Device\NetBt_Wins_Export 87CB8240
Device \Driver\Smb \Device\NetbiosSmb 87B451F8
Device \Driver\iScsiPrt \Device\RaidPort0 873CA1F8

AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbuhci \Device\USBFDO-0 8730A1F8
Device \Driver\usbuhci \Device\USBFDO-1 8730A1F8
Device \Driver\usbehci \Device\USBFDO-2 873091F8
Device \Driver\netbt \Device\NetBT_Tcpip_{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} 87CB8240
Device \Driver\usbuhci \Device\USBFDO-3 8730A1F8
Device \Driver\usbuhci \Device\USBFDO-4 8730A1F8
Device \Driver\usbuhci \Device\USBFDO-5 8730A1F8
Device \Driver\usbuhci \Device\USBFDO-6 8730A1F8
Device \Driver\usbehci \Device\USBFDO-7 873091F8
Device \FileSystem\cdfs \Cdfs 853F41F8
---- Processes - GMER 1.0.15 ----

Library C:\ProgramData\Kaspersky (*** hidden *** ) @ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [1088] 0x05AD0000

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] mmzcgiwz <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\mmzcgiwz@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\mmzcgiwz@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\mmzcgiwz@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\mmzcgiwz@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD9 0x59 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0x82 0xC6 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\Services\mmzcgiwz@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\mmzcgiwz@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\mmzcgiwz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\mmzcgiwz@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD9 0x59 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0x82 0xC6 0x59 ...
Reg HKLM\SYSTEM\ControlSet003\Services\mmzcgiwz@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\mmzcgiwz@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\mmzcgiwz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\mmzcgiwz@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD9 0x59 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0x82 0xC6 0x59 ...
Reg HKLM\SYSTEM\ControlSet004\Services\mmzcgiwz@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\mmzcgiwz@Start 0
Reg HKLM\SYSTEM\ControlSet004\Services\mmzcgiwz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\mmzcgiwz@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD9 0x59 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0x82 0xC6 0x59 ...
Reg HKLM\SYSTEM\ControlSet005\Services\mmzcgiwz@Type 1
Reg HKLM\SYSTEM\ControlSet005\Services\mmzcgiwz@Start 0
Reg HKLM\SYSTEM\ControlSet005\Services\mmzcgiwz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet005\Services\mmzcgiwz@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD9 0x59 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0x82 0xC6 0x59 ...
Reg HKLM\SYSTEM\ControlSet006\Services\mmzcgiwz@Type 1
Reg HKLM\SYSTEM\ControlSet006\Services\mmzcgiwz@Start 0
Reg HKLM\SYSTEM\ControlSet006\Services\mmzcgiwz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet006\Services\mmzcgiwz@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD9 0x59 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0x82 0xC6 0x59 ...
Reg HKLM\SYSTEM\ControlSet007\Services\mmzcgiwz@Type 1
Reg HKLM\SYSTEM\ControlSet007\Services\mmzcgiwz@Start 0
Reg HKLM\SYSTEM\ControlSet007\Services\mmzcgiwz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet007\Services\mmzcgiwz@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD9 0x59 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0x82 0xC6 0x59 ...
Reg HKLM\SYSTEM\ControlSet008\Services\mmzcgiwz@Type 1
Reg HKLM\SYSTEM\ControlSet008\Services\mmzcgiwz@Start 0
Reg HKLM\SYSTEM\ControlSet008\Services\mmzcgiwz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet008\Services\mmzcgiwz@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD9 0x59 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0x82 0xC6 0x59 ...
Reg HKLM\SYSTEM\ControlSet009\Services\mmzcgiwz@Type 1
Reg HKLM\SYSTEM\ControlSet009\Services\mmzcgiwz@Start 0
Reg HKLM\SYSTEM\ControlSet009\Services\mmzcgiwz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet009\Services\mmzcgiwz@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD9 0x59 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0x82 0xC6 0x59 ...

---- EOF - GMER 1.0.15 ----




#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:25 AM

Posted 26 January 2010 - 02:44 AM

Hi,

you seem to be infected by a rootkit, please ComboFix:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 slamoya

slamoya
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 28 January 2010 - 04:58 PM

Combo fix log:

ComboFix 10-01-28.02 - Stan 01/28/2010 15:29:09.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.2198 [GMT -6:00]
Running from: c:\users\Stan\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-4028416440-1551922781-1553379869-500
c:\$recycle.bin\S-1-5-21-4229604500-3487303875-4101604920-500
c:\users\Stan\AppData\Roaming\avdrn.dat

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))))))
.

2010-01-28 21:22 . 2010-01-28 21:22 -------- d-----w- C:\32788R22FWJFW
2010-01-26 13:23 . 2010-01-26 13:23 -------- d-----w- c:\program files\Windows Portable Devices
2010-01-26 09:07 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-01-26 09:07 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-01-26 09:07 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-01-26 09:05 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-01-26 09:05 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-01-26 09:05 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-01-26 09:05 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-01-26 09:05 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-01-26 09:05 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-01-26 09:05 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-01-26 09:05 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-01-26 09:05 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-01-26 09:05 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-01-26 09:05 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-01-26 09:05 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-01-26 09:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-01-26 09:02 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-01-26 09:02 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-01-25 07:46 . 2010-01-25 07:46 -------- d-----w- c:\windows\system32\ca-ES
2010-01-25 07:46 . 2010-01-25 07:46 -------- d-----w- c:\windows\system32\eu-ES
2010-01-25 07:46 . 2010-01-25 07:46 -------- d-----w- c:\windows\system32\vi-VN
2010-01-24 00:39 . 2010-01-24 00:39 -------- d-----w- c:\windows\system32\EventProviders
2010-01-08 00:35 . 2010-01-20 06:21 120 ----a-w- c:\users\Stan\AppData\Local\Jhokuj.dat
2010-01-08 00:35 . 2010-01-20 06:21 0 ----a-w- c:\users\Stan\AppData\Local\Rzateramiy.bin
2010-01-08 00:35 . 2010-01-08 00:35 -------- d-----w- c:\users\Stan\AppData\Local\{D523C4F0-822C-4F29-BA3C-6134AE34F35C}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 21:25 . 2010-01-28 21:25 0 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2010-01-28 21:22 . 2009-07-21 06:40 -------- d-----w- c:\users\Stan\AppData\Roaming\DNA
2010-01-27 06:16 . 2009-08-13 20:53 -------- d-----w- c:\programdata\Kaspersky Lab
2010-01-26 18:37 . 2009-12-20 09:22 52224 ----a-w- c:\users\Stan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-26 18:37 . 2009-12-14 23:38 -------- d-----w- c:\program files\DNA
2010-01-26 13:23 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-26 13:23 . 2010-01-26 13:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-01-25 15:50 . 2009-07-05 18:24 -------- d-----w- c:\programdata\Lx_cats
2010-01-25 07:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-01-25 07:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-25 07:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-01-25 07:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-01-25 07:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-25 07:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-01-21 03:40 . 2009-10-30 21:02 -------- d-----w- c:\users\Stan\AppData\Roaming\uTorrent
2010-01-21 03:35 . 2009-08-13 05:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 17:12 . 2009-10-02 18:11 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 23:29 . 2010-01-07 23:29 28 ----a-w- c:\users\Stan\AppData\Roaming\fvgqad.dat
2010-01-02 06:38 . 2010-01-24 01:14 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-24 01:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-24 01:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-24 01:14 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 05:37 . 2008-09-30 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 05:35 . 2009-12-27 15:09 -------- d-----w- c:\program files\SFO
2009-12-20 09:22 . 2009-08-13 18:24 117760 ----a-w- c:\users\Stan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-20 09:14 . 2009-08-13 18:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-20 08:42 . 2009-10-20 10:32 -------- d-----w- c:\program files\Electronic Arts
2009-12-20 08:40 . 2009-12-20 08:40 0 ----a-w- c:\windows\nsreg.dat
2009-12-20 08:01 . 2009-12-20 08:01 -------- d--h--r- c:\users\Stan\AppData\Roaming\SecuROM
2009-12-20 08:01 . 2009-12-20 08:01 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-20 06:54 . 2009-12-20 06:52 -------- d-----w- c:\users\Stan\AppData\Roaming\DAEMON Tools Pro
2009-12-18 19:44 . 2009-12-18 19:44 -------- d-----w- c:\program files\Midway Home Entertainment
2009-12-18 04:33 . 2009-12-18 04:33 -------- d-----w- c:\program files\PowerISO
2009-12-16 01:55 . 2009-12-16 00:59 -------- d-----w- c:\users\Stan\AppData\Roaming\GetRightToGo
2009-12-14 21:43 . 2009-06-09 14:54 1218 ----a-w- c:\users\Stan\AppData\Roaming\wklnhst.dat
2009-12-14 03:39 . 2009-12-14 03:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-14 03:38 . 2009-12-14 03:38 -------- d-----w- c:\users\Stan\AppData\Roaming\DAEMON Tools Lite
2009-12-09 09:44 . 2009-12-09 07:17 -------- d-----w- c:\programdata\NexonUS
2009-12-09 09:44 . 2009-12-09 09:44 -------- d-----w- c:\programdata\Nexon
2009-12-09 09:14 . 2009-04-27 03:04 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 07:17 . 2009-12-09 07:17 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-12-09 07:17 . 2009-12-09 07:17 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-12-09 07:17 . 2009-12-09 07:17 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-12-09 07:17 . 2009-12-09 07:17 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-12-09 07:17 . 2009-12-09 07:17 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-12-09 07:17 . 2009-12-09 07:17 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-12-09 06:52 . 2009-06-14 06:43 -------- d-----w- c:\programdata\PMB Files
2009-12-07 05:26 . 2009-06-08 16:08 83112 ----a-w- c:\users\Stan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-02 17:29 . 2009-12-02 17:29 -------- d-----w- c:\users\Stan\AppData\Roaming\Turbine
2009-12-02 00:28 . 2009-12-02 00:28 92 ----a-w- c:\users\Stan\AppData\Local\fusioncache.dat
2009-12-01 23:19 . 2009-12-01 23:19 -------- d-----w- c:\programdata\Turbine
2009-11-30 00:01 . 2009-11-30 00:01 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2FAB.tmp.exe
2009-11-19 07:28 . 2009-11-19 07:28 72656 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\kavupgr.exe
2009-11-19 07:28 . 2009-11-19 07:28 72656 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\kav\kavupgr.exe
2009-11-16 09:13 . 2009-11-16 09:13 216576 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-11-12 13:24 . 2009-07-22 15:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-11-09 03:21 . 2009-11-09 03:21 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-11-03 21:43 . 2009-12-08 23:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-03 21:42 . 2009-12-08 23:34 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-03 19:41 . 2009-12-08 23:34 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-09 00:32 . 2010-01-09 00:32 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-06-08 16:07 . 2009-06-08 16:07 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-06-08 16:07 . 2009-06-08 16:07 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 19:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-27 39408]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-12-14 323392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-20 2002160]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-01-09 30192]
"lxdqmon.exe"="c:\program files\Lexmark Z2400 Series\lxdqmon.exe" [2008-03-27 656040]
"lxdqamon"="c:\program files\Lexmark Z2400 Series\lxdqamon.exe" [2008-03-27 16040]
"WireLessMouse"="c:\program files\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]

c:\users\Stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2009-11-18 0]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-20 09:13 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [12/15/2008 7:41 PM 33808]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [4/26/2009 9:35 PM 20384]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [5/15/2009 5:50 PM 21008]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 3:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 3:06 PM 74480]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [4/17/2008 1:19 AM 40960]
R2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [9/30/2008 1:16 PM 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 6:03 PM 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [9/30/2008 1:04 PM 7168]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [5/16/2009 7:59 PM 19472]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [12/13/2009 9:39 PM 691696]
S2 LiveTurbineMessageService;Turbine Message Service - Live; [x]
S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdqserv.exe [2/27/2008 5:09 PM 98984]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 8:33 PM 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [9/26/2009 6:36 PM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/30/2008 1:33 PM 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [4/26/2009 9:35 PM 954368]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; [x]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 3:06 PM 7408]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [9/30/2008 3:00 PM 9216]

--- Other Services/Drivers In Memory ---

*Deregistered* - mmzcgiwz

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Stan\AppData\Roaming\Mozilla\Firefox\Profiles\vdnwj0jd.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {D523C4F0-822C-4F29-BA3C-6134AE34F35C} - c:\users\Stan\AppData\Local\{D523C4F0-822C-4F29-BA3C-6134AE34F35C}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 15:40
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????g?R,$??h?????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Stan\AppData\Local\Temp\YWH6F9A.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mmzcgiwz]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4229604500-3487303875-4101604920-1000\Software\SecuROM\License information*]
"datasecu"=hex:67,8c,85,a1,a2,89,08,a2,95,c5,77,e6,04,44,46,f0,8a,17,5a,c1,b5,
90,a5,55,b9,25,6f,ba,60,25,3c,3f,b1,a9,59,36,b7,f0,df,3e,87,62,f0,52,8b,a8,\
"rkeysecu"=hex:94,3c,e5,3b,bc,60,ec,10,bc,1d,b6,e9,cc,64,c6,4c

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-28 15:45:38
ComboFix-quarantined-files.txt 2010-01-28 21:45

Pre-Run: 35,026,767,872 bytes free
Post-Run: 36,881,326,080 bytes free

- - End Of File - - 37412284E7762C3BCBC54DCC9207E1EA


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:25 AM

Posted 29 January 2010 - 01:54 PM

Hi,

please run gooredfix:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

As well as the following script for ComboFix:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Driver::
mmzcgiwz


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 slamoya

slamoya
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 30 January 2010 - 03:19 PM

QUOTE(myrti @ Jan 29 2010, 12:54 PM) View Post
Hi,

please run goorComboFix 10-01-29.09 - Stan 01/30/2010 13:28:25.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.1937 [GMT -6:00]
Running from: c:\users\Stan\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\mmzcgiwz.sys . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_mmzcgiwz
-------\Service_mmzcgiwz


((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-30 19:39 . 2010-01-30 19:39 0 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2010-01-30 19:37 . 2010-01-30 19:50 -------- d-----w- c:\users\Stan\AppData\Local\temp
2010-01-30 19:37 . 2010-01-30 19:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-26 13:23 . 2010-01-26 13:23 -------- d-----w- c:\program files\Windows Portable Devices
2010-01-26 09:07 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-01-26 09:07 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-01-26 09:07 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-01-26 09:05 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-01-26 09:05 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-01-26 09:05 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-01-26 09:05 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-01-26 09:05 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-01-26 09:05 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-01-26 09:05 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-01-26 09:05 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-01-26 09:05 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-01-26 09:05 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-01-26 09:05 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-01-26 09:05 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-01-26 09:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-01-26 09:02 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-01-26 09:02 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-01-25 07:46 . 2010-01-25 07:46 -------- d-----w- c:\windows\system32\ca-ES
2010-01-25 07:46 . 2010-01-25 07:46 -------- d-----w- c:\windows\system32\eu-ES
2010-01-25 07:46 . 2010-01-25 07:46 -------- d-----w- c:\windows\system32\vi-VN
2010-01-24 00:39 . 2010-01-24 00:39 -------- d-----w- c:\windows\system32\EventProviders
2010-01-08 00:35 . 2010-01-20 06:21 120 ----a-w- c:\users\Stan\AppData\Local\Jhokuj.dat
2010-01-08 00:35 . 2010-01-20 06:21 0 ----a-w- c:\users\Stan\AppData\Local\Rzateramiy.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 19:51 . 2009-12-20 09:22 52224 ----a-w- c:\users\Stan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-30 19:51 . 2009-08-13 20:53 -------- d-----w- c:\programdata\Kaspersky Lab
2010-01-30 19:50 . 2009-12-14 23:38 -------- d-----w- c:\program files\DNA
2010-01-30 19:50 . 2009-07-21 06:40 -------- d-----w- c:\users\Stan\AppData\Roaming\DNA
2010-01-26 13:23 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-26 13:23 . 2010-01-26 13:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-01-25 15:50 . 2009-07-05 18:24 -------- d-----w- c:\programdata\Lx_cats
2010-01-25 07:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-01-25 07:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-25 07:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-01-25 07:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-01-25 07:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-25 07:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-01-21 03:40 . 2009-10-30 21:02 -------- d-----w- c:\users\Stan\AppData\Roaming\uTorrent
2010-01-21 03:35 . 2009-08-13 05:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 17:12 . 2009-10-02 18:11 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 23:29 . 2010-01-07 23:29 28 ----a-w- c:\users\Stan\AppData\Roaming\fvgqad.dat
2010-01-02 06:38 . 2010-01-24 01:14 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-24 01:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-24 01:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-24 01:14 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 05:37 . 2008-09-30 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 05:35 . 2009-12-27 15:09 -------- d-----w- c:\program files\SFO
2009-12-20 09:22 . 2009-08-13 18:24 117760 ----a-w- c:\users\Stan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-20 09:14 . 2009-08-13 18:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-20 08:42 . 2009-10-20 10:32 -------- d-----w- c:\program files\Electronic Arts
2009-12-20 08:40 . 2009-12-20 08:40 0 ----a-w- c:\windows\nsreg.dat
2009-12-20 08:01 . 2009-12-20 08:01 -------- d--h--r- c:\users\Stan\AppData\Roaming\SecuROM
2009-12-20 08:01 . 2009-12-20 08:01 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-20 06:54 . 2009-12-20 06:52 -------- d-----w- c:\users\Stan\AppData\Roaming\DAEMON Tools Pro
2009-12-18 19:44 . 2009-12-18 19:44 -------- d-----w- c:\program files\Midway Home Entertainment
2009-12-18 04:33 . 2009-12-18 04:33 -------- d-----w- c:\program files\PowerISO
2009-12-16 01:55 . 2009-12-16 00:59 -------- d-----w- c:\users\Stan\AppData\Roaming\GetRightToGo
2009-12-14 21:43 . 2009-06-09 14:54 1218 ----a-w- c:\users\Stan\AppData\Roaming\wklnhst.dat
2009-12-14 03:39 . 2009-12-14 03:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-14 03:38 . 2009-12-14 03:38 -------- d-----w- c:\users\Stan\AppData\Roaming\DAEMON Tools Lite
2009-12-09 09:44 . 2009-12-09 07:17 -------- d-----w- c:\programdata\NexonUS
2009-12-09 09:44 . 2009-12-09 09:44 -------- d-----w- c:\programdata\Nexon
2009-12-09 09:14 . 2009-04-27 03:04 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 07:17 . 2009-12-09 07:17 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-12-09 07:17 . 2009-12-09 07:17 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-12-09 07:17 . 2009-12-09 07:17 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-12-09 07:17 . 2009-12-09 07:17 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-12-09 07:17 . 2009-12-09 07:17 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-12-09 07:17 . 2009-12-09 07:17 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-12-09 06:52 . 2009-06-14 06:43 -------- d-----w- c:\programdata\PMB Files
2009-12-07 05:26 . 2009-06-08 16:08 83112 ----a-w- c:\users\Stan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-02 17:29 . 2009-12-02 17:29 -------- d-----w- c:\users\Stan\AppData\Roaming\Turbine
2009-12-02 00:28 . 2009-12-02 00:28 92 ----a-w- c:\users\Stan\AppData\Local\fusioncache.dat
2009-12-01 23:19 . 2009-12-01 23:19 -------- d-----w- c:\programdata\Turbine
2009-11-30 00:01 . 2009-11-30 00:01 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2FAB.tmp.exe
2009-11-19 07:28 . 2009-11-19 07:28 72656 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\kavupgr.exe
2009-11-19 07:28 . 2009-11-19 07:28 72656 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\kav\kavupgr.exe
2009-11-16 09:13 . 2009-11-16 09:13 216576 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-11-12 13:24 . 2009-07-22 15:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-11-09 03:21 . 2009-11-09 03:21 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-11-03 21:43 . 2009-12-08 23:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-03 21:42 . 2009-12-08 23:34 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-03 19:41 . 2009-12-08 23:34 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-09 00:32 . 2010-01-09 00:32 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-06-08 16:07 . 2009-06-08 16:07 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-06-08 16:07 . 2009-06-08 16:07 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 19:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-27 39408]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-12-14 323392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-20 2002160]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-01-09 30192]
"lxdqmon.exe"="c:\program files\Lexmark Z2400 Series\lxdqmon.exe" [2008-03-27 656040]
"lxdqamon"="c:\program files\Lexmark Z2400 Series\lxdqamon.exe" [2008-03-27 16040]
"WireLessMouse"="c:\program files\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]

c:\users\Stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2009-11-18 0]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-20 09:13 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:24,2e,ac,c4,78,a0,ca,01

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [12/15/2008 7:41 PM 33808]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [4/26/2009 9:35 PM 20384]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [5/15/2009 5:50 PM 21008]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 3:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 3:06 PM 74480]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [4/17/2008 1:19 AM 40960]
R2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [9/30/2008 1:16 PM 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 6:03 PM 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [9/30/2008 1:04 PM 7168]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [5/16/2009 7:59 PM 19472]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 3:06 PM 7408]
S2 LiveTurbineMessageService;Turbine Message Service - Live; [x]
S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdqserv.exe [2/27/2008 5:09 PM 98984]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 8:33 PM 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [9/26/2009 6:36 PM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/30/2008 1:33 PM 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [4/26/2009 9:35 PM 954368]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; [x]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [9/30/2008 3:00 PM 9216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MMZCGIWZ
*Deregistered* - mmzcgiwz

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Stan\AppData\Roaming\Mozilla\Firefox\Profiles\vdnwj0jd.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 13:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????g?R,$??h?????????????????

scanning hidden files ...


c:\users\Stan\AppData\Local\Temp\Cab1AEF.tmp 29771 bytes
c:\users\Stan\AppData\Local\Temp\Tar1AF0.tmp 77580 bytes

scan completed successfully
hidden files: 2

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spvp.sys hal.dll >>UNKNOWN [0x85BBA938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8ab0fd24
\Driver\ACPI -> acpi.sys @ 0x807b8d68
\Driver\atapi -> 0x85bfb1f8
\Driver\iaStor -> iaStor.sys @ 0x8a653eb0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Stan\AppData\Local\Temp\YWH6F9A.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mmzcgiwz]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4229604500-3487303875-4101604920-1000\Software\SecuROM\License information*]
"datasecu"=hex:67,8c,85,a1,a2,89,08,a2,95,c5,77,e6,04,44,46,f0,8a,17,5a,c1,b5,
90,a5,55,b9,25,6f,ba,60,25,3c,3f,b1,a9,59,36,b7,f0,df,3e,87,62,f0,52,8b,a8,\
"rkeysecu"=hex:94,3c,e5,3b,bc,60,ec,10,bc,1d,b6,e9,cc,64,c6,4c

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\lxdqcoms.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Multimedia Mouse Driver\MouseDrv.exe
c:\program files\Lexmark Z2400 Series\lxdqMsdMon.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Completion time: 2010-01-30 13:56:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-30 19:56
ComboFix2.txt 2010-01-28 21:45

Pre-Run: 31,790,735,360 bytes free
Post-Run: 31,399,858,176 bytes free

- - End Of File - - 9B6F065CB53DE30D8B98D63B3F237179
edfix:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
As well as the following script for ComboFix:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Driver::
mmzcgiwz


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti



#10 slamoya

slamoya
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 30 January 2010 - 04:55 PM

Sorry for my screw up, here is the gooredfix log:

GooredFix by jpshortstuff (08.01.10.1)
Log created at 13:12 on 30/01/2010 (Stan)
Firefox version 3.5.6 (en-US)

========== GooredScan ==========

(none)
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{D523C4F0-822C-4F29-BA3C-6134AE34F35C} -> Success!
Deleting C:\Users\Stan\AppData\Local\{D523C4F0-822C-4F29-BA3C-6134AE34F35C} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
linkfilter@kaspersky.ru [08:57 20/12/2009]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:39 05/07/2009]

C:\Users\Stan\Application Data\Mozilla\Firefox\Profiles\9y5ww57h.default\extensions\
(none)

C:\Users\Stan\Application Data\Mozilla\Firefox\Profiles\vdnwj0jd.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [09:00 20/12/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:24 08/06/2009]

-=E.O.F=-

And here is the combofix log:

ComboFix 10-01-29.09 - Stan 01/30/2010 14:42:03.3.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.2116 [GMT -6:00]
Running from: c:\users\Stan\Desktop\ComboFix.exe
Command switches used :: c:\users\Stan\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MMZCGIWZ
-------\Service_mmzcgiwz


((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-30 20:53 . 2010-01-30 20:53 0 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2010-01-30 20:51 . 2010-01-30 21:02 -------- d-----w- c:\users\Stan\AppData\Local\temp
2010-01-30 20:51 . 2010-01-30 20:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-30 20:51 . 2010-01-30 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-30 20:46 . 2010-01-30 20:46 763904 ----a-w- c:\windows\system32\drivers\_mmzcgiwz_.sys.vir
2010-01-26 13:23 . 2010-01-26 13:23 -------- d-----w- c:\program files\Windows Portable Devices
2010-01-26 09:07 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-01-26 09:07 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-01-26 09:07 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-01-26 09:05 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-01-26 09:05 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-01-26 09:05 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-01-26 09:05 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-01-26 09:05 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-01-26 09:05 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-01-26 09:05 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-01-26 09:05 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-01-26 09:05 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-01-26 09:05 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-01-26 09:05 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-01-26 09:05 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-01-26 09:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-01-26 09:02 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-01-26 09:02 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-01-25 07:46 . 2010-01-25 07:46 -------- d-----w- c:\windows\system32\ca-ES
2010-01-25 07:46 . 2010-01-25 07:46 -------- d-----w- c:\windows\system32\eu-ES
2010-01-25 07:46 . 2010-01-25 07:46 -------- d-----w- c:\windows\system32\vi-VN
2010-01-24 00:39 . 2010-01-24 00:39 -------- d-----w- c:\windows\system32\EventProviders
2010-01-08 00:35 . 2010-01-20 06:21 120 ----a-w- c:\users\Stan\AppData\Local\Jhokuj.dat
2010-01-08 00:35 . 2010-01-20 06:21 0 ----a-w- c:\users\Stan\AppData\Local\Rzateramiy.bin
2010-01-07 23:29 . 2010-01-30 20:52 763904 ----a-w- c:\windows\system32\drivers\mmzcgiwz.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 21:03 . 2009-12-20 09:22 52224 ----a-w- c:\users\Stan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-30 21:03 . 2009-08-13 20:53 -------- d-----w- c:\programdata\Kaspersky Lab
2010-01-30 21:02 . 2009-07-21 06:40 -------- d-----w- c:\users\Stan\AppData\Roaming\DNA
2010-01-30 20:02 . 2009-12-14 23:38 -------- d-----w- c:\program files\DNA
2010-01-26 13:23 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-26 13:23 . 2010-01-26 13:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-01-25 15:50 . 2009-07-05 18:24 -------- d-----w- c:\programdata\Lx_cats
2010-01-25 07:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-01-25 07:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-25 07:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-01-25 07:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-01-25 07:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-25 07:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-01-21 03:40 . 2009-10-30 21:02 -------- d-----w- c:\users\Stan\AppData\Roaming\uTorrent
2010-01-21 03:35 . 2009-08-13 05:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 17:12 . 2009-10-02 18:11 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 23:29 . 2010-01-07 23:29 28 ----a-w- c:\users\Stan\AppData\Roaming\fvgqad.dat
2010-01-02 06:38 . 2010-01-24 01:14 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-24 01:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-24 01:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-24 01:14 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 05:37 . 2008-09-30 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 05:35 . 2009-12-27 15:09 -------- d-----w- c:\program files\SFO
2009-12-20 09:22 . 2009-08-13 18:24 117760 ----a-w- c:\users\Stan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-20 09:14 . 2009-08-13 18:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-20 08:42 . 2009-10-20 10:32 -------- d-----w- c:\program files\Electronic Arts
2009-12-20 08:40 . 2009-12-20 08:40 0 ----a-w- c:\windows\nsreg.dat
2009-12-20 08:01 . 2009-12-20 08:01 -------- d--h--r- c:\users\Stan\AppData\Roaming\SecuROM
2009-12-20 08:01 . 2009-12-20 08:01 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-20 06:54 . 2009-12-20 06:52 -------- d-----w- c:\users\Stan\AppData\Roaming\DAEMON Tools Pro
2009-12-18 19:44 . 2009-12-18 19:44 -------- d-----w- c:\program files\Midway Home Entertainment
2009-12-18 04:33 . 2009-12-18 04:33 -------- d-----w- c:\program files\PowerISO
2009-12-16 01:55 . 2009-12-16 00:59 -------- d-----w- c:\users\Stan\AppData\Roaming\GetRightToGo
2009-12-14 21:43 . 2009-06-09 14:54 1218 ----a-w- c:\users\Stan\AppData\Roaming\wklnhst.dat
2009-12-14 03:39 . 2009-12-14 03:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-14 03:38 . 2009-12-14 03:38 -------- d-----w- c:\users\Stan\AppData\Roaming\DAEMON Tools Lite
2009-12-09 09:44 . 2009-12-09 07:17 -------- d-----w- c:\programdata\NexonUS
2009-12-09 09:44 . 2009-12-09 09:44 -------- d-----w- c:\programdata\Nexon
2009-12-09 09:14 . 2009-04-27 03:04 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 07:17 . 2009-12-09 07:17 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-12-09 07:17 . 2009-12-09 07:17 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-12-09 07:17 . 2009-12-09 07:17 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-12-09 07:17 . 2009-12-09 07:17 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-12-09 07:17 . 2009-12-09 07:17 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-12-09 07:17 . 2009-12-09 07:17 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-12-09 06:52 . 2009-06-14 06:43 -------- d-----w- c:\programdata\PMB Files
2009-12-07 05:26 . 2009-06-08 16:08 83112 ----a-w- c:\users\Stan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-02 17:29 . 2009-12-02 17:29 -------- d-----w- c:\users\Stan\AppData\Roaming\Turbine
2009-12-02 00:28 . 2009-12-02 00:28 92 ----a-w- c:\users\Stan\AppData\Local\fusioncache.dat
2009-12-01 23:19 . 2009-12-01 23:19 -------- d-----w- c:\programdata\Turbine
2009-11-30 00:01 . 2009-11-30 00:01 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2FAB.tmp.exe
2009-11-19 07:28 . 2009-11-19 07:28 72656 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\kavupgr.exe
2009-11-19 07:28 . 2009-11-19 07:28 72656 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\kav\kavupgr.exe
2009-11-16 09:13 . 2009-11-16 09:13 216576 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-11-12 13:24 . 2009-07-22 15:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-11-09 03:21 . 2009-11-09 03:21 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-11-03 21:43 . 2009-12-08 23:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-03 21:42 . 2009-12-08 23:34 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-03 19:41 . 2009-12-08 23:34 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-09 00:32 . 2010-01-09 00:32 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-06-08 16:07 . 2009-06-08 16:07 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-06-08 16:07 . 2009-06-08 16:07 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 19:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-27 39408]
"BitTorrent DNA"="c:\users\Stan\Program Files\DNA\btdna.exe" [2009-10-07 323392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-20 2002160]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-01-09 30192]
"lxdqmon.exe"="c:\program files\Lexmark Z2400 Series\lxdqmon.exe" [2008-03-27 656040]
"lxdqamon"="c:\program files\Lexmark Z2400 Series\lxdqamon.exe" [2008-03-27 16040]
"WireLessMouse"="c:\program files\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]

c:\users\Stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2009-11-18 0]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-20 09:13 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:24,2e,ac,c4,78,a0,ca,01

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [12/15/2008 7:41 PM 33808]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [4/26/2009 9:35 PM 20384]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [5/15/2009 5:50 PM 21008]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 3:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 3:06 PM 74480]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [4/17/2008 1:19 AM 40960]
R2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [9/30/2008 1:16 PM 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 6:03 PM 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [9/30/2008 1:04 PM 7168]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [5/16/2009 7:59 PM 19472]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 3:06 PM 7408]
S2 LiveTurbineMessageService;Turbine Message Service - Live; [x]
S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdqserv.exe [2/27/2008 5:09 PM 98984]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 8:33 PM 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [9/26/2009 6:36 PM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/30/2008 1:33 PM 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [4/26/2009 9:35 PM 954368]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; [x]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [9/30/2008 3:00 PM 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Stan\AppData\Roaming\Mozilla\Firefox\Profiles\vdnwj0jd.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 15:02
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????g?R,$??h?????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spcn.sys hal.dll >>UNKNOWN [0x85BBA938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8ab14d24
\Driver\ACPI -> acpi.sys @ 0x807bbd68
\Driver\atapi -> 0x85bfb1f8
\Driver\iaStor -> iaStor.sys @ 0x8a64beb0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Stan\AppData\Local\Temp\YWH6F9A.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4229604500-3487303875-4101604920-1000\Software\SecuROM\License information*]
"datasecu"=hex:67,8c,85,a1,a2,89,08,a2,95,c5,77,e6,04,44,46,f0,8a,17,5a,c1,b5,
90,a5,55,b9,25,6f,ba,60,25,3c,3f,b1,a9,59,36,b7,f0,df,3e,87,62,f0,52,8b,a8,\
"rkeysecu"=hex:94,3c,e5,3b,bc,60,ec,10,bc,1d,b6,e9,cc,64,c6,4c

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\lxdqcoms.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Multimedia Mouse Driver\MouseDrv.exe
c:\program files\Lexmark Z2400 Series\lxdqMsdMon.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxext.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2010-01-30 15:10:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-30 21:10
ComboFix2.txt 2010-01-30 19:56
ComboFix3.txt 2010-01-28 21:45

Pre-Run: 31,437,877,248 bytes free
Post-Run: 31,281,328,128 bytes free

- - End Of File - - 8D4F1E674EAAC669186D6C50DB8A5E35






#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:25 AM

Posted 05 February 2010 - 07:56 AM

Hi,

how is your PC doing now? Are you still getting redirected?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:25 AM

Posted 20 February 2010 - 08:30 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users