Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with some kind of malware/rootkit W.32


  • This topic is locked This topic is locked
2 replies to this topic

#1 mycomputerisunsafe

mycomputerisunsafe

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Location:Atlantic City, NJ
  • Local time:10:28 AM

Posted 03 May 2010 - 07:34 PM

Today i got a dimmed browser not screen with a fake UAC i didn't open it but i started getting this weird stuff on my computer like the mouse moving by itself and when i try to download malwarebytes it blocks it and Wikipedia is all foggy and i use Firefox so this is strange i downloaded everything that i was supposed to like gmer and defogger tdsskiller dds HJ 2.0.2 ComboFix and everything but the computer also opens the Task manager and puts the computer to sleep sometimes and disconnects the connection it's very strange and since i have AdBlock Plus whenever Google Anylistics opens up a pop up it's blank with a filename and a website called looksmart tried to make me download something and i got a link to download a Flash Player 11 is there such a thing and Kaspersky told me that this version is outdated for use of this OS and that the servers don't work i use Kaspersky IS 2010 bought with an activation code read my profile info for the whole information of my computer i use Windows 7 Ultimate (Signature Edition).

Here is the HijackThis 2.0.2 log please tell me if this is good or bad.:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:46 PM, on 5/3/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:Windowssystem32taskhost.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesSynapticsSynTPSynToshiba.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe
C:Program FilesTOSHIBAPower SaverTPwrMain.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTOSHIBASmoothViewSmoothView.exe
C:Program FilesTOSHIBAFlashCardsTCrdMain.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesRealtekAudioHDARtHDVCpl.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtblfs.exe
C:UsersKidd BlazeAppDataLocalGoogleUpdate1.2.183.23GoogleCrashHandler.exe
C:Windowsexplorer.exe
C:Program FilesHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:Program FilesAIM Toolbaraimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:Program FilesWinamp Toolbarwinamptb.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:Program FilesKaspersky LabKaspersky Internet Security 2010ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:Program FilesAIM Toolbaraimtb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program FilesWindows LiveToolbarwltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:Program FilesYahoo!CompanionInstallscpnYTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:Program FilesWinamp Toolbarwinamptb.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:Program FilesAIM Toolbaraimtb.dll
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [TPwrMain] %ProgramFiles%TOSHIBAPower SaverTPwrMain.EXE
O4 - HKLM..Run: [HSON] %ProgramFiles%TOSHIBATBSHSON.exe
O4 - HKLM..Run: [SmoothView] %ProgramFiles%ToshibaSmoothViewSmoothView.exe
O4 - HKLM..Run: [00TCrdMain] %ProgramFiles%TOSHIBAFlashCardsTCrdMain.exe
O4 - HKLM..Run: [HDMICtrlMan] C:Program FilesTOSHIBAHDMICtrlManHDMICtrlMan.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARtHDVCpl.exe -s
O4 - HKLM..Run: [ITSecMng] %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
O4 - HKLM..Run: [WinampAgent] "C:Program FilesWinampwinampa.exe"
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe"
O4 - HKCU..Run: [Google Update] "C:UsersKidd BlazeAppDataLocalGoogleUpdateGoogleUpdate.exe" /c
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [Aim] "C:Program FilesAIMaim.exe" /d locale=en-US
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:ProgramDataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: Add to Anti-Banner - C:Program FilesKaspersky LabKaspersky Internet Security 2010ie_banner_deny.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:Program FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLMSystemCCSServicesTcpip..{41211446-877C-4C72-A1FC-A1AEEABE0611}: NameServer = 93.188.165.121,93.188.161.162
O17 - HKLMSystemCCSServicesTcpip..{495EE794-9D7E-49AE-A071-0FA3A65294A1}: NameServer = 93.188.165.121,93.188.161.162
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 93.188.165.121,93.188.161.162
O17 - HKLMSystemCS1ServicesTcpip..{41211446-877C-4C72-A1FC-A1AEEABE0611}: NameServer = 93.188.165.121,93.188.161.162
O17 - HKLMSystemCS2ServicesTcpipParameters: NameServer = 93.188.165.121,93.188.161.162
O17 - HKLMSystemCS2ServicesTcpip..{41211446-877C-4C72-A1FC-A1AEEABE0611}: NameServer = 93.188.165.121,93.188.161.162
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 93.188.165.121,93.188.161.162
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~1KASPER~1kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:Program FilesLSI SoftModemagrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:Program FilesKaspersky LabKaspersky Internet Security 2010avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Palm Novacom (NovacomD) - Palm - C:Program FilesPalm, Incnovacomx86novacomd.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:Program FilesTOSHIBAPower SaverTosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe

--
End of file - 9842 bytes

Read the attachments below.

I can't open Ctrl Alt Del anymore it says operating system failure or something the computer after 30 minutes changes into the basic format closes the processes even explorer.exe then bye bye to the SYSTEM process, mouse moves on it's own and i go on websites and get ad's by google anylistics adnd looksmart telling me to download Flash 10.28.0000.97 then on the browser it does a fake dim and opens a fake User Account Control thing and downloads stuff to my computer and it uninstalled Kaspersky also. PLEASE HELP

I can't open Ctrl Alt Del anymore it says operating system failure or something the computer after 30 minutes changes into the basic format closes the processes even explorer.exe then bye bye to the SYSTEM process, mouse moves on it's own and i go on websites and get ad's by google anylistics adnd looksmart telling me to download Flash 10.28.0000.97 then on the browser it does a fake dim and opens a fake User Account Control thing and downloads stuff to my computer and it uninstalled Kaspersky also and my network disconnects and reconnect's i scanned online and my whole router and network of my friends who live upstairs have been hacked i have a network called MALWARE X2 and some other crap i have all the tools necessary to be used like dds and gmer and hijackthis and tddskiller and that's it.

Read the log below it finds no problems or maybe it does please tell me.:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Kidd Blaze at 22:37:25.85 on Mon 05/03/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_19
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1918.1159 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Kidd Blaze\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Users\Kidd Blaze\Desktop\dds.scr
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Google Update] "c:\users\kidd blaze\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.165.121,93.188.161.162
TCP: {41211446-877C-4C72-A1FC-A1AEEABE0611} = 93.188.165.121,93.188.161.162
TCP: 1447C616E647963624F63747F6E6 = 93.188.165.121,93.188.161.162
TCP: 762716675637 = 93.188.165.121,93.188.161.162
TCP: B4162796E616 = 93.188.165.121,93.188.161.162
TCP: E4544574541425 = 93.188.165.121,93.188.161.162
TCP: {495EE794-9D7E-49AE-A071-0FA3A65294A1} = 93.188.165.121,93.188.161.162
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kiddbl~1\appdata\roaming\mozilla\firefox\profiles\8p25bqgc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\kidd blaze\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]
R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2010-1-12 33792]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-4-6 7680]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-11-5 376832]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-11 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-4-7 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-4-16 27192]

=============== Created Last 30 ================

2010-04-25 01:45:36 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-25 01:42:10 0 d-----r- c:\program files\Skype
2010-04-25 01:41:54 0 d-----w- c:\programdata\Skype
2010-04-25 01:41:34 0 d-----w- c:\programdata\AIM Toolbar
2010-04-25 01:41:34 0 d-----w- c:\program files\AIM Toolbar
2010-04-25 01:41:20 0 d-----w- c:\program files\common files\Software Update Utility
2010-04-25 01:40:45 0 d-----w- c:\programdata\AIM
2010-04-25 01:40:37 0 d-----w- c:\program files\AIM
2010-04-25 01:40:29 0 d-----w- c:\program files\common files\AOL
2010-04-25 01:40:18 349 ---ha-w- C:\IPH.PH
2010-04-24 16:36:10 1908 ----a-w- c:\windows\diagwrn.xml
2010-04-24 16:36:10 1908 ----a-w- c:\windows\diagerr.xml
2010-04-18 10:27:25 0 d-----w- c:\users\kiddbl~1\appdata\roaming\aMule
2010-04-18 10:25:56 0 d-----w- c:\program files\aMule
2010-04-18 08:50:41 0 d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-04-16 23:04:51 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-16 23:04:51 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-16 23:02:54 0 d-----w- c:\program files\iPod
2010-04-16 23:02:52 0 d-----w- c:\program files\iTunes
2010-04-16 22:06:34 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-04-16 22:06:25 0 d-----w- c:\program files\VS Revo Group
2010-04-15 01:37:27 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-15 01:12:15 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-15 01:12:03 0 d-----w- c:\programdata\Hitman Pro
2010-04-15 01:11:53 0 d-----w- c:\program files\Hitman Pro 3.5
2010-04-14 04:11:50 0 d-----w- c:\program files\Winamp Detect
2010-04-14 04:11:26 0 d-----w- c:\programdata\Winamp Toolbar
2010-04-14 04:11:26 0 d-----w- c:\program files\Winamp Toolbar
2010-04-14 04:11:05 0 d-----w- c:\programdata\OrbNetworks
2010-04-14 04:10:56 0 d-----w- c:\program files\Winamp Remote
2010-04-14 04:03:59 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-04-14 03:51:42 0 d--h--w- c:\windows\msdownld.tmp
2010-04-14 03:51:34 0 d-----w- c:\windows\system32\directx
2010-04-14 03:45:25 0 d-----w- c:\program files\common files\PX Storage Engine
2010-04-14 01:15:28 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 01:15:15 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 01:15:15 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 01:14:58 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 01:14:58 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 01:14:58 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-13 19:37:05 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-13 19:37:02 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-12 08:58:14 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2010-04-12 08:58:14 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2010-04-12 08:58:14 0 d-----w- c:\program files\Cheat Engine
2010-04-11 09:09:35 0 d-----w- c:\program files\delaydots
2010-04-10 02:47:17 719872 ----a-w- c:\windows\system32\devil.dll
2010-04-10 02:47:17 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-04-10 02:47:16 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-04-10 02:47:16 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-04-10 02:47:16 27648 ----a-w- c:\windows\system32\AVSredirect.dll
2010-04-10 02:47:16 0 d-----w- c:\program files\AviSynth 2.5
2010-04-10 02:46:52 0 d-----w- c:\program files\eRightSoft
2010-04-10 02:32:58 109016 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-10 01:33:25 0 d-----w- c:\program files\MetaGeek
2010-04-10 01:22:30 0 d-----w- C:\aircrack-ng-1.0-win
2010-04-10 01:18:59 0 d-----w- c:\program files\Network Stumbler
2010-04-09 21:40:17 0 d-----w- c:\programdata\Yahoo! Companion
2010-04-09 21:40:12 0 d-----w- c:\program files\Yahoo!
2010-04-09 21:39:31 0 d-----w- c:\program files\CCleaner
2010-04-09 21:37:40 0 d-----w- c:\program files\Speccy
2010-04-08 02:40:44 0 d-----w- c:\programdata\TOSHIBA
2010-04-08 02:26:17 0 d-----w- c:\windows\system32\v71010T_20100302_x32
2010-04-07 20:47:39 0 d-----w- c:\users\kidd blaze\Tracing
2010-04-07 20:43:37 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-04-07 20:40:52 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-04-07 20:40:08 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-07 20:38:31 0 d-----w- c:\program files\Microsoft
2010-04-07 20:38:07 0 d-----w- c:\program files\Windows Live SkyDrive
2010-04-07 20:37:08 0 d-----w- c:\windows\PCHEALTH
2010-04-07 20:05:38 0 d-----w- c:\program files\common files\Windows Live
2010-04-06 21:23:51 865 ----a-w- c:\users\kidd blaze\.recently-used.xbel
2010-04-06 21:23:51 0 d-----w- c:\users\kidd blaze\.thumbnails
2010-04-06 21:20:48 0 d-----w- c:\program files\GIMP-2.0
2010-04-06 20:44:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-04-06 20:40:01 0 d-----w- c:\program files\Palm, Inc
2010-04-06 20:28:07 0 d-----w- c:\programdata\Sun
2010-04-06 20:27:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-06 19:35:58 0 d-----w- c:\program files\common files\Toshiba Shared
2010-04-06 19:34:08 0 d-----w- c:\program files\ltmoh
2010-04-06 19:34:06 58888 ------w- c:\windows\system32\agrsmdel.exe
2010-04-06 19:33:58 0 d-----w- c:\program files\LSI SoftModem
2010-04-06 19:33:39 0 d-----w- c:\windows\Options
2010-04-06 19:31:38 9728 ----a-w- c:\windows\system32\TCMSVR.dll
2010-04-06 19:31:38 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2010-04-06 19:31:29 7680 ----a-w- c:\windows\system32\drivers\FwLnk.sys
2010-04-06 18:46:58 0 d-----w- c:\program files\Realtek
2010-04-06 18:46:53 0 d--h--w- c:\program files\Temp
2010-04-06 18:30:53 0 d-----w- C:\safgv200
2010-04-06 18:12:17 24576 ----a-w- c:\windows\system32\TSCI.dll
2010-04-06 18:12:17 24576 ----a-w- c:\windows\system32\THCI.dll
2010-04-06 18:12:17 0 d-----w- c:\program files\TOSHIBA
2010-04-06 18:03:51 0 d-----w- c:\program files\Nuvoton Technology Corporation
2010-04-06 17:20:57 0 d-----w- c:\users\kiddbl~1\appdata\roaming\PACE Anti-Piracy
2010-04-06 17:20:57 0 d-----w- c:\programdata\PACE Anti-Piracy
2010-04-06 17:20:57 0 d-----w- c:\program files\common files\PACE Anti-Piracy
2010-04-06 17:08:07 0 d-----w- c:\program files\InterLok
2010-04-06 17:07:05 0 d-----w- c:\users\kiddbl~1\appdata\roaming\Antares
2010-04-06 17:07:04 0 d-----w- c:\program files\Antares Audio Technologies
2010-04-06 16:16:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-06 16:14:54 39936 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2010-04-06 16:14:53 90112 ----a-w- c:\windows\system32\snymsico.dll
2010-04-06 16:14:53 42496 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2010-04-06 16:14:27 0 d-----w- c:\users\kiddbl~1\appdata\roaming\WinBatch
2010-04-06 16:02:22 0 d-----w- c:\windows\system32\appmgmt
2010-04-06 04:19:38 0 d-----w- c:\users\kiddbl~1\appdata\roaming\Acoustica
2010-04-06 04:19:37 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2010-04-06 04:17:50 0 d-----w- c:\program files\Acoustica Shared Effects
2010-04-06 02:36:22 0 d-----w- c:\program files\YouTube Downloader
2010-04-06 01:55:58 0 d-----w- c:\programdata\Adobe
2010-04-05 19:41:22 24360 ----a-w- c:\windows\system32\energy-report.html
2010-04-05 10:07:02 0 d-----w- c:\windows\Panther
2010-04-05 08:39:00 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-05 08:38:59 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-05 08:35:06 0 d-----w- c:\programdata\Kaspersky Lab
2010-04-05 08:35:06 0 d-----w- c:\program files\Kaspersky Lab
2010-04-05 08:29:40 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-04-05 07:44:20 0 d-----w- c:\programdata\Acoustica
2010-04-05 07:44:20 0 d-----w- c:\program files\VST
2010-04-05 07:44:19 0 d-----w- c:\program files\Acoustica Mixcraft 5
2010-04-05 07:44:07 0 d-----w- c:\program files\uTorrent
2010-04-05 07:43:58 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-05 07:43:50 0 d-----w- c:\users\kiddbl~1\appdata\roaming\uTorrent
2010-04-05 07:36:50 0 ----a-w- c:\windows\ativpsrm.bin
2010-04-05 07:27:01 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 07:25:19 0 d-----w- c:\programdata\Apple Computer
2010-04-05 07:24:12 0 d-----w- c:\program files\Bonjour
2010-04-05 07:23:21 0 d-----w- c:\programdata\Apple
2010-04-05 07:22:06 0 d-sh--w- c:\windows\Installer
2010-04-05 07:09:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-04-05 07:09:12 0 d-----w- c:\program files\Synaptics
2010-04-05 07:08:36 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-05 06:51:42 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-05 06:48:10 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-04-05 06:48:10 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-04-05 06:48:10 417792 ----a-w- c:\windows\system32\msdri.dll
2010-04-05 06:48:10 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-04-05 06:45:52 369152 ----a-w- c:\windows\system32\secproc.dll
2010-04-05 06:45:52 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-04-05 06:45:51 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-04-05 06:45:51 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-04-05 06:45:51 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-04-05 06:45:50 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-04-05 06:45:50 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-04-05 06:45:49 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-04-05 06:44:40 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-04-05 06:42:03 0 d-----w- c:\windows\system32\wbem\Performance

==================== Find3M ====================

2010-03-26 22:24:58 3048096 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-03-26 22:03:02 57888 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-03-26 22:03:02 1749536 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-03-26 22:02:56 371232 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-03-26 22:02:56 2649120 ----a-w- c:\windows\system32\RtkAPO.dll
2010-03-22 18:22:42 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-03-17 16:08:32 307616 ----a-w- c:\windows\system32\FMAPO.dll
2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-04 14:01:14 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 14:01:14 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 14:01:14 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 14:01:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-03 16:24:36 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:40:43.63 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 4/5/2010 2:38:18 AM
System Uptime: 5/3/2010 10:17:49 PM (0 hours ago)

Motherboard: ATI | | SB600
Processor: AMD Turion™ 64 X2 Mobile Technology TL-58 | Socket M2/S1G1 | 1900/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 185 GiB total, 63.722 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_FF101179&REV_12\4&1A5DE67B&0&33A4
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_FF101179&REV_12\4&1A5DE67B&0&33A4
Service:

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_FF101179&REV_12\4&1A5DE67B&0&32A4
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_FF101179&REV_12\4&1A5DE67B&0&32A4
Service:

==== System Restore Points ===================

RP31: 4/8/2010 7:21:12 PM - Windows Update
RP32: 4/9/2010 9:32:33 PM - Installed inSSIDer
RP33: 4/9/2010 10:31:31 PM - Installed Safari
RP34: 4/12/2010 3:52:08 PM - Windows Update
RP35: 4/13/2010 9:15:52 PM - Windows Update
RP37: 4/13/2010 11:48:14 PM - Installed DirectX
RP39: 4/14/2010 12:02:40 AM - Installed DirectX
RP41: 4/16/2010 6:13:03 PM - Revo Uninstaller Pro's restore point - iTunes
RP42: 4/16/2010 7:01:53 PM - Installed iTunes
RP43: 4/27/2010 4:21:00 AM - Scheduled Checkpoint

==== Installed Programs ======================

µTorrent
50 FREE MP3s +1 Free Audiobook!
Acoustica Effects Pack
Acoustica Mixcraft 5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
AIM 7
AIM Toolbar
aMule
Antares Auto-Tune Evo VST
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.12 (Unicode)
Auto-Tune EFX VST
AVOX Evo VST
Bluetooth Stack for Windows by Toshiba
Bonjour
CCleaner
Cheat Engine 5.6
Download Updater (AOL LLC)
GIMP 2.6.8
Google Chrome
Google Earth
Google Update Helper
HDMI Control Manager
HijackThis 2.0.2
Hitman Pro 3.5
inSSIDer
Interlok driver setup x32
iTunes
Java Auto Updater
Java™ 6 Update 19
Junk Mail filter update
Kaspersky Internet Security 2010
LSI V92 MOH Application
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Mozilla Firefox (3.6.3)
MSVCRT
Network Stumbler 0.4.0 (remove only)
Novacomd
Palm webOS® Doctor™ Build Sprint.231.278, webOS 1.4.1.1
PitchWorks remove
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.1.5
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Safari
Skype Toolbars
Skype™ 4.2
Speccy
SUPER © Version 2010.bld.37 (Jan 2, 2010)
Synaptics Pointing Device Driver
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Winamp
Winamp Detector Plug-in
Winamp Remote
Winamp Toolbar
Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)
Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Xiph QuickTime Components
Yahoo! Toolbar
YouTube Downloader 2.5.4

==== Event Viewer Messages From Past Week ========

5/3/2010 7:56:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x00000000, 0x85c588fc, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\Minidump\050310-33353-01.dmp. Report Id: 050310-33353-01.
5/3/2010 10:19:26 PM, Error: Microsoft-Windows-WHEA-Logger [18] - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Unknown Error Processor ID: 1 The details view of this entry contains further information.
5/3/2010 10:18:38 PM, Error: Service Control Manager [7000] - The rimsptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/3/2010 10:18:38 PM, Error: Service Control Manager [7000] - The rimmptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/3/2010 10:18:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x00000000, 0x85bf68fc, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\Minidump\050310-44959-01.dmp. Report Id: 050310-44959-01.
5/3/2010 10:17:54 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
5/2/2010 6:13:08 PM, Error: Microsoft-Windows-WHEA-Logger [18] - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Bus/Interconnect Error Processor ID: 1 The details view of this entry contains further information.
5/2/2010 6:12:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x00000000, 0x85c20024, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\Minidump\050210-33072-01.dmp. Report Id: 050210-33072-01.
5/1/2010 1:59:51 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
4/30/2010 11:45:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
4/30/2010 11:43:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SeaPort service to connect.
4/30/2010 11:43:08 PM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/30/2010 11:02:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x00000000, 0x85c09024, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\Minidump\043010-37377-01.dmp. Report Id: 043010-37377-01.
4/27/2010 2:11:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x00000000, 0x85c25024, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\Minidump\042710-40778-01.dmp. Report Id: 042710-40778-01.
4/26/2010 3:12:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x00000000, 0x85c1c024, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\Minidump\042610-38610-01.dmp. Report Id: 042610-38610-01.

==== End Of File ===========================



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:42 PM, on 5/3/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Kidd Blaze\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kidd Blaze\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41211446-877C-4C72-A1FC-A1AEEABE0611}: NameServer = 93.188.165.121,93.188.161.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{495EE794-9D7E-49AE-A071-0FA3A65294A1}: NameServer = 93.188.165.121,93.188.161.162
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.165.121,93.188.161.162
O17 - HKLM\System\CS1\Services\Tcpip\..\{41211446-877C-4C72-A1FC-A1AEEABE0611}: NameServer = 93.188.165.121,93.188.161.162
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.165.121,93.188.161.162
O17 - HKLM\System\CS2\Services\Tcpip\..\{41211446-877C-4C72-A1FC-A1AEEABE0611}: NameServer = 93.188.165.121,93.188.161.162
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.121,93.188.161.162
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Palm Novacom (NovacomD) - Palm - C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 10255 bytes

Merged 3 topics then the posts. ~ OB

Attached Files


Edited by Orange Blossom, 03 May 2010 - 09:47 PM.
Posts merged ~BP


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:28 PM

Posted 05 May 2010 - 06:02 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:28 PM

Posted 10 May 2010 - 06:32 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users