Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page please help, hacked/infected
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 10-31-2009, 08:28 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 16
OS: vista home premium


please help, hacked/infected
i have been a victim of hacking before in the past by a person i know, who just is an idiot lol.

im not sure where to begin really, this im sure went on for years.

i have read and followed all your pre help tasks before posting and will attach the relavant files and post the text etc.

i recently erased the hardrive and reinstalled, did this a few times, as i was sure i wasinfected, yet im not sure how but i seem to reinfect myself everytime.

i have boot disks that were made at the very begining of when i purchased this computer, but i wonder if in some way are they infected??

recently i started to run my own website, since then i have noticed a few strange things, in the browser header part, url.

long cryptic address's, that i am sure are some result of code injection.

im no expert but am fairly computer savvy, running various scans from different programs, making sure i dont conflict them neither.

so i am at my wits end, and im hoping you guys can help me get to the root of this problem, no pun intended, well maybe :)

i shall post my dds log text here, as specified, and see two attached files, named attach and ark, which are zipped.

i also did a hijack this scna and log file, do you want me to post that here too?

when i ran the dds file, i closed the dds text file mistakenly, and so had to scan again, i did notice changes in some of the named suspicious files, as in the name slightly change, so i hope that didnt mess things up slightly.

i await your reply. :)

****************************************


DDS (Ver_09-10-26.01) - NTFSx86
Run by richard at 1:44:57.23 on 01/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3054.2119 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\richard\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.club-vaio.com
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.club-vaio.com
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1257036055368
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: klogon - c:\windows\system32\klogon.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\richard\appdata\roaming\mozilla\firefox\profiles\d3i2co68.default\
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R3 AVerAVF2;AVerAVF2;c:\windows\system32\drivers\AVerAVF2.sys [2008-7-31 979584]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-7-31 224384]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-31 9344]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-29 133104]
S2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2009-10-27 299008]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-31 98304]
S2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-31 411488]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-1-21 21504]
S3 GGIX;GGIX;c:\users\richard\appdata\local\temp\ggix.exe --> c:\users\richard\appdata\local\temp\GGIX.exe [?]
S3 KHOEAJPLDJRU;KHOEAJPLDJRU;c:\users\richard\appdata\local\temp\khoeajpldjru.exe --> c:\users\richard\appdata\local\temp\KHOEAJPLDJRU.exe [?]
S3 QXDLW;QXDLW;c:\users\richard\appdata\local\temp\qxdlw.exe --> c:\users\richard\appdata\local\temp\QXDLW.exe [?]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2009-10-27 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2009-10-27 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2009-10-27 62752]
S3 TZTTTOP;TZTTTOP;c:\users\richard\appdata\local\temp\tztttop.exe --> c:\users\richard\appdata\local\temp\TZTTTOP.exe [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2009-10-27 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"c:\program files\common files\sony shared\vcmxml\vcmxmlifhelper.exe" --> c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [?]
S3 WCWV;WCWV;c:\users\richard\appdata\local\temp\wcwv.exe --> c:\users\richard\appdata\local\temp\WCWV.exe [?]
S3 YPNICRQN;YPNICRQN;c:\users\richard\appdata\local\temp\ypnicrqn.exe --> c:\users\richard\appdata\local\temp\YPNICRQN.exe [?]
S3 ZX;ZX;c:\users\richard\appdata\local\temp\zx.exe --> c:\users\richard\appdata\local\temp\ZX.exe [?]

=============== Created Last 30 ================

2009-11-01 01:38:07 0 d-----w- c:\program files\Trend Micro
2009-10-30 02:00:19 0 d-----w- c:\users\richard\Tracing
2009-10-30 01:56:51 0 d-----w- c:\program files\Microsoft
2009-10-30 01:55:34 0 d-----w- c:\program files\Windows Live SkyDrive
2009-10-30 01:54:49 0 d-----w- c:\windows\PCHEALTH
2009-10-30 01:51:59 0 d-----w- c:\program files\common files\Windows Live
2009-10-28 00:38:01 160272 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-28 00:17:53 0 d-----w- c:\programdata\WinZip
2009-10-27 20:47:25 59 ----a-w- c:\windows\pp.enc
2009-10-27 20:45:18 0 d-----w- c:\users\richard\appdata\roaming\Microgaming
2009-10-27 20:44:56 0 d-----w- C:\Microgaming
2009-10-27 19:51:47 0 d-----w- c:\program files\Windows Portable Devices
2009-10-27 19:51:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-27 19:49:39 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-27 19:48:31 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-27 19:48:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-27 19:48:31 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-27 19:46:35 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 19:46:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 04:12:20 0 d-----w- C:\VundoFix Backups
2009-10-27 04:02:34 0 d-----w- c:\windows\pss
2009-10-27 04:01:29 0 d-----w- c:\program files\CCleaner
2009-10-27 02:17:30 0 d-----w- c:\windows\system32\Adobe
2009-10-27 02:16:05 0 d-----w- c:\programdata\NOS
2009-10-27 02:07:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-27 01:22:47 0 d-----w- c:\windows\system32\eu-ES
2009-10-27 01:22:47 0 d-----w- c:\windows\system32\ca-ES
2009-10-27 01:22:46 0 d-----w- c:\windows\system32\vi-VN
2009-10-27 00:56:18 1645320 ------w- c:\windows\system32\gdiplus.dll
2009-10-27 00:56:11 0 d-----w- C:\Documentation
2009-10-27 00:56:08 0 ----a-w- c:\windows\VAIOUpdt.INI
2009-10-27 00:51:15 86016 ------w- c:\windows\system32\SonyAIwd.dll
2009-10-27 00:51:15 155648 ------w- c:\windows\system32\SonyAIwo.dll
2009-10-27 00:51:15 147456 ------w- c:\windows\system32\SonyAIds.dll
2009-10-27 00:51:07 344064 ------w- c:\windows\system32\SSMSIppCustom.dll
2009-10-27 00:51:03 98304 ------w- c:\windows\system32\CddbLangITSony.dll
2009-10-27 00:51:03 98304 ------w- c:\windows\system32\CddbLangFRSony.dll
2009-10-27 00:51:03 98304 ------w- c:\windows\system32\CddbLangESSony.dll
2009-10-27 00:51:03 98304 ------w- c:\windows\system32\CddbLangDESony.dll
2009-10-27 00:51:03 77824 ------w- c:\windows\system32\CddbLangJASony.dll
2009-10-27 00:51:03 69632 ------w- c:\windows\system32\CddbLangZHSony.dll
2009-10-27 00:51:03 135168 ------w- c:\windows\system32\CddbLangRUSony.dll
2009-10-27 00:50:44 0 d-----w- c:\programdata\Skype
2009-10-27 00:50:40 0 d-----w- c:\programdata\Uninstall
2009-10-27 00:50:37 0 d-----w- c:\programdata\Sonic
2009-10-27 00:46:49 0 d-----w- c:\programdata\SiteAdvisor
2009-10-27 00:45:36 0 d-----w- c:\programdata\McAfee
2009-10-27 00:45:30 0 d-----w- c:\programdata\Google
2009-10-27 00:42:47 0 d-----w- c:\program files\DivX
2009-10-27 00:42:36 770048 ------w- c:\windows\system32\CDDBUISony.dll
2009-10-27 00:42:36 655360 ------w- c:\windows\system32\CDDBControlSony.dll
2009-10-27 00:42:36 589824 ------w- c:\windows\system32\CddbMusicIDSony.dll
2009-10-27 00:40:27 0 d-----w- c:\program files\common files\PX Storage Engine
2009-10-27 00:39:57 0 d-----w- c:\program files\Picasa2
2009-10-27 00:39:54 0 d-----w- c:\program files\Google BAE
2009-10-27 00:39:46 40 ------w- c:\windows\system32\ivireg.ivr
2009-10-27 00:39:24 0 d-----w- c:\program files\common files\InterVideo
2009-10-27 00:38:20 0 d-----w- c:\program files\InterVideo
2009-10-27 00:36:12 2 ------w- c:\windows\system32\Snyres.oem
2009-10-27 00:32:30 129520 ------w- c:\windows\system32\pxafs.dll
2009-10-27 00:32:18 209 ----a-w- c:\windows\ODBCINST.INI
2009-10-27 00:31:59 0 d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-10-27 00:31:20 32592 ------w- c:\windows\system32\msonpmon.dll
2009-10-27 00:30:06 0 d-----w- c:\programdata\Microsoft Help
2009-10-27 00:29:08 0 d-----w- c:\windows\Sonysys
2009-10-27 00:23:21 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 00:22:58 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 00:22:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-27 00:22:50 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 00:14:57 28029 ----a-w- c:\programdata\nvModes.dat
2009-10-27 00:09:38 768544 ----a-w- c:\windows\system32\nvcplui.exe
2009-10-27 00:09:38 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2009-10-27 00:09:38 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2009-10-27 00:09:38 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2009-10-27 0008 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-26 22:52:02 0 d-----w- c:\windows\system32\EventProviders
2009-10-26 22:49:59 143872 ----a-w- c:\windows\system32\korwbrkr.dll
2009-10-26 22:48:59 852992 ----a-w- c:\windows\system32\mcmde.dll
2009-10-26 22:24:35 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-26 22:24:35 1696768 ----a-w- c:\windows\system32\gameux.dll
2009-10-26 22:24:34 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-26 22:07:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-26 21:48:51 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-26 21:38:34 0 d-----w- C:\Update
2009-10-26 21:35:15 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-10-26 21:34:22 0 d-----w- c:\program files\MSXML 4.0
2009-10-26 21:32:54 2868224 ----a-w- c:\windows\system32\mf.dll
2009-10-26 21:31:58 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-10-26 21:31:57 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-10-26 21:31:56 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-10-26 21:31:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-10-26 21:31:56 23552 ----a-w- c:\windows\system32\lpk.dll
2009-10-26 21:31:56 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-10-26 21:31:56 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-10-26 21:31:54 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-10-26 21:31:50 623616 ----a-w- c:\windows\system32\localspl.dll
2009-10-26 21:30:58 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-10-26 21:30:57 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-26 21:30:57 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-10-26 21:30:57 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-26 21:30:56 43520 ----a-w- c:\windows\system32\msdxm.tlb
2009-10-26 21:30:56 18432 ----a-w- c:\windows\system32\amcompat.tlb
2009-10-26 21:26:17 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-10-26 21:25:46 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-26 21:25:05 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-26 21:22:54 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-26 20:07:36 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-26 20:07:36 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-26 2052 0 d-----w- c:\programdata\Kaspersky Lab
2009-10-26 2052 0 d-----w- c:\program files\Kaspersky Lab
2009-10-26 2002 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-10-26 20:05:17 0 d-----w- c:\windows\system32\Lang
2009-10-26 19:30:35 146 ----a-w- c:\windows\WININIT.INI
2009-10-26 19:19:40 0 d-----w- C:\Intel
2009-10-26 1958 20 --sh--w- c:\users\richard\ntuser.ini
2009-10-20 20:34:56 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-14 21:18:34 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-10-02 19:39:36 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys

==================== Find3M ====================

2009-10-28 23:44:44 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-28 23:44:44 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-28 23:44:36 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-27 19:51:45 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-27 01:15:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-26 19:07:42 0 ------w- c:\windows\system32\drivers\Sony_VGC-LN1M.mrk
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 14:46:36 21520 ----a-w- c:\windows\system32\drivers\klim6.sys
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-09-09 19:01:40 27675 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-04 12:34:19 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 12:34:19 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 1:45:08.95 ===============


********************************************

also, maybe a valid reason why, but how come some of the time stamps on the log file above, some of them ended up becoming smileys when i posted them here, were the charactors not actually numbers and were letters instead???
Attached Files
File Type: zip ark.zip (1.2 KB, 5 views)
File Type: zip Attach.zip (6.0 KB, 2 views)
infofeeder is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-03-2009, 01:07 PM   #2 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 16
OS: vista home premium


Re: please help, hacked/infected
Bump, havent recieved any help in over 3 days!! :)
infofeeder is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2009, 02:55 PM   #3 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,734
OS: XP SP3


Re: please help, hacked/infected
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Sorry for the delay. We have many more people needing help than trained helpers. If you still need help, please run dds and gmer again, and post/attach the logs as before. You will have to use different attach names this time.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2009, 04:33 PM   #4 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 16
OS: vista home premium


rescanned as requested
ok, rescanned and re posted.

Attachments are named slightly differently.

***********


DDS (Ver_09-10-26.01) - NTFSx86
Run by richard at 23:13:51.36 on 09/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3054.2057 [GMT 0:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\richard\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uLocal Page = about:blank
uStart Page = about:blank
uSearch Page = about:blank
mStart Page = about:blank
mLocal Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
mSearch Page = about:blank
mCustomizeSearch = about:blank
mSearchAssistant = about:blank
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\richard\appdata\roaming\mozilla\firefox\profiles\d3i2co68.default\
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2009-10-27 299008]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-31 98304]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-8 1153368]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-31 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
R3 AVerAVF2;AVerAVF2;c:\windows\system32\drivers\AVerAVF2.sys [2008-7-31 979584]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-7-31 224384]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-31 9344]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-29 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2009-10-27 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2009-10-27 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2009-10-27 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2009-10-27 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"c:\program files\common files\sony shared\vcmxml\vcmxmlifhelper.exe" --> c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [?]
S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
S4 GGIX;GGIX;c:\users\richard\appdata\local\temp\ggix.exe --> c:\users\richard\appdata\local\temp\GGIX.exe [?]
S4 KHOEAJPLDJRU;KHOEAJPLDJRU;c:\users\richard\appdata\local\temp\khoeajpldjru.exe --> c:\users\richard\appdata\local\temp\KHOEAJPLDJRU.exe [?]
S4 QXDLW;QXDLW;c:\users\richard\appdata\local\temp\qxdlw.exe --> c:\users\richard\appdata\local\temp\QXDLW.exe [?]
S4 TZTTTOP;TZTTTOP;c:\users\richard\appdata\local\temp\tztttop.exe --> c:\users\richard\appdata\local\temp\TZTTTOP.exe [?]
S4 WCWV;WCWV;c:\users\richard\appdata\local\temp\wcwv.exe --> c:\users\richard\appdata\local\temp\WCWV.exe [?]
S4 YPNICRQN;YPNICRQN;c:\users\richard\appdata\local\temp\ypnicrqn.exe --> c:\users\richard\appdata\local\temp\YPNICRQN.exe [?]

=============== Created Last 30 ================

2009-11-08 20:05:21 218 ----a-w- c:\users\richard\.recently-used.xbel
2009-11-08 18:41:38 120 ----a-w- c:\users\richard\appdata\roaming\wklnhst.dat
2009-11-08 17:22:48 0 d-----w- c:\program files\ICQ6.5
2009-11-08 17:12:47 0 d-----w- c:\program files\Pidgin
2009-11-08 01:23:02 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-08 01:23:02 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-07 22:53:15 0 d-----w- c:\users\richard\appdata\roaming\.purple
2009-11-07 22:50:10 0 d-----w- c:\program files\common files\GTK
2009-11-07 22:21:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 22:21:48 0 d-----w- c:\programdata\Malwarebytes
2009-11-07 22:21:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 22:21:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 17:34:22 0 d-----w- c:\users\richard\appdata\roaming\Malwarebytes
2009-11-05 15:54:45 0 d-----w- c:\program files\common files\DivX Shared
2009-11-05 02:47:36 0 d-----w- c:\users\richard\.SunDownloadManager
2009-11-03 20:00:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-03 01:08:38 0 d-----w- c:\users\richard\sitebuilder
2009-11-03 01:05:47 0 d-----w- c:\program files\Yahoo SiteBuilder
2009-11-01 01:38:07 0 d-----w- c:\program files\Trend Micro
2009-10-30 02:00:19 0 d-----w- c:\users\richard\Tracing
2009-10-30 01:56:51 0 d-----w- c:\program files\Microsoft
2009-10-30 01:55:34 0 d-----w- c:\program files\Windows Live SkyDrive
2009-10-30 01:54:49 0 d-----w- c:\windows\PCHEALTH
2009-10-30 01:51:59 0 d-----w- c:\program files\common files\Windows Live
2009-10-28 00:38:01 160272 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-28 00:17:53 0 d-----w- c:\programdata\WinZip
2009-10-27 20:47:25 59 ----a-w- c:\windows\pp.enc
2009-10-27 20:45:18 0 d-----w- c:\users\richard\appdata\roaming\Microgaming
2009-10-27 20:44:56 0 d-----w- C:\Microgaming
2009-10-27 19:51:47 0 d-----w- c:\program files\Windows Portable Devices
2009-10-27 19:51:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-27 19:49:39 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-27 19:48:31 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-27 19:48:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-27 19:48:31 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-27 19:46:35 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 19:46:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 04:02:34 0 d-----w- c:\windows\pss
2009-10-27 04:01:29 0 d-----w- c:\program files\CCleaner
2009-10-27 02:17:30 0 d-----w- c:\windows\system32\Adobe
2009-10-27 02:16:05 0 d-----w- c:\programdata\NOS
2009-10-27 02:07:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-27 01:22:47 0 d-----w- c:\windows\system32\eu-ES
2009-10-27 01:22:47 0 d-----w- c:\windows\system32\ca-ES
2009-10-27 01:22:46 0 d-----w- c:\windows\system32\vi-VN
2009-10-27 00:56:18 1645320 ------w- c:\windows\system32\gdiplus.dll
2009-10-27 00:56:11 0 d-----w- C:\Documentation
2009-10-27 00:56:08 0 ----a-w- c:\windows\VAIOUpdt.INI
2009-10-27 00:51:15 86016 ------w- c:\windows\system32\SonyAIwd.dll
2009-10-27 00:51:15 155648 ------w- c:\windows\system32\SonyAIwo.dll
2009-10-27 00:51:15 147456 ------w- c:\windows\system32\SonyAIds.dll
2009-10-27 00:51:07 344064 ------w- c:\windows\system32\SSMSIppCustom.dll
2009-10-27 00:51:03 98304 ------w- c:\windows\system32\CddbLangITSony.dll
2009-10-27 00:51:03 98304 ------w- c:\windows\system32\CddbLangFRSony.dll
2009-10-27 00:51:03 98304 ------w- c:\windows\system32\CddbLangESSony.dll
2009-10-27 00:51:03 98304 ------w- c:\windows\system32\CddbLangDESony.dll
2009-10-27 00:51:03 77824 ------w- c:\windows\system32\CddbLangJASony.dll
2009-10-27 00:51:03 69632 ------w- c:\windows\system32\CddbLangZHSony.dll
2009-10-27 00:51:03 135168 ------w- c:\windows\system32\CddbLangRUSony.dll
2009-10-27 00:50:44 0 d-----w- c:\programdata\Skype
2009-10-27 00:50:40 0 d-----w- c:\programdata\Uninstall
2009-10-27 00:50:37 0 d-----w- c:\programdata\Sonic
2009-10-27 00:46:49 0 d-----w- c:\programdata\SiteAdvisor
2009-10-27 00:45:30 0 d-----w- c:\programdata\Google
2009-10-27 00:42:47 0 d-----w- c:\program files\DivX
2009-10-27 00:42:36 770048 ------w- c:\windows\system32\CDDBUISony.dll
2009-10-27 00:42:36 655360 ------w- c:\windows\system32\CDDBControlSony.dll
2009-10-27 00:42:36 589824 ------w- c:\windows\system32\CddbMusicIDSony.dll
2009-10-27 00:40:27 0 d-----w- c:\program files\common files\PX Storage Engine
2009-10-27 00:39:57 0 d-----w- c:\program files\Picasa2
2009-10-27 00:39:54 0 d-----w- c:\program files\Google BAE
2009-10-27 00:39:46 40 ----a-w- c:\windows\system32\ivireg.ivr
2009-10-27 00:39:24 0 d-----w- c:\program files\common files\InterVideo
2009-10-27 00:38:20 0 d-----w- c:\program files\InterVideo
2009-10-27 00:36:12 2 ------w- c:\windows\system32\Snyres.oem
2009-10-27 00:32:30 129520 ------w- c:\windows\system32\pxafs.dll
2009-10-27 00:32:18 209 ----a-w- c:\windows\ODBCINST.INI
2009-10-27 00:31:59 0 d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-10-27 00:31:20 32592 ------w- c:\windows\system32\msonpmon.dll
2009-10-27 00:30:06 0 d-----w- c:\programdata\Microsoft Help
2009-10-27 00:29:08 0 d-----w- c:\windows\Sonysys
2009-10-27 00:23:21 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 00:22:58 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 00:22:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-27 00:22:50 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 00:14:57 28029 ----a-w- c:\programdata\nvModes.dat
2009-10-27 00:09:38 768544 ----a-w- c:\windows\system32\nvcplui.exe
2009-10-27 00:09:38 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2009-10-27 00:09:38 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2009-10-27 00:09:38 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2009-10-27 0008 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-26 22:52:02 0 d-----w- c:\windows\system32\EventProviders
2009-10-26 22:49:59 143872 ----a-w- c:\windows\system32\korwbrkr.dll
2009-10-26 22:48:59 852992 ----a-w- c:\windows\system32\mcmde.dll
2009-10-26 22:24:35 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-26 22:24:35 1696768 ----a-w- c:\windows\system32\gameux.dll
2009-10-26 22:24:34 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-26 22:07:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-26 21:48:51 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-26 21:38:34 0 d-----w- C:\Update
2009-10-26 21:35:15 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-10-26 21:34:22 0 d-----w- c:\program files\MSXML 4.0
2009-10-26 21:32:54 2868224 ----a-w- c:\windows\system32\mf.dll
2009-10-26 21:31:58 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-10-26 21:31:57 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-10-26 21:31:56 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-10-26 21:31:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-10-26 21:31:56 23552 ----a-w- c:\windows\system32\lpk.dll
2009-10-26 21:31:56 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-10-26 21:31:56 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-10-26 21:31:54 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-10-26 21:31:50 623616 ----a-w- c:\windows\system32\localspl.dll
2009-10-26 21:30:58 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-10-26 21:30:57 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-26 21:30:57 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-10-26 21:30:57 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-26 21:30:56 43520 ----a-w- c:\windows\system32\msdxm.tlb
2009-10-26 21:30:56 18432 ----a-w- c:\windows\system32\amcompat.tlb
2009-10-26 21:26:17 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-10-26 21:25:46 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-26 21:25:05 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-26 21:22:54 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-26 20:07:36 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-26 20:07:36 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-26 2052 0 d-----w- c:\programdata\Kaspersky Lab
2009-10-26 2052 0 d-----w- c:\program files\Kaspersky Lab
2009-10-26 2002 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-10-26 20:05:17 0 d-----w- c:\windows\system32\Lang
2009-10-26 19:30:35 146 ----a-w- c:\windows\WININIT.INI
2009-10-26 19:19:40 0 d-----w- C:\Intel
2009-10-20 20:34:56 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-14 21:18:34 36880 ----a-w- c:\windows\system32\drivers\klbg.sys

==================== Find3M ====================

2009-10-28 23:44:44 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-28 23:44:44 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-28 23:44:36 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-27 19:51:45 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-27 01:15:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-26 19:07:42 0 ------w- c:\windows\system32\drivers\Sony_VGC-LN1M.mrk
2009-10-02 19:39:36 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-09-25 16:41:28 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 14:46:36 21520 ----a-w- c:\windows\system32\drivers\klim6.sys
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:14:18.90 ===============
Attached Files
File Type: zip arknew.zip (1.2 KB, 1 views)
File Type: zip Attachscanreport.zip (3.2 KB, 2 views)
infofeeder is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2009, 06:25 PM   #5 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,734
OS: XP SP3


Re: please help, hacked/infected
Hello, infofeeder.

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

If you click 'Start' and have no 'Run' function, please right-click Start > Properties > Start menu tab > Customize button > scroll down to and tick 'Run command' box > OK > Apply > OK.

------------------------------------------------------

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

sc delete GGIX

A DOS window will open and close again, this is normal.

Repeat for each of these commands(make sure you do not miss any):

sc delete KHOEAJPLDJRU

sc delete QXDLW

sc delete TZTTTOP

sc delete WCWV

sc delete YPNICRQN

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here to run an online scannner from ESET and Save the file to your Desktop.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install.
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives, click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Scan
  • Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic and also let me know how things are now.
------------------------------------------------------

If you have trouble with your computer blocking the ActiveX, go here and temporarily turn the feature off:

http://www.windowsreference.com/inte...the-publisher/

Remember to turn it back on after the scan!

------------------------------------------------------

Please describe any remaining problems.

Please run dds again and post the first log, DSS.txt, in your next reply. I only need to see DDS.txt.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-10-2009, 11:06 AM   #6 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 16
OS: vista home premium


Re: please help, hacked/infected
As requested, here is the scan report, i see they are still there, it wouldnt let me do the run as command in administrator mode, which i thought odd as normally there is an option to do that.

Please advise, do i need to turn off the user protection??


*********************************************
DDS (Ver_09-10-26.01) - NTFSx86
Run by richard at 16:32:39.77 on 10/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3054.1525 [GMT 0:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\richard\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uLocal Page = about:blank
uStart Page = about:blank
uSearch Page = about:blank
mStart Page = about:blank
mLocal Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
mSearch Page = about:blank
mCustomizeSearch = about:blank
mSearchAssistant = about:blank
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\richard\appdata\roaming\mozilla\firefox\profiles\d3i2co68.default\
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2009-10-27 299008]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-31 98304]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-8 1153368]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-31 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
R3 AVerAVF2;AVerAVF2;c:\windows\system32\drivers\AVerAVF2.sys [2008-7-31 979584]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-7-31 224384]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-31 9344]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-29 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2009-10-27 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2009-10-27 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2009-10-27 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2009-10-27 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"c:\program files\common files\sony shared\vcmxml\vcmxmlifhelper.exe" --> c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [?]
S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
S4 GGIX;GGIX;c:\users\richard\appdata\local\temp\ggix.exe --> c:\users\richard\appdata\local\temp\GGIX.exe [?]
S4 KHOEAJPLDJRU;KHOEAJPLDJRU;c:\users\richard\appdata\local\temp\khoeajpldjru.exe --> c:\users\richard\appdata\local\temp\KHOEAJPLDJRU.exe [?]
S4 QXDLW;QXDLW;c:\users\richard\appdata\local\temp\qxdlw.exe --> c:\users\richard\appdata\local\temp\QXDLW.exe [?]
S4 TZTTTOP;TZTTTOP;c:\users\richard\appdata\local\temp\tztttop.exe --> c:\users\richard\appdata\local\temp\TZTTTOP.exe [?]
S4 WCWV;WCWV;c:\users\richard\appdata\local\temp\wcwv.exe --> c:\users\richard\appdata\local\temp\WCWV.exe [?]
S4 YPNICRQN;YPNICRQN;c:\users\richard\appdata\local\temp\ypnicrqn.exe --> c:\users\richard\appdata\local\temp\YPNICRQN.exe [?]

=============== Created Last 30 ================

2009-11-10 08:00:29 0 d-----w- c:\program files\ESET
2009-11-08 20:05:21 218 ----a-w- c:\users\richard\.recently-used.xbel
2009-11-08 18:41:38 120 ----a-w- c:\users\richard\appdata\roaming\wklnhst.dat
2009-11-08 17:22:48 0 d-----w- c:\program files\ICQ6.5
2009-11-08 17:12:47 0 d-----w- c:\program files\Pidgin
2009-11-08 01:23:02 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-08 01:23:02 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-07 22:53:15 0 d-----w- c:\users\richard\appdata\roaming\.purple
2009-11-07 22:50:10 0 d-----w- c:\program files\common files\GTK
2009-11-07 22:21:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 22:21:48 0 d-----w- c:\programdata\Malwarebytes
2009-11-07 22:21:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 22:21:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 17:34:22 0 d-----w- c:\users\richard\appdata\roaming\Malwarebytes
2009-11-05 15:54:45 0 d-----w- c:\program files\common files\DivX Shared
2009-11-05 02:47:36 0 d-----w- c:\users\richard\.SunDownloadManager
2009-11-03 20:00:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-03 01:08:38 0 d-----w- c:\users\richard\sitebuilder
2009-11-03 01:05:47 0 d-----w- c:\program files\Yahoo SiteBuilder
2009-11-01 01:38:07 0 d-----w- c:\program files\Trend Micro
2009-10-30 02:00:19 0 d-----w- c:\users\richard\Tracing
2009-10-30 01:56:51 0 d-----w- c:\program files\Microsoft
2009-10-30 01:55:34 0 d-----w- c:\program files\Windows Live SkyDrive
2009-10-30 01:54:49 0 d-----w- c:\windows\PCHEALTH
2009-10-30 01:51:59 0 d-----w- c:\program files\common files\Windows Live
2009-10-28 00:38:01 160272 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-28 00:17:53 0 d-----w- c:\programdata\WinZip
2009-10-27 20:47:25 59 ----a-w- c:\windows\pp.enc
2009-10-27 20:45:18 0 d-----w- c:\users\richard\appdata\roaming\Microgaming
2009-10-27 20:44:56 0 d-----w- C:\Microgaming
2009-10-27 19:51:47 0 d-----w- c:\program files\Windows Portable Devices
2009-10-27 19:51:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-27 19:49:39 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-27 19:48:31 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-27 19:48:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-27 19:48:31 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-27 19:46:35 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 19:46:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 04:02:34 0 d-----w- c:\windows\pss
2009-10-27 04:01:29 0 d-----w- c:\program files\CCleaner
2009-10-27 02:17:30 0 d-----w- c:\windows\system32\Adobe
2009-10-27 02:16:05 0 d-----w- c:\programdata\NOS
2009-10-27 02:07:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-27 01:22:47 0 d-----w- c:\windows\system32\eu-ES
2009-10-27 01:22:47 0 d-----w- c:\windows\system32\ca-ES
2009-10-27 01:22:46 0 d-----w- c:\windows\system32\vi-VN
2009-10-27 00:56:18 1645320 ------w- c:\windows\system32\gdiplus.dll
2009-10-27 00:56:11 0 d-----w- C:\Documentation
2009-10-27 00:56:08 0 ----a-w- c:\windows\VAIOUpdt.INI
2009-10-27 00:51:15 86016 ------w- c:\windows\system32\SonyAIwd.dll
2009-10-27 00:51:15 155648 ------w- c:\windows\system32\SonyAIwo.dll
2009-10-27 00:51:15 147456 ------w- c:\windows\system32\SonyAIds.dll
2009-10-27 00:51:07 344064 ------w- c:\windows\system32\SSMSIppCustom.dll
2009-10-27 00:51:03 98304 ------w- c:\windows\system32\CddbLangITSony.dll
2009-10-27 00:51:03 98304 ------w- c:\windows\system32\CddbLangFRSony.dll
2009-10-27 00:51:03 98304 ------w- c:\windows\system32\CddbLangESSony.dll
2009-10-27 00:51:03 98304 ------w- c:\windows\system32\CddbLangDESony.dll
2009-10-27 00:51:03 77824 ------w- c:\windows\system32\CddbLangJASony.dll
2009-10-27 00:51:03 69632 ------w- c:\windows\system32\CddbLangZHSony.dll
2009-10-27 00:51:03 135168 ------w- c:\windows\system32\CddbLangRUSony.dll
2009-10-27 00:50:44 0 d-----w- c:\programdata\Skype
2009-10-27 00:50:40 0 d-----w- c:\programdata\Uninstall
2009-10-27 00:50:37 0 d-----w- c:\programdata\Sonic
2009-10-27 00:46:49 0 d-----w- c:\programdata\SiteAdvisor
2009-10-27 00:45:30 0 d-----w- c:\programdata\Google
2009-10-27 00:42:47 0 d-----w- c:\program files\DivX
2009-10-27 00:42:36 770048 ------w- c:\windows\system32\CDDBUISony.dll
2009-10-27 00:42:36 655360 ------w- c:\windows\system32\CDDBControlSony.dll
2009-10-27 00:42:36 589824 ------w- c:\windows\system32\CddbMusicIDSony.dll
2009-10-27 00:40:27 0 d-----w- c:\program files\common files\PX Storage Engine
2009-10-27 00:39:57 0 d-----w- c:\program files\Picasa2
2009-10-27 00:39:54 0 d-----w- c:\program files\Google BAE
2009-10-27 00:39:46 40 ----a-w- c:\windows\system32\ivireg.ivr
2009-10-27 00:39:24 0 d-----w- c:\program files\common files\InterVideo
2009-10-27 00:38:20 0 d-----w- c:\program files\InterVideo
2009-10-27 00:36:12 2 ------w- c:\windows\system32\Snyres.oem
2009-10-27 00:32:30 129520 ------w- c:\windows\system32\pxafs.dll
2009-10-27 00:32:18 209 ----a-w- c:\windows\ODBCINST.INI
2009-10-27 00:31:59 0 d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-10-27 00:31:20 32592 ------w- c:\windows\system32\msonpmon.dll
2009-10-27 00:30:06 0 d-----w- c:\programdata\Microsoft Help
2009-10-27 00:29:08 0 d-----w- c:\windows\Sonysys
2009-10-27 00:23:21 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 00:22:58 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 00:22:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-27 00:22:50 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 00:14:57 28029 ----a-w- c:\programdata\nvModes.dat
2009-10-27 00:09:38 768544 ----a-w- c:\windows\system32\nvcplui.exe
2009-10-27 00:09:38 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2009-10-27 00:09:38 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2009-10-27 00:09:38 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2009-10-27 0008 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-26 22:52:02 0 d-----w- c:\windows\system32\EventProviders
2009-10-26 22:49:59 143872 ----a-w- c:\windows\system32\korwbrkr.dll
2009-10-26 22:48:59 852992 ----a-w- c:\windows\system32\mcmde.dll
2009-10-26 22:24:35 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-26 22:24:35 1696768 ----a-w- c:\windows\system32\gameux.dll
2009-10-26 22:24:34 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-26 22:07:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-26 21:48:51 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-26 21:38:34 0 d-----w- C:\Update
2009-10-26 21:35:15 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-10-26 21:34:22 0 d-----w- c:\program files\MSXML 4.0
2009-10-26 21:32:54 2868224 ----a-w- c:\windows\system32\mf.dll
2009-10-26 21:31:58 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-10-26 21:31:57 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-10-26 21:31:56 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-10-26 21:31:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-10-26 21:31:56 23552 ----a-w- c:\windows\system32\lpk.dll
2009-10-26 21:31:56 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-10-26 21:31:56 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-10-26 21:31:54 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-10-26 21:31:50 623616 ----a-w- c:\windows\system32\localspl.dll
2009-10-26 21:30:58 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-10-26 21:30:57 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-26 21:30:57 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-10-26 21:30:57 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-26 21:30:56 43520 ----a-w- c:\windows\system32\msdxm.tlb
2009-10-26 21:30:56 18432 ----a-w- c:\windows\system32\amcompat.tlb
2009-10-26 21:26:17 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-10-26 21:25:46 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-26 21:25:05 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-26 21:22:54 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-26 20:07:36 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-26 20:07:36 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-26 2052 0 d-----w- c:\programdata\Kaspersky Lab
2009-10-26 2052 0 d-----w- c:\program files\Kaspersky Lab
2009-10-26 2002 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-10-26 20:05:17 0 d-----w- c:\windows\system32\Lang
2009-10-26 19:30:35 146 ----a-w- c:\windows\WININIT.INI
2009-10-26 19:19:40 0 d-----w- C:\Intel
2009-10-20 20:34:56 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-14 21:18:34 36880 ----a-w- c:\windows\system32\drivers\klbg.sys

==================== Find3M ====================

2009-10-28 23:44:44 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-28 23:44:44 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-28 23:44:36 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-27 19:51:45 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-27 01:15:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-26 19:07:42 0 ------w- c:\windows\system32\drivers\Sony_VGC-LN1M.mrk
2009-10-02 19:39:36 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-09-25 16:41:28 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 14:46:36 21520 ----a-w- c:\windows\system32\drivers\klim6.sys
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:32:55.55 ===============
infofeeder is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-10-2009, 11:30 AM   #7 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,734
OS: XP SP3


Re: please help, hacked/infected
Quote:
do i need to turn off the user protection?
If you mean for the ESET scan, yes, please disable Kaspersky.
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-10-2009, 12:50 PM   #8 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 16
OS: vista home premium


Re: please help, hacked/infected
no sorry i ment on vista you can go to users and turn off user account control.

I already turned off kaspersky, although for some reason esent said that defender was present, and it isnt, i even disabled it as a service.

the esent scan i did before didnt show up anything.

so what should i do next? As it seems those deletions you asked to me to do, are still present.

Also what kind of infection do i have??
infofeeder is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-10-2009, 01:44 PM   #9 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,734
OS: XP SP3


Re: please help, hacked/infected
Hello again, infofeeder.

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-10-2009, 02:49 PM   #10 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 16
OS: vista home premium


Re: please help, hacked/infected
neither of those links are giving me the download, can you give me a link that will let me download it?

Also do i need to take system restore off??

or the user account control??

When i run it??

Do i need to be online or offline when i do it?
infofeeder is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-10-2009, 03:09 PM   #11 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,734
OS: XP SP3


Re: please help, hacked/infected
Hello again, infofeeder. ComboFix is temporarily unavailable. It will be updated eventually. You will have to wait for the links to become active again.

You don't need to turn off system restore or UAC. Please follow the instructions, nothing more, nothing less.

ComboFix is preferably run while online, in case ComboFix needs to be updated, but shouldn't matter on the first run after downloading.

Once the links are available again, run ComboFix and post the log in your next reply.
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2009, 01:08 PM   #12 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 16
OS: vista home premium


Re: please help, hacked/infected
As requested, combofix scan result.

Can i ask any idea's as to what you think it might be??

*****************

ComboFix 09-11-11.02 - richard 11/11/2009 19:47.4.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3054.2012 [GMT 0:00]
Running from: c:\users\richard\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-10-11 to 2009-11-11 )))))))))))))))))))))))))))))))
.

2009-11-11 19:59 . 2009-11-11 20:00 -------- d-----w- c:\users\richard\AppData\Local\temp
2009-11-11 19:59 . 2009-11-11 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-07 22:53 . 2009-11-09 23:09 4096 d-----w- c:\users\richard\AppData\Roaming\.purple
2009-11-07 22:51 . 2009-11-07 22:53 4096 d-----w- c:\program files\Aspell
2009-11-07 22:50 . 2009-11-08 17:12 -------- d-----w- c:\program files\Common Files\GTK
2009-11-07 22:21 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 22:21 . 2009-11-07 22:21 -------- d-----w- c:\programdata\Malwarebytes
2009-11-07 22:21 . 2009-11-07 22:21 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 22:21 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 17:34 . 2009-11-07 17:34 -------- d-----w- c:\users\richard\AppData\Roaming\Malwarebytes
2009-11-05 15:55 . 2009-11-05 16:02 -------- d-----w- c:\users\richard\AppData\Roaming\DivX
2009-11-05 15:54 . 2009-11-05 15:55 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-11-05 02:53 . 2009-11-05 02:53 -------- d-----w- c:\program files\Java
2009-11-05 02:47 . 2009-11-05 02:48 4096 d-----w- c:\users\richard\.SunDownloadManager
2009-11-03 01:08 . 2009-11-03 01:22 -------- d-----w- c:\users\richard\sitebuilder
2009-11-03 01:05 . 2009-11-03 01:40 4096 d-----w- c:\program files\Yahoo SiteBuilder
2009-11-01 01:38 . 2009-11-01 01:38 -------- d-----w- c:\program files\Trend Micro
2009-10-31 04:12 . 2009-10-31 04:12 408048 ----a-w- c:\programdata\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume2\Users\richard\AppData\Local\Temp\SearchWithGoogleUpdate.exe
2009-10-30 02:00 . 2009-11-08 21:34 -------- d-----w- c:\users\richard\Tracing
2009-10-30 01:56 . 2009-10-30 01:56 -------- d-----w- c:\program files\Microsoft
2009-10-30 01:55 . 2009-10-30 01:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-30 01:55 . 2009-10-30 01:56 -------- d-----w- c:\program files\Windows Live
2009-10-30 01:54 . 2009-10-30 01:54 -------- d-----w- c:\windows\PCHEALTH
2009-10-30 01:51 . 2009-10-30 01:51 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-29 02:01 . 2009-10-29 21:52 4096 d-----w- c:\users\richard\AppData\Roaming\FileZilla
2009-10-29 02:01 . 2009-10-29 02:01 4096 d-----w- c:\program files\FileZilla FTP Client
2009-10-28 00:38 . 2009-10-28 00:38 160272 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-28 00:17 . 2009-10-28 00:18 -------- d-----w- c:\programdata\WinZip
2009-10-27 20:45 . 2009-11-05 16:28 -------- d-----w- c:\users\richard\AppData\Roaming\Microgaming
2009-10-27 20:44 . 2009-10-27 20:44 -------- d-----w- C:\Microgaming
2009-10-27 19:51 . 2009-10-27 19:51 -------- d-----w- c:\program files\Windows Portable Devices
2009-10-27 19:49 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-27 19:49 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-27 19:49 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-27 19:49 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-27 19:49 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-27 19:49 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-27 19:49 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-27 19:49 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-27 19:49 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-27 19:49 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-27 19:49 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-27 19:49 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-27 19:48 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-27 19:48 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-27 19:48 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-27 19:46 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 19:46 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 04:01 . 2009-10-27 04:01 -------- d-----w- c:\program files\CCleaner
2009-10-27 02:17 . 2009-10-27 02:17 -------- d-----w- c:\windows\system32\Adobe
2009-10-27 02:16 . 2009-11-07 02:00 4096 d-----w- c:\programdata\NOS
2009-10-27 02:16 . 2009-10-27 02:16 -------- d-----w- c:\program files\NOS
2009-10-27 02:07 . 2009-11-05 02:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-27 01:22 . 2009-10-27 01:23 -------- d-----w- c:\windows\system32\ca-ES
2009-10-27 01:22 . 2009-10-27 01:22 -------- d-----w- c:\windows\system32\eu-ES
2009-10-27 01:22 . 2009-10-27 01:22 -------- d-----w- c:\windows\system32\vi-VN
2009-10-27 00:56 . 2009-10-27 00:56 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-10-27 00:56 . 2009-10-27 00:56 -------- d-----w- c:\program files\ArcSoft
2009-10-27 00:56 . 2004-05-04 18:53 1645320 ------w- c:\windows\system32\gdiplus.dll
2009-10-27 00:56 . 2009-10-27 00:56 -------- d-----w- C:\Documentation
2009-10-27 00:52 . 2007-06-14 12:09 58408960 ----a-w- c:\programdata\Sony Corporation\VAIO DVD Menu Data\DVD-Video\GmRes\gmCelebrateRes.dll
2009-10-27 00:51 . 2007-12-10 16:47 155648 ------w- c:\windows\system32\SonyAIwo.dll
2009-10-27 00:51 . 2007-12-10 16:47 147456 ------w- c:\windows\system32\SonyAIds.dll
2009-10-27 00:51 . 2007-12-07 23:15 86016 ------w- c:\windows\system32\SonyAIwd.dll
2009-10-27 00:51 . 2009-10-27 00:51 -------- d-----w- c:\users\Public\SonicStage Mastering Studio
2009-10-27 00:51 . 2007-04-04 20:14 344064 ------w- c:\windows\system32\SSMSIppCustom.dll
2009-10-27 00:51 . 2007-01-12 22:12 98304 ------w- c:\windows\system32\CddbLangITSony.dll
2009-10-27 00:51 . 2007-01-12 22:12 98304 ------w- c:\windows\system32\CddbLangFRSony.dll
2009-10-27 00:51 . 2007-01-12 22:12 98304 ------w- c:\windows\system32\CddbLangESSony.dll
2009-10-27 00:51 . 2007-01-12 22:12 69632 ------w- c:\windows\system32\CddbLangZHSony.dll
2009-10-27 00:51 . 2007-01-12 22:11 77824 ------w- c:\windows\system32\CddbLangJASony.dll
2009-10-27 00:51 . 2007-01-12 22:11 98304 ------w- c:\windows\system32\CddbLangDESony.dll
2009-10-27 00:51 . 2006-05-11 19:09 135168 ------w- c:\windows\system32\CddbLangRUSony.dll
2009-10-27 00:50 . 2009-10-26 19:32 -------- d-----w- c:\programdata\Skype
2009-10-27 00:50 . 2009-10-27 00:50 -------- d-----w- c:\programdata\Uninstall
2009-10-27 00:50 . 2008-06-27 07:05 4700656 ----a-w- c:\programdata\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe
2009-10-27 00:50 . 2008-06-27 07:05 602112 ----a-w- c:\programdata\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\bin\setupresENU.dll
2009-10-27 00:50 . 2009-10-27 00:50 -------- d-----w- c:\programdata\Sonic
2009-10-27 00:46 . 2009-10-26 19:18 -------- d-----w- c:\programdata\SiteAdvisor
2009-10-27 00:42 . 2009-11-05 15:55 8192 d-----w- c:\program files\DivX
2009-10-27 00:42 . 2009-10-27 00:42 -------- d-----w- c:\users\Public\DSD Direct
2009-10-27 00:42 . 2007-01-12 22:11 770048 ------w- c:\windows\system32\CDDBUISony.dll
2009-10-27 00:42 . 2007-01-12 22:09 589824 ------w- c:\windows\system32\CddbMusicIDSony.dll
2009-10-27 00:42 . 2007-01-12 22:08 655360 ------w- c:\windows\system32\CDDBControlSony.dll
2009-10-27 00:40 . 2009-10-26 19:30 4096 d-----w- c:\program files\Common Files\PX Storage Engine
2009-10-27 00:39 . 2009-10-27 00:40 4096 d-----w- c:\program files\Picasa2
2009-10-27 00:39 . 2009-11-07 02:32 -------- d-----w- c:\program files\Google BAE
2009-10-27 00:39 . 2009-10-27 00:39 -------- d-----w- c:\program files\Common Files\InterVideo
2009-10-27 00:38 . 2009-10-27 00:39 -------- d-----w- c:\program files\InterVideo
2009-10-27 00:33 . 2009-11-10 07:48 -------- d-----w- c:\windows\system32\Macromed
2009-10-27 00:32 . 2008-03-27 16:21 129520 ------w- c:\windows\system32\pxafs.dll
2009-10-27 00:31 . 2009-10-26 19:44 8192 d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-10-27 00:31 . 2006-10-27 02:56 32592 ------w- c:\windows\system32\msonpmon.dll
2009-10-27 00:31 . 2009-10-30 02:08 16384 d-----w- c:\program files\Microsoft Works
2009-10-27 00:30 . 2009-10-26 19:22 8192 d-----w- c:\programdata\Microsoft Help
2009-10-27 00:29 . 2009-10-27 00:29 -------- d-----w- c:\windows\Sonysys
2009-10-27 00:23 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 00:23 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 00:23 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 00:23 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 00:23 . 2008-07-31 22:34 48992 ----a-w- c:\users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-27 00:23 . 2008-07-31 21:03 2032 ----a-w- c:\users\Default\AppData\Local\d3d9caps.dat
2009-10-27 00:23 . 2008-07-31 20:12 -------- d-----w- c:\users\Default\Bluetooth Software
2009-10-27 00:22 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 00:22 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 00:22 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 00:22 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 00:22 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-27 00:09 . 2008-07-24 22:28 768544 ----a-w- c:\windows\system32\nvcplui.exe
2009-10-27 00:09 . 2008-07-24 22:28 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2009-10-27 00:09 . 2008-07-24 22:28 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2009-10-27 00:06 . 2008-07-23 15:24 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-26 22:52 . 2009-10-26 22:52 4096 d-----w- c:\windows\system32\EventProviders
2009-10-26 22:49 . 2009-04-11 06:28 1017856 ----a-w- c:\windows\system32\wevtsvc.dll
2009-10-26 22:48 . 2009-04-11 06:28 29184 ----a-w- c:\windows\system32\wsepno.dll
2009-10-26 22:24 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-26 22:24 . 2009-04-11 06:28 1696768 ----a-w- c:\windows\system32\gameux.dll
2009-10-26 22:24 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-26 22:07 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-26 21:55 . 2009-10-26 22:00 146477824 ----a-w- c:\programdata\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume2\Users\richard\Downloads\EP0000207178.exe
2009-10-26 21:54 . 2009-10-26 21:57 111983744 ----a-w- c:\programdata\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume2\Users\richard\Downloads\EP0000207369.exe
2009-10-26 21:48 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2009-10-26 21:38 . 2009-11-07 16:45 4096 d-----w- C:\Update
2009-10-26 21:35 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-10-26 21:34 . 2009-10-26 21:34 -------- d-----w- c:\program files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 20:28 . 2009-11-08 17:22 12288 d-----w- c:\program files\ICQ6.5
2009-11-10 20:28 . 2009-11-08 17:23 4096 d-----w- c:\users\richard\AppData\Roaming\ICQ
2009-11-10 08:00 . 2009-11-10 08:00 -------- d-----w- c:\program files\ESET
2009-11-09 02:11 . 2009-11-09 02:11 2141 ----a-w- c:\users\richard\AppData\Roaming\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-11-09 02:11 . 2009-11-09 02:11 2095 ----a-w- c:\users\richard\AppData\Roaming\.purple\certificates\x509\tls_peers\login.live.com
2009-11-08 18:41 . 2009-11-08 18:41 -------- d-----w- c:\users\richard\AppData\Roaming\Template
2009-11-08 18:41 . 2009-11-08 18:41 120 ----a-w- c:\users\richard\AppData\Roaming\wklnhst.dat
2009-11-08 17:41 . 2009-11-08 17:41 -------- d-----w- c:\users\richard\AppData\Roaming\gtk-2.0
2009-11-08 17:26 . 2008-07-31 19:59 28672 d--h--w- c:\program files\InstallShield Installation Information
2009-11-08 17:15 . 2009-11-08 17:15 1089 ----a-w- c:\users\richard\AppData\Roaming\.purple\certificates\x509\tls_peers\login.yahoo.com
2009-11-08 17:12 . 2009-11-08 17:12 4096 d-----w- c:\program files\Pidgin
2009-11-08 16:59 . 2009-10-27 00:14 28029 ----a-w- c:\programdata\nvModes.dat
2009-11-08 01:38 . 2009-11-08 01:23 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-08 01:25 . 2009-11-08 01:23 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-07 17:50 . 2009-10-26 19:07 2032 ----a-w- c:\users\richard\AppData\Local\d3d9caps.dat
2009-11-07 04:22 . 2008-07-31 18:37 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-07 02:01 . 2008-07-31 18:53 -------- d-----w- c:\programdata\NVIDIA
2009-11-05 16:01 . 2008-07-31 18:47 4096 d-----w- c:\program files\Google
2009-10-27 19:51 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-27 19:51 . 2009-10-27 19:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-27 01:23 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-10-27 01:23 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-10-27 01:23 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-10-27 01:23 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-10-27 01:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-27 01:23 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-27 01:23 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-10-27 00:59 . 2008-07-31 22:25 4096 d-----w- c:\programdata\Sony Corporation
2009-10-27 00:56 . 2008-07-31 19:59 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-26 20:30 . 2009-10-26 19:07 79728 ----a-w- c:\users\richard\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-26 20:22 . 2008-07-31 22:20 4096 d-----w- c:\program files\Common Files\Sony Shared
2009-10-26 20:20 . 2008-07-31 22:24 12288 d-----w- c:\program files\Sony
2009-10-26 20:05 . 2008-07-31 18:54 -------- d-----w- c:\program files\Intel
2009-10-26 19:53 . 2008-07-31 22:22 4096 d-----w- c:\program files\Common Files\Adobe
2009-10-26 19:07 . 2009-10-26 19:07 0 ------w- c:\windows\system32\drivers\Sony_VGC-LN1M.mrk
2009-10-02 19:39 . 2009-10-02 19:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 02:10 . 2009-10-27 19:50 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-10-27 19:50 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-10-27 19:50 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-10-27 19:50 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-10-27 19:50 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-10-27 19:50 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-10-27 19:50 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-10-27 19:50 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-10-27 19:50 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-10-27 19:50 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-10-27 19:50 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-10-27 19:50 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-10-27 19:50 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-10-27 19:50 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-10-27 19:50 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-10-27 19:50 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-10-27 19:50 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-10-27 19:50 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-10-27 19:50 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-10-27 19:50 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-10-27 19:50 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-10-27 19:50 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-10-27 19:50 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-10-27 19:50 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-10-27 19:50 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-10-27 19:50 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-10-27 19:50 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 14:46 . 2009-09-14 14:46 21520 ----a-w- c:\windows\system32\drivers\klim6.sys
2009-09-10 16:48 . 2009-10-26 21:32 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 02:01 . 2009-10-27 19:50 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00 . 2009-10-27 19:50 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00 . 2009-10-27 19:50 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-09-09 19:01 . 2009-09-09 19:01 27675 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-09-01 15:29 . 2009-09-01 15:29 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-08-27 05:22 . 2009-10-26 21:50 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-26 21:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-26 21:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-26 21:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-10-26 21:32 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-10-26 21:32 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-10-26 21:32 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-10-26 21:32 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-10-26 21:32 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-10-26 21:32 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-10-26 21:32 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-10-26 21:32 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-10-26 21:32 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-10-26 21:32 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-10-26 21:32 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-24 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-24 13548064]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-11 6244896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c7,33,a0,34,a5,56,ca,01

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [14/10/2009 21:18 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [14/09/2009 14:46 21520]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [27/10/2009 00:55 299008]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18/04/2007 03:09 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [31/07/2008 19:59 98304]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [08/11/2009 01:23 1153368]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [31/07/2008 22:26 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [20/06/2008 15:56 415744]
R3 AVerAVF2;AVerAVF2;c:\windows\System32\drivers\AVerAVF2.sys [31/07/2008 20:06 979584]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\System32\drivers\e1y6032.sys [31/07/2008 19:30 224384]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [02/10/2009 19:39 19472]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [31/07/2008 19:30 9344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/10/2009 01:18 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [27/10/2009 00:54 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [27/10/2009 00:54 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [27/10/2009 00:54 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [27/10/2009 00:51 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" --> c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [?]
S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 07:45 124832]
S4 GGIX;GGIX;c:\users\richard\AppData\Local\Temp\GGIX.exe --> c:\users\richard\AppData\Local\Temp\GGIX.exe [?]
S4 KHOEAJPLDJRU;KHOEAJPLDJRU;c:\users\richard\AppData\Local\Temp\KHOEAJPLDJRU.exe --> c:\users\richard\AppData\Local\Temp\KHOEAJPLDJRU.exe [?]
S4 QXDLW;QXDLW;c:\users\richard\AppData\Local\Temp\QXDLW.exe --> c:\users\richard\AppData\Local\Temp\QXDLW.exe [?]
S4 TZTTTOP;TZTTTOP;c:\users\richard\AppData\Local\Temp\TZTTTOP.exe --> c:\users\richard\AppData\Local\Temp\TZTTTOP.exe [?]
S4 WCWV;WCWV;c:\users\richard\AppData\Local\Temp\WCWV.exe --> c:\users\richard\AppData\Local\Temp\WCWV.exe [?]
S4 YPNICRQN;YPNICRQN;c:\users\richard\AppData\Local\Temp\YPNICRQN.exe --> c:\users\richard\AppData\Local\Temp\YPNICRQN.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 01:18]

2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 01:18]
.
.
------- Supplementary Scan -------
.
uLocal Page = about:blank
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = about:blank
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
FF - ProfilePath - c:\users\richard\AppData\Roaming\Mozilla\Firefox\Profiles\d3i2co68.default\
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 20:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-11 20:03
ComboFix-quarantined-files.txt 2009-11-11 20:03
ComboFix2.txt 2009-11-08 01:16

Pre-Run: 460,742,811,648 bytes free
Post-Run: 460,683,792,384 bytes free

- - End Of File - - 85A854AB974D9AE478A7768877333C66
infofeeder is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2009, 02:10 PM   #13 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,734
OS: XP SP3


Re: please help, hacked/infected
Who ran ComboFix on 2009-11-08, and under whose instruction?
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2009, 03:16 PM   #14 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 16
OS: vista home premium


Re: please help, hacked/infected
Ermmm, it was me, just out of desperation really, although i did run the uninstall afterwards.

Sorry for that.....
infofeeder is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2009, 04:23 PM   #15 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,734
OS: XP SP3


Re: please help, hacked/infected
Hello again, infofeeder.

As you should have read here in Step 2 of our NEW INSTRUCTIONS thread:

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

------------------------------------------------------

As far as your infection, I don't recognize it right off.

------------------------------------------------------

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
Driver::
GGIX
KHOEAJPLDJRU
QXDLW
TZTTTOP
WCWV
YPNICRQN[/b]
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2009, 06:11 PM   #16 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 16
OS: vista home premium


Re: please help, hacked/infected
ok a few things, i ran the scan as specified by yourself.

At the point combofix was about to scan, i had a message pop up and i had to use the mouse the press the close button, to carry on the scan, i will post the event log description for that event below, above the combofix scan result, as all the windowed message box said "PEV.cfxxe has stopped working"

Faulting application PEV.cfxxe, version 0.0.0.0, time stamp 0x4af38ec0, faulting module PEV.cfxxe, version 0.0.0.0, time stamp 0x4af38ec0, exception code 0xc0000417, fault offset 0x00088763, process id 0x950, application start time 0x01ca633093a6833a.

And below is the combofix scan result.

Also my computer seems noticeably faster already, but i did notice there still some of those dodgy looking services still present in the log file posted below.

Also, may not be important, but when everything had finished, and the log file opened up, you know when explorer.exe process is closed, ive seen combofix do it through the scan process, well after everything was done, while i was reading the log file, it did it again, which i thought unusual as everything had finished, it was almost like explorer.exe process was reset again, im no expert obviously, but this was my observation.


****************************************

ComboFix 09-11-11.02 - richard 12/11/2009 0:41.5.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3054.1899 [GMT 0:00]
Running from: c:\users\richard\Desktop\ComboFix.exe
Command switches used :: c:\users\richard\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GGIX
-------\Legacy_KHOEAJPLDJRU
-------\Service_GGIX
-------\Service_KHOEAJPLDJRU
-------\Service_QXDLW
-------\Service_TZTTTOP
-------\Service_WCWV


((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.

2009-11-12 00:52 . 2009-11-12 00:57 -------- d-----w- c:\users\richard\AppData\Local\temp
2009-11-12 00:52 . 2009-11-12 00:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-12 00:52 . 2009-11-12 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-10 08:00 . 2009-11-10 08:00 -------- d-----w- c:\program files\ESET
2009-11-09 02:11 . 2009-11-09 02:11 2141 ----a-w- c:\users\richard\AppData\Roaming\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-11-09 02:11 . 2009-11-09 02:11 2095 ----a-w- c:\users\richard\AppData\Roaming\.purple\certificates\x509\tls_peers\login.live.com
2009-11-08 18:41 . 2009-11-08 18:41 -------- d-----w- c:\users\richard\AppData\Roaming\Template
2009-11-08 17:41 . 2009-11-08 17:41 -------- d-----w- c:\users\richard\AppData\Roaming\gtk-2.0
2009-11-08 17:23 . 2009-11-10 20:28 4096 d-----w- c:\users\richard\AppData\Roaming\ICQ
2009-11-08 17:22 . 2009-11-10 20:28 12288 d-----w- c:\program files\ICQ6.5
2009-11-08 17:15 . 2009-11-08 17:15 1089 ----a-w- c:\users\richard\AppData\Roaming\.purple\certificates\x509\tls_peers\login.yahoo.com
2009-11-08 17:12 . 2009-11-08 17:12 4096 d-----w- c:\program files\Pidgin
2009-11-08 01:23 . 2009-11-08 01:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-08 01:23 . 2009-11-08 01:25 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-07 22:53 . 2009-11-09 23:09 4096 d-----w- c:\users\richard\AppData\Roaming\.purple
2009-11-07 22:51 . 2009-11-07 22:53 4096 d-----w- c:\program files\Aspell
2009-11-07 22:50 . 2009-11-08 17:12 -------- d-----w- c:\program files\Common Files\GTK
2009-11-07 22:21 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 22:21 . 2009-11-07 22:21 -------- d-----w- c:\programdata\Malwarebytes
2009-11-07 22:21 . 2009-11-07 22:21 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 22:21 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 17:34 . 2009-11-07 17:34 -------- d-----w- c:\users\richard\AppData\Roaming\Malwarebytes
2009-11-05 15:55 . 2009-11-05 16:02 -------- d-----w- c:\users\richard\AppData\Roaming\DivX
2009-11-05 15:54 . 2009-11-05 15:55 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-11-05 02:53 . 2009-11-05 02:53 -------- d-----w- c:\program files\Java
2009-11-05 02:47 . 2009-11-05 02:48 -------- d-----w- c:\users\richard\.SunDownloadManager
2009-11-03 01:08 . 2009-11-03 01:22 -------- d-----w- c:\users\richard\sitebuilder
2009-11-03 01:05 . 2009-11-03 01:40 4096 d-----w- c:\program files\Yahoo SiteBuilder
2009-11-01 01:38 . 2009-11-01 01:38 -------- d-----w- c:\program files\Trend Micro
2009-10-31 04:12 . 2009-10-31 04:12 408048 ----a-w- c:\programdata\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume2\Users\richard\AppData\Local\Temp\SearchWithGoogleUpdate.exe
2009-10-30 02:00 . 2009-11-08 21:34 -------- d-----w- c:\users\richard\Tracing
2009-10-30 01:56 . 2009-10-30 01:56 -------- d-----w- c:\program files\Microsoft
2009-10-30 01:55 . 2009-10-30 01:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-30 01:55 . 2009-10-30 01:56 -------- d-----w- c:\program files\Windows Live
2009-10-30 01:54 . 2009-10-30 01:54 -------- d-----w- c:\windows\PCHEALTH
2009-10-30 01:51 . 2009-10-30 01:51 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-29 02:01 . 2009-10-29 21:52 4096 d-----w- c:\users\richard\AppData\Roaming\FileZilla
2009-10-29 02:01 . 2009-10-29 02:01 4096 d-----w- c:\program files\FileZilla FTP Client
2009-10-28 00:38 . 2009-10-28 00:38 160272 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-28 00:17 . 2009-10-28 00:18 -------- d-----w- c:\programdata\WinZip
2009-10-27 20:45 . 2009-11-05 16:28 -------- d-----w- c:\users\richard\AppData\Roaming\Microgaming
2009-10-27 20:44 . 2009-10-27 20:44 -------- d-----w- C:\Microgaming
2009-10-27 19:51 . 2009-10-27 19:51 -------- d-----w- c:\program files\Windows Portable Devices
2009-10-27 19:49 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-27 19:49 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-27 19:49 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-27 19:49 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-27 19:49 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-27 19:49 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-27 19:49 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-27 19:49 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-27 19:49 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-27 19:49 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-27 19:49 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-27 19:49 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-27 19:48 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-27 19:48 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-27 19:48 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-27 19:46 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 19:46 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 04:01 . 2009-10-27 04:01 -------- d-----w- c:\program files\CCleaner
2009-10-27 02:17 . 2009-10-27 02:17 -------- d-----w- c:\windows\system32\Adobe
2009-10-27 02:16 . 2009-11-07 02:00 4096 d-----w- c:\programdata\NOS
2009-10-27 02:16 . 2009-10-27 02:16 -------- d-----w- c:\program files\NOS
2009-10-27 02:07 . 2009-11-05 02:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-27 01:22 . 2009-10-27 01:23 -------- d-----w- c:\windows\system32\ca-ES
2009-10-27 01:22 . 2009-10-27 01:22 -------- d-----w- c:\windows\system32\eu-ES
2009-10-27 01:22 . 2009-10-27 01:22 -------- d-----w- c:\windows\system32\vi-VN
2009-10-27 00:56 . 2009-10-27 00:56 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-10-27 00:56 . 2009-10-27 00:56 -------- d-----w- c:\program files\ArcSoft
2009-10-27 00:56 . 2004-05-04 18:53 1645320 ------w- c:\windows\system32\gdiplus.dll
2009-10-27 00:56 . 2009-10-27 00:56 -------- d-----w- C:\Documentation
2009-10-27 00:52 . 2007-06-14 12:09 58408960 ----a-w- c:\programdata\Sony Corporation\VAIO DVD Menu Data\DVD-Video\GmRes\gmCelebrateRes.dll
2009-10-27 00:51 . 2007-12-10 16:47 155648 ------w- c:\windows\system32\SonyAIwo.dll
2009-10-27 00:51 . 2007-12-10 16:47 147456 ------w- c:\windows\system32\SonyAIds.dll
2009-10-27 00:51 . 2007-12-07 23:15 86016 ------w- c:\windows\system32\SonyAIwd.dll
2009-10-27 00:51 . 2009-10-27 00:51 -------- d-----w- c:\users\Public\SonicStage Mastering Studio
2009-10-27 00:51 . 2007-04-04 20:14 344064 ------w- c:\windows\system32\SSMSIppCustom.dll
2009-10-27 00:51 . 2007-01-12 22:12 98304 ------w- c:\windows\system32\CddbLangITSony.dll
2009-10-27 00:51 . 2007-01-12 22:12 98304 ------w- c:\windows\system32\CddbLangFRSony.dll
2009-10-27 00:51 . 2007-01-12 22:12 98304 ------w- c:\windows\system32\CddbLangESSony.dll
2009-10-27 00:51 . 2007-01-12 22:12 69632 ------w- c:\windows\system32\CddbLangZHSony.dll
2009-10-27 00:51 . 2007-01-12 22:11 77824 ------w- c:\windows\system32\CddbLangJASony.dll
2009-10-27 00:51 . 2007-01-12 22:11 98304 ------w- c:\windows\system32\CddbLangDESony.dll
2009-10-27 00:51 . 2006-05-11 19:09 135168 ------w- c:\windows\system32\CddbLangRUSony.dll
2009-10-27 00:50 . 2009-10-26 19:32 -------- d-----w- c:\programdata\Skype
2009-10-27 00:50 . 2009-10-27 00:50 -------- d-----w- c:\programdata\Uninstall
2009-10-27 00:50 . 2008-06-27 07:05 4700656 ----a-w- c:\programdata\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe
2009-10-27 00:50 . 2008-06-27 07:05 602112 ----a-w- c:\programdata\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\bin\setupresENU.dll
2009-10-27 00:50 . 2009-10-27 00:50 -------- d-----w- c:\programdata\Sonic
2009-10-27 00:46 . 2009-10-26 19:18 -------- d-----w- c:\programdata\SiteAdvisor
2009-10-27 00:42 . 2009-11-05 15:55 8192 d-----w- c:\program files\DivX
2009-10-27 00:42 . 2009-10-27 00:42 -------- d-----w- c:\users\Public\DSD Direct
2009-10-27 00:42 . 2007-01-12 22:11 770048 ------w- c:\windows\system32\CDDBUISony.dll
2009-10-27 00:42 . 2007-01-12 22:09 589824 ------w- c:\windows\system32\CddbMusicIDSony.dll
2009-10-27 00:42 . 2007-01-12 22:08 655360 ------w- c:\windows\system32\CDDBControlSony.dll
2009-10-27 00:40 . 2009-10-26 19:30 4096 d-----w- c:\program files\Common Files\PX Storage Engine
2009-10-27 00:39 . 2009-10-27 00:40 4096 d-----w- c:\program files\Picasa2
2009-10-27 00:39 . 2009-11-07 02:32 -------- d-----w- c:\program files\Google BAE
2009-10-27 00:39 . 2009-10-27 00:39 -------- d-----w- c:\program files\Common Files\InterVideo
2009-10-27 00:38 . 2009-10-27 00:39 -------- d-----w- c:\program files\InterVideo
2009-10-27 00:33 . 2009-11-10 07:48 -------- d-----w- c:\windows\system32\Macromed
2009-10-27 00:32 . 2008-03-27 16:21 129520 ------w- c:\windows\system32\pxafs.dll
2009-10-27 00:31 . 2009-10-26 19:44 8192 d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-10-27 00:31 . 2006-10-27 02:56 32592 ------w- c:\windows\system32\msonpmon.dll
2009-10-27 00:31 . 2009-10-30 02:08 16384 d-----w- c:\program files\Microsoft Works
2009-10-27 00:30 . 2009-10-26 19:22 -------- d-----w- c:\programdata\Microsoft Help
2009-10-27 00:29 . 2009-10-27 00:29 -------- d-----w- c:\windows\Sonysys
2009-10-27 00:23 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 00:23 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 00:23 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 00:23 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 00:23 . 2008-07-31 22:34 48992 ----a-w- c:\users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-27 00:23 . 2008-07-31 21:03 2032 ----a-w- c:\users\Default\AppData\Local\d3d9caps.dat
2009-10-27 00:23 . 2008-07-31 20:12 -------- d-----w- c:\users\Default\Bluetooth Software
2009-10-27 00:22 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 00:22 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 00:22 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 00:22 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 00:22 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-27 00:09 . 2008-07-24 22:28 768544 ----a-w- c:\windows\system32\nvcplui.exe
2009-10-27 00:09 . 2008-07-24 22:28 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2009-10-27 00:09 . 2008-07-24 22:28 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2009-10-27 00:06 . 2008-07-23 15:24 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-26 22:52 . 2009-10-26 22:52 4096 d-----w- c:\windows\system32\EventProviders

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-08 18:41 . 2009-11-08 18:41 120 ----a-w- c:\users\richard\AppData\Roaming\wklnhst.dat
2009-11-08 17:26 . 2008-07-31 19:59 28672 d--h--w- c:\program files\InstallShield Installation Information
2009-11-08 16:59 . 2009-10-27 00:14 28029 ----a-w- c:\programdata\nvModes.dat
2009-11-07 17:50 . 2009-10-26 19:07 2032 ----a-w- c:\users\richard\AppData\Local\d3d9caps.dat
2009-11-07 04:22 . 2008-07-31 18:37 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-07 02:01 . 2008-07-31 18:53 -------- d-----w- c:\programdata\NVIDIA
2009-11-05 16:01 . 2008-07-31 18:47 4096 d-----w- c:\program files\Google
2009-10-27 19:51 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-27 19:51 . 2009-10-27 19:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-27 01:23 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-10-27 01:23 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-10-27 01:23 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-10-27 01:23 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-10-27 01:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-27 01:23 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-27 01:23 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-10-27 00:59 . 2008-07-31 22:25 4096 d-----w- c:\programdata\Sony Corporation
2009-10-27 00:56 . 2008-07-31 19:59 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-26 20:30 . 2009-10-26 19:07 79728 ----a-w- c:\users\richard\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-26 20:22 . 2008-07-31 22:20 4096 d-----w- c:\program files\Common Files\Sony Shared
2009-10-26 20:20 . 2008-07-31 22:24 12288 d-----w- c:\program files\Sony
2009-10-26 20:05 . 2008-07-31 18:54 -------- d-----w- c:\program files\Intel
2009-10-26 19:53 . 2008-07-31 22:22 4096 d-----w- c:\program files\Common Files\Adobe
2009-10-26 19:07 . 2009-10-26 19:07 0 ------w- c:\windows\system32\drivers\Sony_VGC-LN1M.mrk
2009-10-02 19:39 . 2009-10-02 19:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 02:10 . 2009-10-27 19:50 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-10-27 19:50 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-10-27 19:50 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-10-27 19:50 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-10-27 19:50 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-10-27 19:50 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-10-27 19:50 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-10-27 19:50 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-10-27 19:50 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-10-27 19:50 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-10-27 19:50 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-10-27 19:50 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-10-27 19:50 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-10-27 19:50 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-10-27 19:50 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-10-27 19:50 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-10-27 19:50 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-10-27 19:50 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-10-27 19:50 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-10-27 19:50 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-10-27 19:50 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-10-27 19:50 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-10-27 19:50 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-10-27 19:50 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-10-27 19:50 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-10-27 19:50 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-10-27 19:50 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 14:46 . 2009-09-14 14:46 21520 ----a-w- c:\windows\system32\drivers\klim6.sys
2009-09-10 16:48 . 2009-10-26 21:32 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 02:01 . 2009-10-27 19:50 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00 . 2009-10-27 19:50 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00 . 2009-10-27 19:50 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-09-09 19:01 . 2009-09-09 19:01 27675 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-09-01 15:29 . 2009-09-01 15:29 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-08-27 05:22 . 2009-10-26 21:50 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-26 21:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-26 21:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-26 21:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-10-26 21:32 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-10-26 21:32 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-10-26 21:32 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-10-26 21:32 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-10-26 21:32 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-10-26 21:32 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-10-26 21:32 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-10-26 21:32 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-10-26 21:32 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-10-26 21:32 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-10-26 21:32 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-24 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-24 13548064]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-11 6244896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c7,33,a0,34,a5,56,ca,01

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [14/10/2009 21:18 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [14/09/2009 14:46 21520]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [27/10/2009 00:55 299008]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18/04/2007 03:09 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [31/07/2008 19:59 98304]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [08/11/2009 01:23 1153368]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [31/07/2008 22:26 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [20/06/2008 15:56 415744]
R3 AVerAVF2;AVerAVF2;c:\windows\System32\drivers\AVerAVF2.sys [31/07/2008 20:06 979584]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\System32\drivers\e1y6032.sys [31/07/2008 19:30 224384]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [02/10/2009 19:39 19472]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [31/07/2008 19:30 9344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/10/2009 01:18 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [27/10/2009 00:54 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [27/10/2009 00:54 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [27/10/2009 00:54 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [27/10/2009 00:51 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" --> c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [?]
S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 07:45 124832]
S4 YPNICRQN;YPNICRQN;c:\users\richard\AppData\Local\Temp\YPNICRQN.exe --> c:\users\richard\AppData\Local\Temp\YPNICRQN.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 01:18]

2009-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 01:18]
.
.
------- Supplementary Scan -------
.
uLocal Page = about:blank
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = about:blank
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
FF - ProfilePath - c:\users\richard\AppData\Roaming\Mozilla\Firefox\Profiles\d3i2co68.default\
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 00:57
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2009-11-12 1:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-12 01:00
ComboFix2.txt 2009-11-11 20:03
ComboFix3.txt 2009-11-08 01:16

Pre-Run: 460,834,336,768 bytes free
Post-Run: 461,221,933,056 bytes free

- - End Of File - - CC16A37635627B8718E6F55D10739E43
infofeeder is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2009, 06:43 PM   #17 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,734
OS: XP SP3


Re: please help, hacked/infected
Hello again, infofeeder. There was a typo in my script.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the quotebox below into Notepad:

Quote:
Driver::
YPNICRQN
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2009, 07:47 PM   #18 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 16
OS: vista home premium


Re: please help, hacked/infected
Windows update is automatically downloading updates, so im not sure if you want that to be happening right at this moment, but thats what its doing.

here are the 4 updates that were installed.

Security Update for Windows Vista (KB973565)

Installation date: ‎12/‎11/‎2009 02:42

Installation status: Pending

Error details: Code 80242014

Update type: Important

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

More information:
http://go.microsoft.com/fwlink/?LinkID=163840

Help and Support:
http://support.microsoft.com

Update for Windows Mail Junk E-mail Filter [November 2009] (KB905866)

Installation date: ‎12/‎11/‎2009 02:42

Installation status: Pending

Error details: Code 80242014

Update type: Recommended

Install this update for Windows Mail to revise the definition files that are used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content. After you install this item, you may have to restart your computer.

More information:
http://go.microsoft.com/fwlink/?LinkID=79015

Help and Support:
http://support.microsoft.com


Security Update for Windows Vista (KB969947)

Installation date: ‎12/‎11/‎2009 02:42

Installation status: Pending

Error details: Code 80242014

Update type: Important

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

More information:
http://go.microsoft.com/fwlink/?LinkId=162428

Help and Support:
http://support.microsoft.com

Windows Malicious Software Removal Tool - November 2009 (KB890830)

Installation date: ‎12/‎11/‎2009 02:44

Installation status: Successful

Update type: Important

After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft.com. This tool is not a replacement for an antivirus product. To help protect your computer, you should use an antivirus product.

More information:
http://go.microsoft.com/fwlink/?LinkId=39987

Help and Support:
http://support.microsoft.com

******************************

Also my kaspersky internet security cannot update, i get this message when it tries to update.

My update centre task failed object not found

***************************************

Combofix scan result posted below.

ComboFix 09-11-11.02 - richard 12/11/2009 2:11.6.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3054.2012 [GMT 0:00]
Running from: c:\users\richard\Desktop\ComboFix.exe
Command switches used :: c:\users\richard\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YPNICRQN
-------\Service_YPNICRQN


((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.

2009-11-12 02:22 . 2009-11-12 02:29 -------- d-----w- c:\users\richard\AppData\Local\temp
2009-11-12 02:22 . 2009-11-12 02:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-12 02:22 . 2009-11-12 02:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-10 08:00 . 2009-11-10 08:00 -------- d-----w- c:\program files\ESET
2009-11-09 02:11 . 2009-11-09 02:11 2141 ----a-w- c:\users\richard\AppData\Roaming\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-11-09 02:11 . 2009-11-09 02:11 2095 ----a-w- c:\users\richard\AppData\Roaming\.purple\certificates\x509\tls_peers\login.live.com
2009-11-08 18:41 . 2009-11-08 18:41 -------- d-----w- c:\users\richard\AppData\Roaming\Template
2009-11-08 17:41 . 2009-11-08 17:41 -------- d-----w- c:\users\richard\AppData\Roaming\gtk-2.0
2009-11-08 17:23 . 2009-11-10 20:28 -------- d-----w- c:\users\richard\AppData\Roaming\ICQ
2009-11-08 17:22 . 2009-11-10 20:28 12288 d-----w- c:\program files\ICQ6.5
2009-11-08 17:15 . 2009-11-08 17:15 1089 ----a-w- c:\users\richard\AppData\Roaming\.purple\certificates\x509\tls_peers\login.yahoo.com
2009-11-08 17:12 . 2009-11-08 17:12 4096 d-----w- c:\program files\Pidgin
2009-11-08 01:23 . 2009-11-08 01:38 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-08 01:23 . 2009-11-08 01:25 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-07 22:53 . 2009-11-09 23:09 4096 d-----w- c:\users\richard\AppData\Roaming\.purple
2009-11-07 22:51 . 2009-11-07 22:53 4096 d-----w- c:\program files\Aspell
2009-11-07 22:50 . 2009-11-08 17:12 -------- d-----w- c:\program files\Common Files\GTK
2009-11-07 22:21 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 22:21 . 2009-11-07 22:21 -------- d-----w- c:\programdata\Malwarebytes
2009-11-07 22:21 . 2009-11-07 22:21 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 22:21 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 17:34 . 2009-11-07 17:34 -------- d-----w- c:\users\richard\AppData\Roaming\Malwarebytes
2009-11-05 15:55 . 2009-11-05 16:02 -------- d-----w- c:\users\richard\AppData\Roaming\DivX
2009-11-05 15:54 . 2009-11-05 15:55 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-11-05 02:53 . 2009-11-05 02:53 -------- d-----w- c:\program files\Java
2009-11-05 02:47 . 2009-11-05 02:48 -------- d-----w- c:\users\richard\.SunDownloadManager
2009-11-03 01:08 . 2009-11-03 01:22 -------- d-----w- c:\users\richard\sitebuilder
2009-11-03 01:05 . 2009-11-03 01:40 -------- d-----w- c:\program files\Yahoo SiteBuilder
2009-11-01 01:38 . 2009-11-01 01:38 -------- d-----w- c:\program files\Trend Micro
2009-10-31 04:12 . 2009-10-31 04:12 408048 ----a-w- c:\programdata\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume2\Users\richard\AppData\Local\Temp\SearchWithGoogleUpdate.exe
2009-10-30 02:00 . 2009-11-08 21:34 -------- d-----w- c:\users\richard\Tracing
2009-10-30 01:56 . 2009-10-30 01:56 -------- d-----w- c:\program files\Microsoft
2009-10-30 01:55 . 2009-10-30 01:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-30 01:55 . 2009-10-30 01:56 -------- d-----w- c:\program files\Windows Live
2009-10-30 01:54 . 2009-10-30 01:54 -------- d-----w- c:\windows\PCHEALTH
2009-10-30 01:51 . 2009-10-30 01:51 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-29 02:01 . 2009-10-29 21:52 4096 d-----w- c:\users\richard\AppData\Roaming\FileZilla
2009-10-29 02:01 . 2009-10-29 02:01 4096 d-----w- c:\program files\FileZilla FTP Client
2009-10-28 00:38 . 2009-10-28 00:38 160272 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-28 00:17 . 2009-10-28 00:18 -------- d-----w- c:\programdata\WinZip
2009-10-27 20:45 . 2009-11-05 16:28 -------- d-----w- c:\users\richard\AppData\Roaming\Microgaming
2009-10-27 20:44 . 2009-10-27 20:44 -------- d-----w- C:\Microgaming
2009-10-27 19:51 . 2009-10-27 19:51 -------- d-----w- c:\program files\Windows Portable Devices
2009-10-27 19:49 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-27 19:49 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-27 19:49 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-27 19:49 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-27 19:49 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-27 19:49 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-27 19:49 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-27 19:49 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-27 19:49 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-27 19:49 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-27 19:49 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-27 19:49 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-27 19:48 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-27 19:48 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-27 19:48 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-27 19:46 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 19:46 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 04:01 . 2009-10-27 04:01 -------- d-----w- c:\program files\CCleaner
2009-10-27 02:17 . 2009-10-27 02:17 -------- d-----w- c:\windows\system32\Adobe
2009-10-27 02:16 . 2009-11-07 02:00 4096 d-----w- c:\programdata\NOS
2009-10-27 02:16 . 2009-10-27 02:16 -------- d-----w- c:\program files\NOS
2009-10-27 02:07 . 2009-11-05 02:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-27 01:22 . 2009-10-27 01:23 -------- d-----w- c:\windows\system32\ca-ES
2009-10-27 01:22 . 2009-10-27 01:22 -------- d-----w- c:\windows\system32\eu-ES
2009-10-27 01:22 . 2009-10-27 01:22 -------- d-----w- c:\windows\system32\vi-VN
2009-10-27 00:56 . 2009-10-27 00:56 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-10-27 00:56 . 2009-10-27 00:56 -------- d-----w- c:\program files\ArcSoft
2009-10-27 00:56 . 2004-05-04 18:53 1645320 ------w- c:\windows\system32\gdiplus.dll
2009-10-27 00:56 . 2009-10-27 00:56 -------- d-----w- C:\Documentation
2009-10-27 00:52 . 2007-06-14 12:09 58408960 ----a-w- c:\programdata\Sony Corporation\VAIO DVD Menu Data\DVD-Video\GmRes\gmCelebrateRes.dll
2009-10-27 00:51 . 2007-12-10 16:47 155648 ------w- c:\windows\system32\SonyAIwo.dll
2009-10-27 00:51 . 2007-12-10 16:47 147456 ------w- c:\windows\system32\SonyAIds.dll
2009-10-27 00:51 . 2007-12-07 23:15 86016 ------w- c:\windows\system32\SonyAIwd.dll
2009-10-27 00:51 . 2009-10-27 00:51 -------- d-----w- c:\users\Public\SonicStage Mastering Studio
2009-10-27 00:51 . 2007-04-04 20:14 344064 ------w- c:\windows\system32\SSMSIppCustom.dll
2009-10-27 00:51 . 2007-01-12 22:12 98304 ------w- c:\windows\system32\CddbLangITSony.dll
2009-10-27 00:51 . 2007-01-12 22:12 98304 ------w- c:\windows\system32\CddbLangFRSony.dll
2009-10-27 00:51 . 2007-01-12 22:12 98304 ------w- c:\windows\system32\CddbLangESSony.dll
2009-10-27 00:51 . 2007-01-12 22:12 69632 ------w- c:\windows\system32\CddbLangZHSony.dll
2009-10-27 00:51 . 2007-01-12 22:11 77824 ------w- c:\windows\system32\CddbLangJASony.dll
2009-10-27 00:51 . 2007-01-12 22:11 98304 ------w- c:\windows\system32\CddbLangDESony.dll
2009-10-27 00:51 . 2006-05-11 19:09 135168 ------w- c:\windows\system32\CddbLangRUSony.dll
2009-10-27 00:50 . 2009-10-26 19:32 -------- d-----w- c:\programdata\Skype
2009-10-27 00:50 . 2009-10-27 00:50 -------- d-----w- c:\programdata\Uninstall
2009-10-27 00:50 . 2008-06-27 07:05 4700656 ----a-w- c:\programdata\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe
2009-10-27 00:50 . 2008-06-27 07:05 602112 ----a-w- c:\programdata\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\bin\setupresENU.dll
2009-10-27 00:50 . 2009-10-27 00:50 -------- d-----w- c:\programdata\Sonic
2009-10-27 00:46 . 2009-10-26 19:18 -------- d-----w- c:\programdata\SiteAdvisor
2009-10-27 00:42 . 2009-11-05 15:55 8192 d-----w- c:\program files\DivX
2009-10-27 00:42 . 2009-10-27 00:42 -------- d-----w- c:\users\Public\DSD Direct
2009-10-27 00:42 . 2007-01-12 22:11 770048 ------w- c:\windows\system32\CDDBUISony.dll
2009-10-27 00:42 . 2007-01-12 22:09 589824 ------w- c:\windows\system32\CddbMusicIDSony.dll
2009-10-27 00:42 . 2007-01-12 22:08 655360 ------w- c:\windows\system32\CDDBControlSony.dll
2009-10-27 00:40 . 2009-10-26 19:30 4096 d-----w- c:\program files\Common Files\PX Storage Engine
2009-10-27 00:39 . 2009-10-27 00:40 4096 d-----w- c:\program files\Picasa2
2009-10-27 00:39 . 2009-11-07 02:32 -------- d-----w- c:\program files\Google BAE
2009-10-27 00:39 . 2009-10-27 00:39 -------- d-----w- c:\program files\Common Files\InterVideo
2009-10-27 00:38 . 2009-10-27 00:39 -------- d-----w- c:\program files\InterVideo
2009-10-27 00:33 . 2009-11-10 07:48 -------- d-----w- c:\windows\system32\Macromed
2009-10-27 00:32 . 2008-03-27 16:21 129520 ------w- c:\windows\system32\pxafs.dll
2009-10-27 00:31 . 2009-10-26 19:44 8192 d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-10-27 00:31 . 2006-10-27 02:56 32592 ------w- c:\windows\system32\msonpmon.dll
2009-10-27 00:31 . 2009-10-30 02:08 16384 d-----w- c:\program files\Microsoft Works
2009-10-27 00:30 . 2009-10-26 19:22 -------- d-----w- c:\programdata\Microsoft Help
2009-10-27 00:29 . 2009-10-27 00:29 -------- d-----w- c:\windows\Sonysys
2009-10-27 00:23 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 00:23 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 00:23 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 00:23 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 00:23 . 2008-07-31 22:34 48992 ----a-w- c:\users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-27 00:23 . 2008-07-31 21:03 2032 ----a-w- c:\users\Default\AppData\Local\d3d9caps.dat
2009-10-27 00:23 . 2008-07-31 20:12 -------- d-----w- c:\users\Default\Bluetooth Software
2009-10-27 00:22 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 00:22 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 00:22 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 00:22 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 00:22 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-27 00:09 . 2008-07-24 22:28 768544 ----a-w- c:\windows\system32\nvcplui.exe
2009-10-27 00:09 . 2008-07-24 22:28 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2009-10-27 00:09 . 2008-07-24 22:28 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2009-10-27 00:06 . 2008-07-23 15:24 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-26 22:52 . 2009-10-26 22:52 -------- d-----w- c:\windows\system32\EventProviders

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-08 18:41 . 2009-11-08 18:41 120 ----a-w- c:\users\richard\AppData\Roaming\wklnhst.dat
2009-11-08 17:26 . 2008-07-31 19:59 28672 d--h--w- c:\program files\InstallShield Installation Information
2009-11-08 16:59 . 2009-10-27 00:14 28029 ----a-w- c:\programdata\nvModes.dat
2009-11-07 17:50 . 2009-10-26 19:07 2032 ----a-w- c:\users\richard\AppData\Local\d3d9caps.dat
2009-11-07 04:22 . 2008-07-31 18:37 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-07 02:01 . 2008-07-31 18:53 -------- d-----w- c:\programdata\NVIDIA
2009-11-05 16:01 . 2008-07-31 18:47 4096 d-----w- c:\program files\Google
2009-10-27 19:51 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-27 19:51 . 2009-10-27 19:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-27 01:23 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-10-27 01:23 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-10-27 01:23 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-10-27 01:23 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-10-27 01:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-27 01:23 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-27 01:23 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-10-27 00:59 . 2008-07-31 22:25 4096 d-----w- c:\programdata\Sony Corporation
2009-10-27 00:56 . 2008-07-31 19:59 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-26 20:30 . 2009-10-26 19:07 79728 ----a-w- c:\users\richard\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-26 20:22 . 2008-07-31 22:20 4096 d-----w- c:\program files\Common Files\Sony Shared
2009-10-26 20:20 . 2008-07-31 22:24 12288 d-----w- c:\program files\Sony
2009-10-26 20:05 . 2008-07-31 18:54 -------- d-----w- c:\program files\Intel
2009-10-26 19:53 . 2008-07-31 22:22 4096 d-----w- c:\program files\Common Files\Adobe
2009-10-26 19:07 . 2009-10-26 19:07 0 ------w- c:\windows\system32\drivers\Sony_VGC-LN1M.mrk
2009-10-02 19:39 . 2009-10-02 19:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 02:10 . 2009-10-27 19:50 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-10-27 19:50 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-10-27 19:50 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-10-27 19:50 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-10-27 19:50 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-10-27 19:50 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-10-27 19:50 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-10-27 19:50 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-10-27 19:50 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-10-27 19:50 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-10-27 19:50 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-10-27 19:50 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-10-27 19:50 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-10-27 19:50 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-10-27 19:50 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-10-27 19:50 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-10-27 19:50 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-10-27 19:50 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-10-27 19:50 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-10-27 19:50 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-10-27 19:50 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-10-27 19:50 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-10-27 19:50 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-10-27 19:50 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-10-27 19:50 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-10-27 19:50 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-10-27 19:50 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 14:46 . 2009-09-14 14:46 21520 ----a-w- c:\windows\system32\drivers\klim6.sys
2009-09-10 16:48 . 2009-10-26 21:32 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 02:01 . 2009-10-27 19:50 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00 . 2009-10-27 19:50 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00 . 2009-10-27 19:50 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-09-09 19:01 . 2009-09-09 19:01 27675 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-09-01 15:29 . 2009-09-01 15:29 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-08-27 05:22 . 2009-10-26 21:50 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-26 21:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-26 21:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-26 21:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-10-26 21:32 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-10-26 21:32 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-10-26 21:32 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-10-26 21:32 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-10-26 21:32 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-10-26 21:32 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-10-26 21:32 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-10-26 21:32 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-10-26 21:32 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-10-26 21:32 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-10-26 21:32 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-11_20.01.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-26 19:08 . 2009-11-12 02:28 7872 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1645692003-2471661543-537594778-1000_UserData.bin
- 2009-11-11 19:15 . 2009-11-11 19:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-12 02:25 . 2009-11-12 02:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-12 02:25 . 2009-11-12 02:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-11 19:15 . 2009-11-11 19:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-12 02:23 . 2009-11-12 02:23 6397952 c:\windows\ERDNT\subs\schema.dat
+ 2009-11-12 02:09 . 2009-11-12 02:09 6397952 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2009-10-26 22:19 . 2009-11-12 02:31 157974514 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-24 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-24 13548064]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-11 6244896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c7,33,a0,34,a5,56,ca,01

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [14/10/2009 21:18 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [14/09/2009 14:46 21520]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [27/10/2009 00:55 299008]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18/04/2007 03:09 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [31/07/2008 19:59 98304]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [08/11/2009 01:23 1153368]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [31/07/2008 22:26 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [20/06/2008 15:56 415744]
R3 AVerAVF2;AVerAVF2;c:\windows\System32\drivers\AVerAVF2.sys [31/07/2008 20:06 979584]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\System32\drivers\e1y6032.sys [31/07/2008 19:30 224384]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [02/10/2009 19:39 19472]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [31/07/2008 19:30 9344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/10/2009 01:18 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [27/10/2009 00:54 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [27/10/2009 00:54 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [27/10/2009 00:54 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [27/10/2009 00:51 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" --> c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [?]
S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 07:45 124832]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 01:18]

2009-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 01:18]
.
.
------- Supplementary Scan -------
.
uLocal Page = about:blank
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = about:blank
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
FF - ProfilePath - c:\users\richard\AppData\Roaming\Mozilla\Firefox\Profiles\d3i2co68.default\
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 02:28
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-11-12 2:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-12 02:35
ComboFix2.txt 2009-11-12 01:01
ComboFix3.txt 2009-11-11 20:03
ComboFix4.txt 2009-11-08 01:16

Pre-Run: 461,282,869,248 bytes free
Post-Run: 460,989,181,952 bytes free

- - End Of File - - C542408015746F74B914BD9ECB14A6D1
infofeeder is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2009, 08:25 PM   #19 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,734
OS: XP SP3


Re: please help, hacked/infected
Hello again, infofeeder.

Please download ATF-Cleaner by Atribune and Save it to your Desktop.
  • Right-click ATF-Cleaner.exe and choose Run as Administrator to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here to run an online scannner from ESET and Save the file to your Desktop.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install.
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives, click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Scan
  • Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic and also let me know how things are now.
------------------------------------------------------

If you have trouble with your computer blocking the ActiveX, go here and temporarily turn the feature off:

http://www.windowsreference.com/inte...the-publisher/

Remember to turn it back on after the scan!

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2009, 09:17 PM   #20 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 16
OS: vista home premium


Re: please help, hacked/infected
Ok below is the scan log.

During the scan the screen went black, and when i moved the mouse it came back on, well at least i thought it was moving the mouse that brought the screen back on, but i thought it odd, as i know i haven't got the screen saver enabled.

I double checked, and i have screen saver set to none.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3b44e4eeee471a43866201a28b8d7be0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-10 08:38:36
# local_time=2009-11-10 08:38:36 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 804392 804392 0 0
# compatibility_mode=1280 16777215 100 0 1256267 1256267 0 0
# compatibility_mode=5892 16776574 100 95 1237296 95373007 0 0
# compatibility_mode=8192 67108863 100 0 3850 3850 0 0
# scanned=130000
# found=0
# cleaned=0
# scan_time=2036
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3b44e4eeee471a43866201a28b8d7be0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-12 04:13:50
# local_time=2009-11-12 04:13:50 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 961361 961361 0 0
# compatibility_mode=1280 16777215 100 0 1413236 1413236 0 0
# compatibility_mode=5892 16776574 100 95 1394265 95529976 0 0
# compatibility_mode=8192 67108863 100 0 160819 160819 0 0
# scanned=129464
# found=0
# cleaned=0
# scan_time=1981
infofeeder is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 08:12 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85