Unknown Virus - help?

Posted 8/25/2009 2:11 AM

#76462

auexis Valued member

Date Joined Nov 2016
Total Posts: 11

This is my first post here and I am quite hopeful since my laptop has gone crazy for the past few days.

Symptoms:
- a great number of BSODs all of the sudden
- computer unable to connect to the internet normally (via broadband, I am currently using a dial-up modem for internet purposes)
- sometimes the CPU goes to 100%, for no apparent reason - two svchost services keep the CPU up and block everything else
- unable to run ANY antivirus - tried to install new ones, safe mode does not allow me to install any since Windows Installer does not work
- noticed that I cannot shut down csrss.exe from Task Manager.

Basically, I have no AV and no normal internet connection.

Here is my HijackThis log:

--------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:59:33, on 25.08.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\System32\WerFault.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Opera 9\opera.exe
C:\Program Files\HSDPA USB Modem\USB Modem.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.ro
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.ro
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.ro
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.ro
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://www.google.ro
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.ro
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.google.ro
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.google.ro
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - https://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - https://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - https://download.bitdefender.com/resources/scanner/sources/ro/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - https://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E4DA27F-716A-4C0C-8B4A-3E7D28446E85}: NameServer = 62.217.193.1 62.217.193.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E4DA27F-716A-4C0C-8B4A-3E7D28446E85}: NameServer = 62.217.193.1 62.217.193.65
O17 - HKLM\System\CS3\Services\Tcpip\..\{1E4DA27F-716A-4C0C-8B4A-3E7D28446E85}: NameServer = 62.217.193.1 62.217.193.65
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10889 bytes

I do hope you can help me.

Posted 8/25/2009 5:15 AM

#76466

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974

Hello auexis :smile:

We need to get a comprehensive report of what is present in your system.
Please download DDS: https://download.bleepingcomputer.com/sUBs/dds.scr

to your Desktop and doubleclick on DDs.scr to run it.

When the scan has finished, two logs will open.

Copy and paste both reports in this topic.

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

Before you provide them, we ask that you remove any P2P/file sharing programs if you have any, and this includes Bit Torrent software, before we clean your computer.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.

Posted 8/26/2009 7:37 AM

#76499

auexis Valued member

Date Joined Nov 2016
Total Posts: 11

Here it is - should I attach the "attach.txt" file as well?

-------------------------

DDS (Ver_09-07-30.01) - NTFSx86
Run by auexis at 10:32:52,19 on 26.08.2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.40.1033.18.2046.922 [GMT 3:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Opera 9\Opera.exe
C:\Windows\System32\divxsm.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\auexis\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

Post attachments:

Attach.zip

Posted 8/26/2009 7:40 AM

#76500

auexis Valued member

Date Joined Nov 2016
Total Posts: 11

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.ro
uStart Page = about:blank
uSearch Bar = hxxp://www.google.ro
mDefault_Page_URL = hxxp://www.club-vaio.com
mDefault_Search_URL = hxxp://www.google.ro
mSearch Page = hxxp://www.google.ro
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.ro
mSearchAssistant = hxxp://www.google.ro
mCustomizeSearch = hxxp://www.google.ro
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
StartupFolder: c:\users\auexis\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/ro/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: ,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\auexis\appdata\roaming\mozilla\firefox\profiles\u5ga4aa2.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\opera 9\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\opera 9\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\opera 9\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\opera 9\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\opera 9\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\opera 9\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\opera 9\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\opera 9\program\plugins\NPSWF32_back.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2008-9-9 5120]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-12-22 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-12-22 43904]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-12-22 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-12-22 812544]
S3 amoidatacard;HSDPA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\amoiusbser.sys [2007-6-27 94336]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2007-12-22 28464]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2009-7-22 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2009-7-22 51968]
S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2009-7-22 8064]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2009-7-22 28224]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-12-27 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-12-27 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-12-27 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-12-27 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2009-2-11 87328]

Post attachments:

Attach.zip

Posted 8/26/2009 7:42 AM

#76501

auexis Valued member

Date Joined Nov 2016
Total Posts: 11

=============== Created Last 30 ================

2009-08-25 05:39 --d----- c:\programdata\SUPERAntiSpyware.com
2009-08-25 05:39 --d----- c:\progra~2\SUPERAntiSpyware.com
2009-08-25 05:39 --d----- c:\users\auexis\appdata\roaming\SUPERAntiSpyware.com
2009-08-25 05:39 --d----- c:\program files\SUPERAntiSpyware
2009-08-25 05:37 --d----- c:\program files\common files\Wise Installation Wizard
2009-08-25 05:20 --d----- c:\users\auexis\appdata\roaming\AVG8
2009-08-25 05:14 --d----- c:\users\auexis\appdata\roaming\Malwarebytes
2009-08-25 05:14 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-25 05:14 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-25 05:14 --d----- c:\programdata\Malwarebytes
2009-08-25 05:14 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 05:14 --d----- c:\progra~2\Malwarebytes
2009-08-25 04:59 --d----- c:\program files\Trend Micro
2009-08-24 22:39 --d----- c:\users\auexis\DoctorWeb
2009-08-24 20:50 a-d----- c:\programdata\TEMP
2009-08-24 20:30 --d----- c:\programdata\Simply Super Software
2009-08-24 20:30 --d----- c:\program files\Trojan Remover
2009-08-24 20:30 --d----- c:\progra~2\Simply Super Software
2009-08-15 17:05 --d----- c:\program files\VideoLAN
2009-08-15 16:49 --d----- c:\program files\mkvtoavi
2009-08-14 10:06 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-14 10:06 156,672 a------- c:\windows\system32\t2embed.dll
2009-08-14 10:06 289,792 a------- c:\windows\system32\atmfd.dll
2009-08-14 10:06 72,704 a------- c:\windows\system32\fontsub.dll
2009-08-14 10:06 10,240 a------- c:\windows\system32\dciman32.dll
2009-08-14 10:06 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-14 10:06 71,680 a------- c:\windows\system32\atl.dll
2009-08-12 11:08 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-08-12 11:07 --d--r-- c:\program files\Skype
2009-07-28 23:43 --d----- c:\programdata\Viper
2009-07-28 23:43 --d----- c:\progra~2\Viper
2009-07-28 19:35 --d----- c:\program files\Kerigwa

==================== Find3M ====================

2009-08-25 10:23 705,042,720 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-08-25 10:23 9,444,656 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-08-25 10:23 1,138,720 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-08-25 10:23 6,020 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-08-25 09:15 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-08-25 08:47 51,200 a------- c:\windows\inf\infpub.dat
2009-08-25 08:47 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-25 08:47 86,016 a------- c:\windows\inf\infstor.dat
2009-08-24 21:11 105,395 a------- c:\windows\system32\drivers\klin.dat
2009-08-24 21:11 94,643 a------- c:\windows\system32\drivers\klick.dat
2009-08-20 17:12 111,854 a------- c:\users\auexis\appdata\roaming\nvModes.dat
2009-07-22 00:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-22 00:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-22 00:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 23:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-14 16:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 15:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 15:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 13:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-06-15 18:24 175,104 a------- c:\windows\system32\wdigest.dll
2009-06-15 18:24 72,704 a------- c:\windows\system32\secur32.dll
2009-06-15 18:24 270,848 a------- c:\windows\system32\schannel.dll
2009-06-15 18:23 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-06-15 18:22 213,504 a------- c:\windows\system32\msv1_0.dll
2009-06-15 18:21 499,712 a------- c:\windows\system32\kerberos.dll
2009-06-15 15:57 9,728 a------- c:\windows\system32\lsass.exe
2009-06-14 07:26 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-10 15:12 160,256 a------- c:\windows\system32\wkssvc.dll
2009-04-20 00:34 174 a--sh--- c:\program files\desktop.ini
2009-04-20 00:25 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 15:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 15:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 12:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 12:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 12:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-01-01 02:59 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-01-01 02:59 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-01-01 02:59 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-12-06 06:39 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-12-06 06:39 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-12-06 06:39 16,384 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 10:35:29,80 ===============

Post attachments:

Attach.zip

Posted 8/26/2009 12:09 PM

#76512

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974

Please download combofix here ->

https://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before Saving it to Desktop, please rename it to alg.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted.

Usually located in c:\combofix.txt, please post it to your next reply

[3]
[/3]

[3]The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.
[/3]

Posted 8/26/2009 3:44 PM

#76529

auexis Valued member

Date Joined Nov 2016
Total Posts: 11

ComboFix 09-08-25.05 - auexis 26.08.2009 17:54.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.40.1033.18.2046.1209 [GMT 3:00]
Running from: c:\users\auexis\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\auexis\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\windows\Installer\2176d.msi
c:\windows\Installer\f96c5d.msi
c:\windows\system32\Cache
c:\windows\system32\config\systemprofile\ntuser.dat{d9a7d6fe-b05a-11dc-990a-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
c:\windows\winhelp.ini
c:\users\auexis\NTUSER.DAT{4c255b79-3b96-11dd-b084-a9915255ca6d}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.

2009-08-26 15:01 . 2009-08-26 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-25 12:06 . 2009-08-25 12:06 59920 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll
2009-08-25 12:06 . 2009-08-25 12:06 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll
2009-08-25 02:46 . 2009-08-26 15:11 117760 ----a-w- c:\users\auexis\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-25 02:39 . 2009-08-25 02:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-25 02:39 . 2009-08-25 02:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-25 02:39 . 2009-08-25 02:39 -------- d-----w- c:\users\auexis\AppData\Roaming\SUPERAntiSpyware.com
2009-08-25 02:37 . 2009-08-25 02:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-25 02:20 . 2009-08-25 02:20 -------- d-----w- c:\users\auexis\AppData\Roaming\AVG8
2009-08-25 02:14 . 2009-08-25 02:14 -------- d-----w- c:\users\auexis\AppData\Roaming\Malwarebytes
2009-08-25 02:14 . 2009-08-03 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-25 02:14 . 2009-08-25 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 02:14 . 2009-08-25 02:14 -------- d-----w- c:\programdata\Malwarebytes
2009-08-25 02:14 . 2009-08-03 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-25 01:59 . 2009-08-25 01:59 -------- d-----w- c:\program files\Trend Micro
2009-08-24 19:39 . 2009-08-24 19:39 -------- d-----w- c:\users\auexis\DoctorWeb
2009-08-24 17:30 . 2009-08-25 05:44 -------- d-----w- c:\program files\Trojan Remover
2009-08-24 17:30 . 2009-08-24 17:30 -------- d-----w- c:\programdata\Simply Super Software
2009-08-24 16:25 . 2009-08-24 16:27 -------- d-----w- c:\windows\BDOSCAN8
2009-08-15 14:05 . 2009-08-15 14:05 -------- d-----w- c:\program files\VideoLAN
2009-08-15 13:49 . 2009-08-15 14:04 -------- d-----w- c:\program files\mkvtoavi
2009-08-14 07:06 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-14 07:06 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-08-14 07:06 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-14 07:06 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-08-14 07:06 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-08-14 07:06 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-14 07:06 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 08:08 . 2009-08-12 08:08 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-12 08:08 . 2009-08-18 20:26 -------- d-----w- c:\users\auexis\AppData\Roaming\skypePM
2009-08-12 08:07 . 2009-08-12 08:07 -------- d-----w- c:\program files\Common Files\Skype
2009-08-12 08:07 . 2009-08-12 08:07 -------- d-----r- c:\program files\Skype
2009-07-28 20:43 . 2009-07-31 06:48 -------- d-----w- c:\programdata\Viper
2009-07-28 16:35 . 2009-07-28 16:35 94 ----a-w- c:\users\auexis\AppData\Local\fusioncache.dat
2009-07-28 16:35 . 2009-08-24 16:42 -------- d-----w- c:\program files\Kerigwa

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 15:15 . 2008-06-15 12:09 -------- d-----w- c:\programdata\Kaspersky Lab
2009-08-26 15:06 . 2009-03-24 09:52 6020 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-26 15:06 . 2009-03-24 09:52 1138720 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-26 15:06 . 2008-06-15 12:09 9444656 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-26 15:06 . 2008-06-15 12:09 705042720 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-26 15:06 . 2007-12-22 08:46 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-26 06:33 . 2008-07-04 07:34 -------- d-----w- c:\users\auexis\AppData\Roaming\uTorrent
2009-08-25 06:15 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-08-25 06:15 . 2009-03-24 09:31 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-08-25 06:15 . 2009-03-24 09:31 239120 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\Vista\klif.sys
2009-08-25 05:39 . 2008-06-16 14:07 -------- d-----w- c:\users\auexis\AppData\Roaming\foobar2000
2009-08-25 04:42 . 2009-04-01 03:33 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-25 04:05 . 2008-06-15 12:09 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-24 18:45 . 2008-06-15 11:14 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-08-24 18:11 . 2008-06-15 12:10 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-08-24 18:11 . 2008-06-15 12:10 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-08-24 17:10 . 2008-06-15 05:11 87464 ----a-w- c:\users\auexis\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-24 16:40 . 2007-12-22 10:44 -------- d-----w- c:\program files\Sony
2009-08-20 14:12 . 2008-06-15 05:11 111854 ----a-w- c:\users\auexis\AppData\Roaming\nvModes.dat
2009-08-18 20:27 . 2008-09-16 19:17 -------- d-----w- c:\users\auexis\AppData\Roaming\Skype
2009-08-16 06:56 . 2009-07-11 09:34 -------- d-----w- c:\program files\EA GAMES
2009-08-14 07:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-12 08:07 . 2007-12-22 10:51 -------- d-----w- c:\programdata\Skype
2009-08-09 06:16 . 2008-06-19 05:44 -------- d-----w- c:\program files\oDC
2009-07-22 10:29 . 2009-07-22 10:29 -------- d-----w- c:\program files\Common Files\France Telecom
2009-07-21 21:52 . 2009-08-14 07:05 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-14 07:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-14 07:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-14 07:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 10:37 . 2009-07-21 10:37 12888 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\wmiav.exe
2009-07-21 10:37 . 2009-07-21 10:37 12888 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\wmias.exe
2009-07-21 10:37 . 2009-03-24 09:31 208616 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-21 10:36 . 2009-01-21 22:31 -------- d-----w- c:\users\auexis\AppData\Roaming\Nokia
2009-07-14 13:00 . 2009-08-14 07:05 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-14 07:05 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-14 07:05 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-14 07:05 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-11 09:42 . 2009-07-11 09:41 -------- d-----w- c:\program files\MagicDisc
2009-07-09 15:52 . 2009-07-09 15:52 59976 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.463\English\setup.exe
2009-07-09 14:07 . 2009-07-09 14:07 -------- d-----w- c:\program files\MagicISO
2009-07-04 13:36 . 2009-02-20 15:50 -------- d-----w- c:\program files\VSTplugins
2009-07-01 13:19 . 2009-07-01 13:19 20 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0003.dat.com
2009-06-29 07:13 . 2009-03-29 17:49 -------- d-----w- c:\programdata\FLEXnet
2009-06-15 18:20 . 2009-08-14 07:05 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 15:24 . 2009-08-14 07:05 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 15:24 . 2009-08-14 07:05 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 15:24 . 2009-08-14 07:05 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:23 . 2009-08-14 07:05 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 15:22 . 2009-08-14 07:05 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 15:21 . 2009-08-14 07:05 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 12:57 . 2009-08-14 07:05 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-14 04:26 . 2009-06-14 04:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-10 12:12 . 2009-08-14 07:05 160256 ----a-w- c:\windows\system32\wkssvc.dll
.

Posted 8/26/2009 3:45 PM

#76530

auexis Valued member

Date Joined Nov 2016
Total Posts: 11

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-12-22 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-14 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-07-21 208616]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-30 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-30 81920]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-01 215552]

c:\users\auexis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-11 576000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-29 739880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2969378182-2747670358-125032691-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A975E080-38BF-4ED9-A204-EC71CA1B430C}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{5315B6FC-97B6-47B5-93C8-2B7186A34905}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{31F48E09-F1FE-41CA-9113-A468532B8CBF}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{C8080255-12E6-441A-8741-BD6456AFB8B4}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{5762B3D5-2EEC-49CF-AB72-EB51EC134096}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7F9D9930-6EAD-464B-81FC-CC46AF9A0F8E}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{658F4989-C722-4860-BAAF-C013BFA58FE7}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{4727B5BA-221D-4DC1-A3E1-C248364E5699}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{14BCC9A3-86CA-45B3-B9B0-FBEEED1C213F}c:\\program files\\odc\\odc.exe"= UDP:c:\program files\odc\odc.exe:oDC
"UDP Query User{A4D32A58-D542-4043-A7E9-A8B573B17EB2}c:\\program files\\odc\\odc.exe"= TCP:c:\program files\odc\odc.exe:oDC
"TCP Query User{41CC14A7-4223-4C60-85F6-41E0149118AA}c:\\program files\\opera 9\\opera.exe"= UDP:c:\program files\opera 9\opera.exe:Opera Internet Browser
"UDP Query User{B4B26398-3F9F-48B8-9863-A08B1EF25AA3}c:\\program files\\opera 9\\opera.exe"= TCP:c:\program files\opera 9\opera.exe:Opera Internet Browser
"TCP Query User{CCBC4FE0-4C0D-4238-88F0-F52B7DCFF1A6}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{7BE6D63A-8639-4E83-98A4-83903827612F}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{BDEA448C-6893-462E-BF60-3EC8F5C1DB35}c:\\neverwinternights\\nwn\\nwserver.exe"= UDP:c:\neverwinternights\nwn\nwserver.exe:Neverwinter Nights Server
"UDP Query User{116EF6D1-6240-47A0-976B-F456F5DC698A}c:\\neverwinternights\\nwn\\nwserver.exe"= TCP:c:\neverwinternights\nwn\nwserver.exe:Neverwinter Nights Server
"TCP Query User{356EE593-5D0C-43D8-A384-33CF6B6AFCDF}c:\\neverwinternights\\nwn\\nwmain.exe"= UDP:c:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
"UDP Query User{1A4803E1-6FC3-4A0C-BC72-BB16CC669E8A}c:\\neverwinternights\\nwn\\nwmain.exe"= TCP:c:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
"TCP Query User{534311C1-CA27-4DF9-B2B1-570FC41B218B}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{A285A5F6-7AA3-41E1-99C0-8CDC38C05D9B}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{F87950F5-EA8F-430B-ABE6-EED76AA2101C}c:\\program files\\odc\\odc.exe"= UDP:c:\program files\odc\odc.exe:oDC
"UDP Query User{00ECC6B4-E8B4-403C-9B94-8C30A968D9BB}c:\\program files\\odc\\odc.exe"= TCP:c:\program files\odc\odc.exe:oDC
"TCP Query User{7786D5ED-0746-4FB8-83B1-52C041EDB159}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{FB65C3D7-8E27-46C5-BD3D-EB8A59E31969}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{433D14AB-35E6-4408-BC2A-F4AEA623D923}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{21A3171D-31AC-48CD-98F3-F9A2B44D7E46}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{D568C98C-BFF6-4334-959C-3B14F252AD21}"= UDP:990:LocalSubnet:LocalSubnet|IF={A32B9473-4A1A-4045-8537-F2D500843E98}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{4B0519D2-D063-434D-B268-CAD299B06D60}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{15D94D84-D065-4A37-884E-28EDF9A1F066}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{6C4288FB-30A3-4086-82D3-159D650DD2CA}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{7CDFF282-A885-4690-B2BF-665FBF958586}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B9189DCD-B1EB-4280-BD87-7424907217E0}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{432B420C-4028-4FE8-B492-5E6DBD205E83}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sopocx.ocx"= %windir%\system32\sopocx.ocx:*:Enabled:sopocx.ocx
"%windir%\\system32\\tvu49.ocx"= %windir%\system32\tvu49.ocx:*:Enabled:tvu49.ocx

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29.01.2008 17:29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09.07.2008 17:28 20496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05.08.2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05.08.2009 16:06 74480]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18.04.2007 07:09 11032]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [09.09.2008 13:55 5120]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [22.12.2007 09:53 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [22.12.2007 09:53 43904]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05.08.2009 16:06 7408]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [22.12.2007 09:53 9344]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [22.12.2007 09:53 812544]
S3 amoidatacard;HSDPA USB Device for Legacy Serial Communication;c:\windows\System32\drivers\amoiusbser.sys [27.06.2007 12:33 94336]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [22.12.2007 12:46 28464]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\System32\drivers\Gt51Ip.sys [22.07.2009 13:30 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\System32\drivers\gt72ubus.sys [22.07.2009 13:34 51968]
S3 GTPTSER;GT PT SER;c:\windows\System32\drivers\gtptser.sys [22.07.2009 13:32 8064]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [22.07.2009 13:32 28224]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [27.12.2007 08:10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [27.12.2007 08:10 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [27.12.2007 08:10 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [27.12.2007 08:27 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [11.02.2009 03:42 87328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.

Posted 8/26/2009 3:45 PM

#76531

auexis Valued member

Date Joined Nov 2016
Total Posts: 11

------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.ro
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\auexis\AppData\Roaming\Mozilla\Firefox\Profiles\u5ga4aa2.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Opera 9\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\Opera 9\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Opera 9\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Opera 9\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Opera 9\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Opera 9\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Opera 9\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Opera 9\program\plugins\NPSWF32_back.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-08-26 18:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4596)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\stacsv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-08-26 18:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-26 15:18

Pre-Run: 23.860.649.984 bytes free
Post-Run: 27.738.091.520 bytes free

326 --- E O F --- 2009-08-14 07:20

Posted 8/27/2009 6:10 AM

#76559

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974

How are your computer behaving after running combofix ?

Posted 8/27/2009 7:36 AM

#76560

auexis Valued member

Date Joined Nov 2016
Total Posts: 11

Rather bad. I have just as many BSODs, due to a number of reason - memory failure, other hardware failure. Sometimes the BSOD do not even state the problem, they just appear and say that it was the best way to protect my computer.

Other errors: sometimes, after a restart the Vista Activation panel appears telling me that my system has the wrong activation key (my Vista is geniune, not pirated software, therefore this particular issue is not at all relevant), and after a restart it goes away. Other than that, other windows system components keep failing, like Superfetch or Window Manager. I did not see much improvement after this particular step.

Posted 8/27/2009 12:57 PM

#76567

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974

Ok. Let´s see if Gmer rootkit scanner find anything ->

Click [color=#0000ff>https://www.gmer.net/download.php[/url]
and download the installer for Gmer to your desktop, then click that file to run Gmer.

If on it's opening scan Gmer locates items shown in red[/color] or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things.

If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

Posted 8/29/2009 9:04 AM

#76625

auexis Valued member

Date Joined Nov 2016
Total Posts: 11

Here it is:

GMER 1.0.15.15077 [33phu7im.exe] - https://www.gmer.net
Rootkit scan 2009-08-29 12:02:30
Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x9359B0B0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 854 82CC3E18 4 Bytes [B0, B0, 59, 93] {MOV AL, 0xb0; POP ECX; XCHG EBX, EAX}
.text CI.dll!CiInitialize + FFF58864 804EA0CE 1 Byte [8B]
.text CI.dll!CiInitialize + FFF58F84 804EA7EE 1 Byte [8B]
.text CI.dll!CiInitialize + FFF59004 804EA86E 1 Byte [45]
.text CI.dll!CiInitialize + FFF59184 804EA9EE 1 Byte [FF]
.text CI.dll!CiInitialize + FFF591A4 804EAA0E 1 Byte [83]
.text ...
? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload 8F7B146F 5 Bytes JMP 87423780

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[3452] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: 32.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[3452] USER32.dll!GetAppCompatFlags2 + 880 756E6390 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[5036] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: 32.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[5036] USER32.dll!GetAppCompatFlags2 + 880 756E6390 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8069061E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068FAD4] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80690748] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068FB9C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068FC1A] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A4ACA] \SystemRoot\System32\Drivers\sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84E5A1E8
Device \Driver\netbt \Device\NetBT_Tcpip_{A77092DB-3B1F-423F-B013-D96DD40E7237} 932A07A0
Device \Driver\volmgr \Device\VolMgrControl 84E551E8
Device \Driver\usbuhci \Device\USBPDO-0 8755D230
Device \Driver\usbuhci \Device\USBPDO-1 8755D230
Device \Driver\usbehci \Device\USBPDO-2 873317A0
Device \Driver\usbuhci \Device\USBPDO-3 8755D230
Device \Driver\usbuhci \Device\USBPDO-4 8755D230

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbuhci \Device\USBPDO-5 8755D230
Device \Driver\usbehci \Device\USBPDO-6 873317A0
Device \Driver\volmgr \Device\HarddiskVolume1 84E551E8
Device \Driver\volmgr \Device\HarddiskVolume2 84E551E8
Device \Driver\cdrom \Device\CdRom0 8764D7A0
Device \Driver\volmgr \Device\HarddiskVolume3 84E551E8
Device \Driver\cdrom \Device\CdRom1 8764D7A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E591E8
Device \Driver\iaStor \Device\Ide\iaStor0 84E581E8
Device \Driver\atapi \Device\Ide\IdePort0 84E591E8
Device \Driver\atapi \Device\Ide\IdePort1 84E591E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 84E581E8
Device \Driver\volmgr \Device\HarddiskVolume4 84E551E8
Device \Driver\volmgr \Device\HarddiskVolume5 84E551E8
Device \Driver\netbt \Device\NetBt_Wins_Export 932A07A0
Device \Driver\iScsiPrt \Device\RaidPort0 876661E8

AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbuhci \Device\USBFDO-0 8755D230
Device \Driver\netbt \Device\NetBT_Tcpip_{AD112630-818A-4953-8572-2DA90711DC5D} 932A07A0
Device \Driver\usbuhci \Device\USBFDO-1 8755D230
Device \Driver\usbehci \Device\USBFDO-2 873317A0
Device \Driver\usbuhci \Device\USBFDO-3 8755D230
Device \Driver\usbuhci \Device\USBFDO-4 8755D230
Device \Driver\usbuhci \Device\USBFDO-5 8755D230
Device \Driver\netbt \Device\NetBT_Tcpip_{1E4DA27F-716A-4C0C-8B4A-3E7D28446E85} 932A07A0
Device \Driver\usbehci \Device\USBFDO-6 873317A0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001bfb56fad7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001bfb5846ac (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001e3d89699e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001e3d89699e@0023b451f1bc 0x63 0xC5 0x33 0x09 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x46 0xC9 0x41 0x96 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x21 0x87 0xD6 0xF5 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5E 0x5D 0xEB 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bfb56fad7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bfb5846ac (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d89699e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d89699e@0023b451f1bc 0x63 0xC5 0x33 0x09 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x46 0xC9 0x41 0x96 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x21 0x87 0xD6 0xF5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5E 0x5D 0xEB 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb56fad7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb5846ac
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d89699e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d89699e@0023b451f1bc 0x63 0xC5 0x33 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x46 0xC9 0x41 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x21 0x87 0xD6 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5E 0x5D 0xEB 0xF8 ...

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0095B.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0095C.log 131072 bytes

---- EOF - GMER 1.0.15 ----

Posted 8/30/2009 2:18 AM

#76677

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974

Nothing suspicious there. So your problems are not virus related :eyes:

I can suggest a large number of things you can try, but it can take days, or even weeks, with no guarantee.

So I think reinstalling Windows is the quickest and easiest solution.

Posted 8/30/2009 4:56 AM

#76693

auexis Valued member

Date Joined Nov 2016
Total Posts: 11

The issue is that my laptop came with preinstalled windows. In other words, I only have a kit on my harddrive which on install will erase all the data on my computer. That will take days to back-up too.

Do you have any idea what it is related to? (at least on a large scale)

Posted 9/1/2009 9:12 PM

#76780

ernest11 Member

Date Joined Nov 2016
Total Posts: 1

Try to find here solution:

These guys are help me few time in the past.

regards

ernest

Posted 9/1/2009 9:16 PM

#76781

auexis Valued member

Date Joined Nov 2016
Total Posts: 11

Found the issue - it was not a virus, it was a memory failure. I got one of the dimms out, and now it's working fine. Slower but okay.

Thanks for all the help :)

Posted 10/30/2009 11:11 AM

#79048

parneet Member

Date Joined Nov 2016
Total Posts: 5

I had also same concern before three months but at that time i was using Antivirus wizard security software which was too much effective for virus removal

Unread posts or replies
No unread posts or replies
Unread Posts (Read Only Forum)
No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, July 4, 2022, 8:06 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Change language

FORUMS

SEARCH FORUM

Unknown Virus - help?

auexis Valued member

Touch Advanced member

auexis Valued member

auexis Valued member

auexis Valued member

Touch Advanced member

auexis Valued member

auexis Valued member

auexis Valued member

Touch Advanced member

auexis Valued member

Touch Advanced member

auexis Valued member

Touch Advanced member

auexis Valued member

ernest11 Member

auexis Valued member

parneet Member

Forum Information

Who's online