I have a win 7 laptop with all the updates. I am having issue with using the internet. I am able to get to any website other then a search engine. If i use an ip i can get to google but not if i enter the name. Malwarebites found problems and removed them. All new scans come back clean but the issue is still there.
________________________________________________
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-19 16:14:17
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000006d ST912082 rev.7.24
Running: GMER.exe; Driver: C:\Users\Vova\AppData\Local\Temp\kxldypow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:384] 85BBA39F
Thread System [4:668] 865B30F4
---- EOF - GMER 1.0.15 ----
____________________________________________________________
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Vova at 16:14:37 on 2012-02-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1983.1296 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Airlink101\Airlink101 WLAN Monitor\RtlService.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Airlink101\Airlink101 WLAN Monitor\RtWlan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0AMQA2ADEANAA0ADAAMgAzADUALQBGAFAAOQArADYALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQgArADEA"&"prod=90"&"ver=9.0.872
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: citibank.com\online
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{15C2F28A-AE97-4600-A149-B9678E645DC8} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5263007E-444C-4B22-AF67-5770A13662C9} : DhcpNameServer = 216.144.187.37 207.44.96.129 204.186.0.201
TCP: Interfaces\{5263007E-444C-4B22-AF67-5770A13662C9}\249676D41676E6F6C69616D27657563747 : DhcpNameServer = 216.144.187.37 207.44.96.129 204.186.0.201
TCP: Interfaces\{5263007E-444C-4B22-AF67-5770A13662C9}\C4167737F6E62373 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{741ED365-3B74-4C1F-96C3-0DA644DAF69A}\14E495 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{741ED365-3B74-4C1F-96C3-0DA644DAF69A}\249676D41676E6F6C69616 : DhcpNameServer = 216.144.187.37 207.44.96.129 204.186.0.201
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100486&babsrc=adbartrp&mntrId=1c4c8b0800000000000000212f38acb7&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko10.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko11.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko7.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko8.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko9.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 1c4c8b0800000000000000212f38acb7
FF - user.js: extensions.BabylonToolbar_i.hardId - 1c4c8b0800000000000000212f38acb7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15378
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:18:42
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl457ad428;MpKsl457ad428;c:\programdata\microsoft\microsoft antimalware\definition updates\{fb10df12-e505-45be-9983-ca05835b0e17}\MpKsl457ad428.sys [2012-2-19 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 RtlService;RtlService;c:\program files\airlink101\airlink101 wlan monitor\RtlService.exe [2011-7-30 36864]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-24 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2006-12-18 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2006-12-18 43904]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192cu.sys [2011-7-30 630304]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-24 15872]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-24 52224]
.
=============== Created Last 30 ================
.
2012-02-19 20:57:16 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fb10df12-e505-45be-9983-ca05835b0e17}\MpKsl457ad428.sys
2012-02-19 20:07:42 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1358c11a-42c0-4847-ac09-4cae6faa59bc}\gapaengine.dll
2012-02-19 20:07:34 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fb10df12-e505-45be-9983-ca05835b0e17}\mpengine.dll
2012-02-19 20:05:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-19 20:00:44 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-02-19 20:00:44 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-02-19 20:00:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-19 20:00:43 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-02-19 20:00:43 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-02-19 20:00:43 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-19 20:00:43 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-19 20:00:43 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-19 20:00:43 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-02-19 20:00:43 437208 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-02-19 20:00:43 1911768 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-02-19 20:00:43 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-02-19 19:57:47 -------- d-----w- c:\windows\system32\appmgmt
2012-02-19 19:56:37 -------- d-----w- c:\windows\Profiles
2012-02-19 19:46:15 -------- d-----w- c:\users\vova\appdata\local\Secunia PSI
2012-02-19 16:40:44 -------- d-----w- c:\users\vova\appdata\roaming\SUPERAntiSpyware.com
2012-02-19 16:40:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-19 16:40:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-19 16:40:19 -------- d-----w- c:\program files\Secunia
2012-02-19 16:40:07 -------- d-----w- c:\users\vova\appdata\roaming\Malwarebytes
2012-02-19 16:39:57 -------- d-----w- c:\programdata\Malwarebytes
2012-02-19 16:39:56 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 16:39:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-19 15:41:45 -------- d-sh--w- c:\users\vova\appdata\roaming\AV Security Essentials
2012-02-19 15:41:44 -------- d-sh--w- c:\programdata\AVDUSQOBSSE
2012-02-19 15:41:31 -------- d-sh--w- c:\programdata\fca178
2012-02-17 11:03:07 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a4a67422-bd9d-403c-b652-abd9b41b5358}\mpengine.dll
2012-02-15 05:29:32 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 05:29:27 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 05:29:22 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 05:28:18 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-08 23:18:54 -------- d-----w- c:\users\vova\appdata\local\Google
2012-02-08 23:18:36 -------- d-----w- c:\users\vova\appdata\local\Babylon
2012-02-08 23:18:32 98304 ----a-w- c:\windows\system32\redmonnt.dll
2012-02-08 23:18:30 -------- d-----w- c:\users\vova\appdata\roaming\Babylon
2012-02-08 23:18:30 -------- d-----w- c:\programdata\Babylon
2012-02-08 23:18:29 -------- d-----w- c:\program files\FoxTabPDFConverter
.
==================== Find3M ====================
.
2012-02-19 20:47:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-27 05:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 16:15:26.34 ===============
________________________________________________________________
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.19.02
Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Vova :: VOVA-PC [administrator]
2/19/2012 11:58:34 AM
mbam-log-2012-02-19 (11-58-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 168929
Time elapsed: 3 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=8042&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\ProgramData\fca178\AVfca_8042.exe (Trojan.FakeAlert.FS) -> Quarantined and deleted successfully.
C:\Users\Vova\Downloads\PDFCreatorSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
(end)
_________________________________________________________________
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/1/2010 8:19:57 PM
System Uptime: 2/19/2012 3:52:45 PM (1 hours ago)
.
Motherboard: Quanta | | 30B7
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket S1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 105 GiB total, 24.055 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.618 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30B7103C&REV_01\4&3A3249AB&0&2A80
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30B7103C&REV_01\4&3A3249AB&0&2A80
Service:
.
Class GUID:
Description: Coprocessor
Device ID: PCI\VEN_10DE&DEV_0271&SUBSYS_30B7103C&REV_A3\3&13C0B0C5&0&53
Manufacturer:
Name: Coprocessor
PNP Device ID: PCI\VEN_10DE&DEV_0271&SUBSYS_30B7103C&REV_A3\3&13C0B0C5&0&53
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30B7103C&REV_0A\4&3A3249AB&0&2B80
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30B7103C&REV_0A\4&3A3249AB&0&2B80
Service:
.
==== System Restore Points ===================
.
RP160: 2/19/2012 12:55:44 AM - Scheduled Checkpoint
RP162: 2/19/2012 11:01:22 AM - Before uninstalling CCleaner
RP165: 2/19/2012 2:57:06 PM - Removed Chanalyzer 3.4
RP166: 2/19/2012 3:06:06 PM - Windows Update
RP168: 2/19/2012 3:54:41 PM - CA Internet Security Suite
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Airlink101 WLAN Monitor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CCleaner
Conexant HD Audio
FoxTab PDF Creator
HDAUDIO Soft Data Fax Modem with SmartCP
HP Product Detection
inSSIDer
iTunes
K-Lite Codec Pack 5.7.0 (Standard)
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office ??????????? 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel 2007 Help Îáíîâëåíèå (KB963678)
Microsoft Office Excel MUI (Russian) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook 2007 Help Îáíîâëåíèå (KB963677)
Microsoft Office Outlook MUI (Russian) 2007
Microsoft Office Powerpoint 2007 Help Îáíîâëåíèå (KB963669)
Microsoft Office PowerPoint MUI (Russian) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Russian) 2007
Microsoft Office Proof (Ukrainian) 2007
Microsoft Office Proofing (Russian) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Russian) 2007
Microsoft Office Standard 2007
Microsoft Office Word 2007 Help Îáíîâëåíèå (KB963665)
Microsoft Office Word MUI (Russian) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OGA Notifier 2.0.0048.0
QuickTime
Secunia PSI (2.0.0.4003)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 4.2
Spybot - Search & Destroy
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Requirements Lab
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Windows Live ID Sign-in Assistant
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
2/19/2012 12:37:47 PM, Error: Microsoft-Windows-SharedAccess_NAT [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 0.0.0.0 to a request from a client. The data is the error code.
2/19/2012 12:04:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/19/2012 12:04:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/19/2012 12:04:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/19/2012 12:04:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/19/2012 12:04:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KmxAgent SASDIFSV SASKUTIL spldr Wanarpv6
2/19/2012 11:35:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KmxAgent spldr Wanarpv6
2/19/2012 10:46:59 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{15C2F28A-AE97-4600-A149-B9678E645DC8} because another computer on the network has the same name. The server could not start.
2/19/2012 10:46:59 AM, Error: NetBT [4321] - The name "VOVA-PC :20" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
2/19/2012 10:46:54 AM, Error: NetBT [4321] - The name "VOVA-PC :0" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
2/19/2012 10:43:30 AM, Error: Service Control Manager [7000] - The 8042 service failed to start due to the following error: The system cannot find the file specified.
2/18/2012 4:48:17 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
.
==== End Of File ===========================
________________________________________________
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-19 16:14:17
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000006d ST912082 rev.7.24
Running: GMER.exe; Driver: C:\Users\Vova\AppData\Local\Temp\kxldypow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:384] 85BBA39F
Thread System [4:668] 865B30F4
---- EOF - GMER 1.0.15 ----
____________________________________________________________
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Vova at 16:14:37 on 2012-02-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1983.1296 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Airlink101\Airlink101 WLAN Monitor\RtlService.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Airlink101\Airlink101 WLAN Monitor\RtWlan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0AMQA2ADEANAA0ADAAMgAzADUALQBGAFAAOQArADYALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQgArADEA"&"prod=90"&"ver=9.0.872
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: citibank.com\online
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{15C2F28A-AE97-4600-A149-B9678E645DC8} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5263007E-444C-4B22-AF67-5770A13662C9} : DhcpNameServer = 216.144.187.37 207.44.96.129 204.186.0.201
TCP: Interfaces\{5263007E-444C-4B22-AF67-5770A13662C9}\249676D41676E6F6C69616D27657563747 : DhcpNameServer = 216.144.187.37 207.44.96.129 204.186.0.201
TCP: Interfaces\{5263007E-444C-4B22-AF67-5770A13662C9}\C4167737F6E62373 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{741ED365-3B74-4C1F-96C3-0DA644DAF69A}\14E495 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{741ED365-3B74-4C1F-96C3-0DA644DAF69A}\249676D41676E6F6C69616 : DhcpNameServer = 216.144.187.37 207.44.96.129 204.186.0.201
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100486&babsrc=adbartrp&mntrId=1c4c8b0800000000000000212f38acb7&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko10.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko11.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko7.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko8.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko9.dll
FF - component: c:\users\vova\appdata\roaming\mozilla\firefox\profiles\mbeqrgpf.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 1c4c8b0800000000000000212f38acb7
FF - user.js: extensions.BabylonToolbar_i.hardId - 1c4c8b0800000000000000212f38acb7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15378
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:18:42
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl457ad428;MpKsl457ad428;c:\programdata\microsoft\microsoft antimalware\definition updates\{fb10df12-e505-45be-9983-ca05835b0e17}\MpKsl457ad428.sys [2012-2-19 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 RtlService;RtlService;c:\program files\airlink101\airlink101 wlan monitor\RtlService.exe [2011-7-30 36864]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-24 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2006-12-18 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2006-12-18 43904]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192cu.sys [2011-7-30 630304]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-24 15872]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-24 52224]
.
=============== Created Last 30 ================
.
2012-02-19 20:57:16 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fb10df12-e505-45be-9983-ca05835b0e17}\MpKsl457ad428.sys
2012-02-19 20:07:42 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1358c11a-42c0-4847-ac09-4cae6faa59bc}\gapaengine.dll
2012-02-19 20:07:34 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fb10df12-e505-45be-9983-ca05835b0e17}\mpengine.dll
2012-02-19 20:05:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-19 20:00:44 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-02-19 20:00:44 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-02-19 20:00:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-19 20:00:43 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-02-19 20:00:43 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-02-19 20:00:43 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-19 20:00:43 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-19 20:00:43 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-19 20:00:43 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-02-19 20:00:43 437208 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-02-19 20:00:43 1911768 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-02-19 20:00:43 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-02-19 19:57:47 -------- d-----w- c:\windows\system32\appmgmt
2012-02-19 19:56:37 -------- d-----w- c:\windows\Profiles
2012-02-19 19:46:15 -------- d-----w- c:\users\vova\appdata\local\Secunia PSI
2012-02-19 16:40:44 -------- d-----w- c:\users\vova\appdata\roaming\SUPERAntiSpyware.com
2012-02-19 16:40:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-19 16:40:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-19 16:40:19 -------- d-----w- c:\program files\Secunia
2012-02-19 16:40:07 -------- d-----w- c:\users\vova\appdata\roaming\Malwarebytes
2012-02-19 16:39:57 -------- d-----w- c:\programdata\Malwarebytes
2012-02-19 16:39:56 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 16:39:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-19 15:41:45 -------- d-sh--w- c:\users\vova\appdata\roaming\AV Security Essentials
2012-02-19 15:41:44 -------- d-sh--w- c:\programdata\AVDUSQOBSSE
2012-02-19 15:41:31 -------- d-sh--w- c:\programdata\fca178
2012-02-17 11:03:07 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a4a67422-bd9d-403c-b652-abd9b41b5358}\mpengine.dll
2012-02-15 05:29:32 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 05:29:27 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 05:29:22 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 05:28:18 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-08 23:18:54 -------- d-----w- c:\users\vova\appdata\local\Google
2012-02-08 23:18:36 -------- d-----w- c:\users\vova\appdata\local\Babylon
2012-02-08 23:18:32 98304 ----a-w- c:\windows\system32\redmonnt.dll
2012-02-08 23:18:30 -------- d-----w- c:\users\vova\appdata\roaming\Babylon
2012-02-08 23:18:30 -------- d-----w- c:\programdata\Babylon
2012-02-08 23:18:29 -------- d-----w- c:\program files\FoxTabPDFConverter
.
==================== Find3M ====================
.
2012-02-19 20:47:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-27 05:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 16:15:26.34 ===============
________________________________________________________________
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.19.02
Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Vova :: VOVA-PC [administrator]
2/19/2012 11:58:34 AM
mbam-log-2012-02-19 (11-58-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 168929
Time elapsed: 3 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=8042&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\ProgramData\fca178\AVfca_8042.exe (Trojan.FakeAlert.FS) -> Quarantined and deleted successfully.
C:\Users\Vova\Downloads\PDFCreatorSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
(end)
_________________________________________________________________
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/1/2010 8:19:57 PM
System Uptime: 2/19/2012 3:52:45 PM (1 hours ago)
.
Motherboard: Quanta | | 30B7
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket S1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 105 GiB total, 24.055 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.618 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30B7103C&REV_01\4&3A3249AB&0&2A80
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30B7103C&REV_01\4&3A3249AB&0&2A80
Service:
.
Class GUID:
Description: Coprocessor
Device ID: PCI\VEN_10DE&DEV_0271&SUBSYS_30B7103C&REV_A3\3&13C0B0C5&0&53
Manufacturer:
Name: Coprocessor
PNP Device ID: PCI\VEN_10DE&DEV_0271&SUBSYS_30B7103C&REV_A3\3&13C0B0C5&0&53
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30B7103C&REV_0A\4&3A3249AB&0&2B80
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30B7103C&REV_0A\4&3A3249AB&0&2B80
Service:
.
==== System Restore Points ===================
.
RP160: 2/19/2012 12:55:44 AM - Scheduled Checkpoint
RP162: 2/19/2012 11:01:22 AM - Before uninstalling CCleaner
RP165: 2/19/2012 2:57:06 PM - Removed Chanalyzer 3.4
RP166: 2/19/2012 3:06:06 PM - Windows Update
RP168: 2/19/2012 3:54:41 PM - CA Internet Security Suite
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Airlink101 WLAN Monitor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CCleaner
Conexant HD Audio
FoxTab PDF Creator
HDAUDIO Soft Data Fax Modem with SmartCP
HP Product Detection
inSSIDer
iTunes
K-Lite Codec Pack 5.7.0 (Standard)
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office ??????????? 2007
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel 2007 Help Îáíîâëåíèå (KB963678)
Microsoft Office Excel MUI (Russian) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook 2007 Help Îáíîâëåíèå (KB963677)
Microsoft Office Outlook MUI (Russian) 2007
Microsoft Office Powerpoint 2007 Help Îáíîâëåíèå (KB963669)
Microsoft Office PowerPoint MUI (Russian) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Russian) 2007
Microsoft Office Proof (Ukrainian) 2007
Microsoft Office Proofing (Russian) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Russian) 2007
Microsoft Office Standard 2007
Microsoft Office Word 2007 Help Îáíîâëåíèå (KB963665)
Microsoft Office Word MUI (Russian) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OGA Notifier 2.0.0048.0
QuickTime
Secunia PSI (2.0.0.4003)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 4.2
Spybot - Search & Destroy
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Requirements Lab
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Windows Live ID Sign-in Assistant
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
2/19/2012 12:37:47 PM, Error: Microsoft-Windows-SharedAccess_NAT [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 0.0.0.0 to a request from a client. The data is the error code.
2/19/2012 12:04:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/19/2012 12:04:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/19/2012 12:04:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/19/2012 12:04:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/19/2012 12:04:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KmxAgent SASDIFSV SASKUTIL spldr Wanarpv6
2/19/2012 11:35:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KmxAgent spldr Wanarpv6
2/19/2012 10:46:59 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{15C2F28A-AE97-4600-A149-B9678E645DC8} because another computer on the network has the same name. The server could not start.
2/19/2012 10:46:59 AM, Error: NetBT [4321] - The name "VOVA-PC :20" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
2/19/2012 10:46:54 AM, Error: NetBT [4321] - The name "VOVA-PC :0" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
2/19/2012 10:43:30 AM, Error: Service Control Manager [7000] - The 8042 service failed to start due to the following error: The system cannot find the file specified.
2/18/2012 4:48:17 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
.
==== End Of File ===========================