eccle
Posts: 11 +0
There is this fake flash player thing on my toolbar (a white "f" inside a red box) and when I click on it, no flash player update window pops up. It's just plain weird. I am having trouble with Internet Explorer lately probably because of this. Every time I close the IE window, I always get that "Windows IE stopped from working" thing.
A few days ago, I had a blue screen. I restarted my laptop and it's working fine lately but that fake player virus/trojan keeps on appearing on my toolbar and I am scared. Kaspersky 2003 didn't work. I ran it (normal and safe mode) but it didn't remove it. Here is the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_35
Run by Rev at 12:41:43 on 2012-09-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.585 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Tencent\QQPCMgr\6.8.2387.401\QQPCRTP.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
c:\program files\kingsoft\kingsoft antivirus\kxescore.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\Smart Bro\OnlineUpdate\ouc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\SMART BRO\AssistantServices.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hotkey Utility\tray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SMART BRO\UIExec.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Rev\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\Tencent\QQMusic\QQMusic.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PPLive\PPTV\PPLive.exe
C:\Program Files\Tencent\QQPCMgr\6.8.2387.401\QQPCTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Windows\system32\conime.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\System32\svchost.exe -k PPTVServiceGroup
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Tencent\QQPCMgr\6.8.2387.401\QQPCWebShield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hao123.com/?tn=62002018_3_hao_pg
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Content Blocker Plugin: {5564cc73-efa7-4cbf-918a-5cf7fbbfff4f} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-e40c-433c-9784-c78dc7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Baidu Toolbar BHO: {77fef28e-eb96-44ff-b511-3185dea48697} - c:\program files\baidu\toolbar\BaiduBarX.dll
BHO: QQ?????????: {7c260b4b-f7a0-40b5-b403-befcdc6a4c3b} - c:\program files\tencent\qqpcmgr\6.8.2387.401\TSWebMon.dat
BHO: Safe Money Plugin: {9e6d0d23-3d72-4a94-ae1f-2d167624e3d9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: A3AA4C3C-3C93-5013-63C1-DE7B16E904E7 Class: {a3aa4c3c-3c93-5013-63c1-de7b16e904e7} - c:\progra~1\baidu\{a3aa4~1\AddressBar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
TB: °Ù¶È¹¤¾ßÀ¸: {b580cf65-e151-49c3-b73f-70b13fca8e86} - c:\program files\baidu\toolbar\BaiduBarX.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Facebook Update] "c:\users\rev\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [QQMusic] "c:\program files\tencent\qqmusic\QQMusic.exe" /background
uRun: [PPAP] "c:\program files\common files\pplivenetwork\PPAP.exe" -background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [FIC HotKey] c:\program files\hotkey utility\tray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UIExec] "c:\program files\smart bro\UIExec.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [PowerDVD12DMREngine] "c:\program files\cyberlink\powerdvd12\kernel\dmr\PowerDVD12DMREngine.exe"
mRun: [PowerDVD12Agent] "c:\program files\cyberlink\powerdvd12\PowerDVD12Agent.exe"
mRun: [ QQPCTray] "c:\program files\tencent\qqpcmgr\6.8.2387.401\QQPCTray.exe" /regrun
mRun: [kxesc] "c:\program files\kingsoft\kingsoft antivirus\kxetray.exe" -autorun
mRun: [SetRoute] c:\program files\l2tphelp\setroute.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
StartupFolder: c:\users\rev\appdata\roaming\micros~1\windows\startm~1\programs\startup\pptv.lnk - c:\program files\pplive\pptv\PPLive.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: Interfaces\{5D47F38F-14A7-4A54-BF32-7CE1D5424C30} : NameServer = 10.10.0.21
TCP: Interfaces\{824ECD50-A390-4846-878B-75A8B0171671} : DhcpNameServer = 202.101.172.46 202.101.172.47
TCP: Interfaces\{ED23D40D-2D7B-4EB6-B2FB-CC7310F911B2} : NameServer = 10.10.0.21 10.10.2.21
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rev\appdata\roaming\mozilla\firefox\profiles\13aujkpt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\tencent\npqscall\npqscall.dll
FF - plugin: c:\program files\common files\tencent\txsso\1.2.1.42\bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: c:\program files\internet explorer\pplite\plugin\1.0.1.1919\npplugin2.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\kingsoft\kingsoft antivirus\npkvip.dll
FF - plugin: c:\program files\kingsoft\kingsoft antivirus\npkws.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tencent\qqmusic\npQzoneMusic.dll
FF - plugin: c:\users\rev\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 KAVBootC;KAVBootC;c:\windows\system32\drivers\kavbootc.sys [2012-9-4 27240]
R0 TsFltMgr;tencent TsFltMgr;c:\windows\system32\drivers\TsFltMgr.sys [2012-6-7 65624]
R0 TSysCare;TSysCare;c:\windows\system32\drivers\TSysCare.sys [2012-6-7 24824]
R1 KDHacker;KDHacker;c:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys [2012-9-4 127992]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344]
R1 TCSafeBox;TCSafeBox;c:\program files\tencent\qqpcmgr\6.8.2387.401\TCSafeBox.sys [2012-6-7 53240]
R1 TSCPM;TSCPM;c:\program files\tencent\qqpcmgr\6.8.2387.401\tscpm.sys [2012-6-7 32888]
R1 TSDefenseBt;TSDefenseBt;c:\windows\system32\drivers\TSDefenseBt.sys [2012-9-4 60408]
R1 TSKSP;TSKsp;c:\program files\tencent\qqpcmgr\6.8.2387.401\TSKsp.sys [2012-6-7 153112]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/08/17 08:21:15];c:\program files\cyberlink\powerdvd12\common\navfilter\000.fcl [2012-7-5 88312]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 218880]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\CLHNServiceForPowerDVD12.exe [2012-8-17 90640]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSMonitorServicePDVD12.exe [2012-8-17 78352]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSServerPDVD12.exe [2012-8-17 295440]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 kisknl;kisknl;c:\windows\system32\drivers\kisknl.sys [2012-9-4 165368]
R2 kxescore;Kingsoft Core Service;c:\program files\kingsoft\kingsoft antivirus\kxescore.exe [2012-9-4 128072]
R2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\ntk_PowerDVD12.sys [2012-8-17 121208]
R2 QQSysMon;QQSysMon;c:\program files\tencent\qqpcmgr\6.8.2387.401\QQSysMon.sys [2012-6-7 56568]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-6-15 73216]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 25432]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 25944]
R3 ksapi;ksapi;c:\windows\system32\drivers\ksapi.sys [2012-9-4 82296]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2012-9-10 22016]
R3 TcHardWare;TcHardWare;c:\program files\tencent\qqpcmgr\6.8.2387.401\QQPCHW.sys [2012-6-7 34168]
R4 TSSysKit;TSSysKit;c:\program files\tencent\qqpcmgr\6.8.2387.401\TSSysKit.sys [2012-6-7 91256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-22 250056]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-6-15 102784]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-4-10 9216]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-20 114144]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2012-9-10 22016]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-9-16 27192]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2012-4-10 107776]
.
=============== File Associations ===============
.
txtfile=c:\windows\notepad.exe %1
.
=============== Created Last 30 ================
.
2012-09-15 17:04:56 -------- d-----w- c:\users\rev\appdata\local\Macromedia
2012-09-15 16:47:56 -------- d-----w- c:\users\rev\appdata\local\VS Revo Group
2012-09-15 16:47:30 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-09-15 16:47:28 -------- d-----w- c:\program files\VS Revo Group
2012-09-14 13:51:29 -------- d-----w- c:\program files\Kaspersky Lab
2012-09-14 13:51:28 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-14 13:49:03 75096 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-09-14 10:22:13 -------- d-----w- c:\users\rev\appdata\roaming\Wandoujia2
2012-09-10 16:25:35 -------- d-----w- c:\program files\common files\Symantec Shared
2012-09-10 13:33:32 -------- d-----w- c:\programdata\Symantec
2012-09-10 13:33:07 -------- d-----w- c:\programdata\Norton
2012-09-10 13:33:01 -------- d-----w- c:\programdata\NortonInstaller
2012-09-10 12:35:29 22016 ----a-w- c:\windows\system32\drivers\Ndisrd.sys
2012-09-08 02:55:23 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-06 14:19:30 61440 ----a-r- c:\users\rev\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2012-09-06 14:19:30 61440 ----a-r- c:\users\rev\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\ARPPRODUCTICON.exe
2012-09-06 14:19:30 106496 ----a-r- c:\users\rev\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2012-09-06 14:19:30 106496 ----a-r- c:\users\rev\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2012-09-06 14:19:30 106496 ----a-r- c:\users\rev\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2012-09-06 09:17:07 -------- d-----w- c:\windows\system32\Tencent
2012-09-06 05:20:09 -------- d-----w- c:\users\rev\appdata\local\visi_coupon
2012-09-06 00:34:45 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-05 23:59:26 -------- d-----r- c:\program files\Skype
2012-09-05 11:35:46 737280 ----a-w- c:\windows\iun6002.exe
2012-09-05 11:35:45 -------- d-----w- c:\program files\L2TPHelp
2012-09-04 06:27:29 18760 ----a-w- c:\windows\system32\QQVistaHelper.dll
2012-09-04 06:18:05 -------- d-----w- C:\PPDownload
2012-09-04 05:59:32 -------- d-----w- C:\FavoriteVideo
2012-09-04 05:59:06 -------- d-----w- c:\programdata\Jlcm
2012-09-04 05:58:36 -------- d-----w- c:\users\rev\appdata\roaming\PPLive
2012-09-04 05:58:36 -------- d-----w- c:\programdata\PPLive
2012-09-04 05:58:07 -------- d-----w- c:\program files\PPLive
2012-09-04 05:58:07 -------- d-----w- c:\program files\common files\PPLiveNetwork
2012-09-04 05:44:51 60408 ----a-w- c:\windows\system32\drivers\TSDefenseBt.sys
2012-09-04 05:42:10 308640 ----a-w- c:\windows\system32\MMInstaller.dll
2012-09-04 05:42:06 -------- d-----w- c:\program files\common files\Tencent
2012-09-04 05:42:05 -------- d-----w- c:\program files\Tencent
2012-09-04 05:41:49 -------- d-----w- c:\users\rev\appdata\roaming\Tencent
2012-09-04 05:41:49 -------- d-----w- c:\programdata\Tencent
2012-09-04 05:41:21 -------- d-----w- c:\program files\Baidu
2012-09-04 05:41:04 -------- d-----w- c:\users\rev\funshion
.
==================== Find3M ====================
.
2012-09-08 08:36:03 82296 ----a-w- c:\windows\system32\drivers\ksapi.sys
2012-09-08 08:31:50 165368 ----a-w- c:\windows\system32\drivers\kisknl.sys
2012-09-08 08:29:30 166776 ----a-w- c:\windows\system32\drivers\kdhacker64.sys
2012-09-08 08:29:23 127992 ----a-w- c:\windows\system32\drivers\kdhacker.sys
2012-09-06 00:34:21 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-04 05:45:15 19352 ----a-w- c:\windows\system32\drivers\ksskrpr.sys
2012-09-04 05:45:14 31848 ----a-w- c:\windows\system32\drivers\kavbootc64.sys
2012-09-04 05:45:14 27240 ----a-w- c:\windows\system32\drivers\kavbootc.sys
2012-09-04 05:45:14 208728 ----a-w- c:\windows\system32\drivers\kisknl64.sys
2012-09-04 05:45:13 24472 ----a-w- c:\windows\system32\drivers\bc.sys
2012-08-18 09:22:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-18 09:22:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 07:37:30 491912 ----a-w- c:\windows\system32\PPTVSvc.dll
2012-08-15 07:37:18 2291592 ----a-w- c:\windows\system32\kindling.dll
2012-08-13 08:49:44 144344 ----a-w- c:\windows\system32\drivers\kneps.sys
2012-08-02 07:09:30 24408 ----a-w- c:\windows\system32\drivers\klim6.sys
2012-07-25 06:53:48 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-06-19 09:28:12 136024 ----a-w- c:\windows\system32\drivers\kl1.sys
.
============= FINISH: 12:44:47.62 ===============
A few days ago, I had a blue screen. I restarted my laptop and it's working fine lately but that fake player virus/trojan keeps on appearing on my toolbar and I am scared. Kaspersky 2003 didn't work. I ran it (normal and safe mode) but it didn't remove it. Here is the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_35
Run by Rev at 12:41:43 on 2012-09-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.585 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Tencent\QQPCMgr\6.8.2387.401\QQPCRTP.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
c:\program files\kingsoft\kingsoft antivirus\kxescore.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\Smart Bro\OnlineUpdate\ouc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\SMART BRO\AssistantServices.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hotkey Utility\tray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SMART BRO\UIExec.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Rev\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\Tencent\QQMusic\QQMusic.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PPLive\PPTV\PPLive.exe
C:\Program Files\Tencent\QQPCMgr\6.8.2387.401\QQPCTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Windows\system32\conime.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\System32\svchost.exe -k PPTVServiceGroup
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Tencent\QQPCMgr\6.8.2387.401\QQPCWebShield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hao123.com/?tn=62002018_3_hao_pg
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Content Blocker Plugin: {5564cc73-efa7-4cbf-918a-5cf7fbbfff4f} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-e40c-433c-9784-c78dc7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Baidu Toolbar BHO: {77fef28e-eb96-44ff-b511-3185dea48697} - c:\program files\baidu\toolbar\BaiduBarX.dll
BHO: QQ?????????: {7c260b4b-f7a0-40b5-b403-befcdc6a4c3b} - c:\program files\tencent\qqpcmgr\6.8.2387.401\TSWebMon.dat
BHO: Safe Money Plugin: {9e6d0d23-3d72-4a94-ae1f-2d167624e3d9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: A3AA4C3C-3C93-5013-63C1-DE7B16E904E7 Class: {a3aa4c3c-3c93-5013-63c1-de7b16e904e7} - c:\progra~1\baidu\{a3aa4~1\AddressBar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
TB: °Ù¶È¹¤¾ßÀ¸: {b580cf65-e151-49c3-b73f-70b13fca8e86} - c:\program files\baidu\toolbar\BaiduBarX.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Facebook Update] "c:\users\rev\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [QQMusic] "c:\program files\tencent\qqmusic\QQMusic.exe" /background
uRun: [PPAP] "c:\program files\common files\pplivenetwork\PPAP.exe" -background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [FIC HotKey] c:\program files\hotkey utility\tray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UIExec] "c:\program files\smart bro\UIExec.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [PowerDVD12DMREngine] "c:\program files\cyberlink\powerdvd12\kernel\dmr\PowerDVD12DMREngine.exe"
mRun: [PowerDVD12Agent] "c:\program files\cyberlink\powerdvd12\PowerDVD12Agent.exe"
mRun: [ QQPCTray] "c:\program files\tencent\qqpcmgr\6.8.2387.401\QQPCTray.exe" /regrun
mRun: [kxesc] "c:\program files\kingsoft\kingsoft antivirus\kxetray.exe" -autorun
mRun: [SetRoute] c:\program files\l2tphelp\setroute.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
StartupFolder: c:\users\rev\appdata\roaming\micros~1\windows\startm~1\programs\startup\pptv.lnk - c:\program files\pplive\pptv\PPLive.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: Interfaces\{5D47F38F-14A7-4A54-BF32-7CE1D5424C30} : NameServer = 10.10.0.21
TCP: Interfaces\{824ECD50-A390-4846-878B-75A8B0171671} : DhcpNameServer = 202.101.172.46 202.101.172.47
TCP: Interfaces\{ED23D40D-2D7B-4EB6-B2FB-CC7310F911B2} : NameServer = 10.10.0.21 10.10.2.21
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rev\appdata\roaming\mozilla\firefox\profiles\13aujkpt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\tencent\npqscall\npqscall.dll
FF - plugin: c:\program files\common files\tencent\txsso\1.2.1.42\bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: c:\program files\internet explorer\pplite\plugin\1.0.1.1919\npplugin2.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\kingsoft\kingsoft antivirus\npkvip.dll
FF - plugin: c:\program files\kingsoft\kingsoft antivirus\npkws.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tencent\qqmusic\npQzoneMusic.dll
FF - plugin: c:\users\rev\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 KAVBootC;KAVBootC;c:\windows\system32\drivers\kavbootc.sys [2012-9-4 27240]
R0 TsFltMgr;tencent TsFltMgr;c:\windows\system32\drivers\TsFltMgr.sys [2012-6-7 65624]
R0 TSysCare;TSysCare;c:\windows\system32\drivers\TSysCare.sys [2012-6-7 24824]
R1 KDHacker;KDHacker;c:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys [2012-9-4 127992]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344]
R1 TCSafeBox;TCSafeBox;c:\program files\tencent\qqpcmgr\6.8.2387.401\TCSafeBox.sys [2012-6-7 53240]
R1 TSCPM;TSCPM;c:\program files\tencent\qqpcmgr\6.8.2387.401\tscpm.sys [2012-6-7 32888]
R1 TSDefenseBt;TSDefenseBt;c:\windows\system32\drivers\TSDefenseBt.sys [2012-9-4 60408]
R1 TSKSP;TSKsp;c:\program files\tencent\qqpcmgr\6.8.2387.401\TSKsp.sys [2012-6-7 153112]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/08/17 08:21:15];c:\program files\cyberlink\powerdvd12\common\navfilter\000.fcl [2012-7-5 88312]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 218880]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\CLHNServiceForPowerDVD12.exe [2012-8-17 90640]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSMonitorServicePDVD12.exe [2012-8-17 78352]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSServerPDVD12.exe [2012-8-17 295440]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 kisknl;kisknl;c:\windows\system32\drivers\kisknl.sys [2012-9-4 165368]
R2 kxescore;Kingsoft Core Service;c:\program files\kingsoft\kingsoft antivirus\kxescore.exe [2012-9-4 128072]
R2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\ntk_PowerDVD12.sys [2012-8-17 121208]
R2 QQSysMon;QQSysMon;c:\program files\tencent\qqpcmgr\6.8.2387.401\QQSysMon.sys [2012-6-7 56568]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-6-15 73216]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 25432]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 25944]
R3 ksapi;ksapi;c:\windows\system32\drivers\ksapi.sys [2012-9-4 82296]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2012-9-10 22016]
R3 TcHardWare;TcHardWare;c:\program files\tencent\qqpcmgr\6.8.2387.401\QQPCHW.sys [2012-6-7 34168]
R4 TSSysKit;TSSysKit;c:\program files\tencent\qqpcmgr\6.8.2387.401\TSSysKit.sys [2012-6-7 91256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-22 250056]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-6-15 102784]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-4-10 9216]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-20 114144]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2012-9-10 22016]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-9-16 27192]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2012-4-10 107776]
.
=============== File Associations ===============
.
txtfile=c:\windows\notepad.exe %1
.
=============== Created Last 30 ================
.
2012-09-15 17:04:56 -------- d-----w- c:\users\rev\appdata\local\Macromedia
2012-09-15 16:47:56 -------- d-----w- c:\users\rev\appdata\local\VS Revo Group
2012-09-15 16:47:30 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-09-15 16:47:28 -------- d-----w- c:\program files\VS Revo Group
2012-09-14 13:51:29 -------- d-----w- c:\program files\Kaspersky Lab
2012-09-14 13:51:28 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-14 13:49:03 75096 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-09-14 10:22:13 -------- d-----w- c:\users\rev\appdata\roaming\Wandoujia2
2012-09-10 16:25:35 -------- d-----w- c:\program files\common files\Symantec Shared
2012-09-10 13:33:32 -------- d-----w- c:\programdata\Symantec
2012-09-10 13:33:07 -------- d-----w- c:\programdata\Norton
2012-09-10 13:33:01 -------- d-----w- c:\programdata\NortonInstaller
2012-09-10 12:35:29 22016 ----a-w- c:\windows\system32\drivers\Ndisrd.sys
2012-09-08 02:55:23 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-06 14:19:30 61440 ----a-r- c:\users\rev\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2012-09-06 14:19:30 61440 ----a-r- c:\users\rev\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\ARPPRODUCTICON.exe
2012-09-06 14:19:30 106496 ----a-r- c:\users\rev\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2012-09-06 14:19:30 106496 ----a-r- c:\users\rev\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2012-09-06 14:19:30 106496 ----a-r- c:\users\rev\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2012-09-06 09:17:07 -------- d-----w- c:\windows\system32\Tencent
2012-09-06 05:20:09 -------- d-----w- c:\users\rev\appdata\local\visi_coupon
2012-09-06 00:34:45 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-05 23:59:26 -------- d-----r- c:\program files\Skype
2012-09-05 11:35:46 737280 ----a-w- c:\windows\iun6002.exe
2012-09-05 11:35:45 -------- d-----w- c:\program files\L2TPHelp
2012-09-04 06:27:29 18760 ----a-w- c:\windows\system32\QQVistaHelper.dll
2012-09-04 06:18:05 -------- d-----w- C:\PPDownload
2012-09-04 05:59:32 -------- d-----w- C:\FavoriteVideo
2012-09-04 05:59:06 -------- d-----w- c:\programdata\Jlcm
2012-09-04 05:58:36 -------- d-----w- c:\users\rev\appdata\roaming\PPLive
2012-09-04 05:58:36 -------- d-----w- c:\programdata\PPLive
2012-09-04 05:58:07 -------- d-----w- c:\program files\PPLive
2012-09-04 05:58:07 -------- d-----w- c:\program files\common files\PPLiveNetwork
2012-09-04 05:44:51 60408 ----a-w- c:\windows\system32\drivers\TSDefenseBt.sys
2012-09-04 05:42:10 308640 ----a-w- c:\windows\system32\MMInstaller.dll
2012-09-04 05:42:06 -------- d-----w- c:\program files\common files\Tencent
2012-09-04 05:42:05 -------- d-----w- c:\program files\Tencent
2012-09-04 05:41:49 -------- d-----w- c:\users\rev\appdata\roaming\Tencent
2012-09-04 05:41:49 -------- d-----w- c:\programdata\Tencent
2012-09-04 05:41:21 -------- d-----w- c:\program files\Baidu
2012-09-04 05:41:04 -------- d-----w- c:\users\rev\funshion
.
==================== Find3M ====================
.
2012-09-08 08:36:03 82296 ----a-w- c:\windows\system32\drivers\ksapi.sys
2012-09-08 08:31:50 165368 ----a-w- c:\windows\system32\drivers\kisknl.sys
2012-09-08 08:29:30 166776 ----a-w- c:\windows\system32\drivers\kdhacker64.sys
2012-09-08 08:29:23 127992 ----a-w- c:\windows\system32\drivers\kdhacker.sys
2012-09-06 00:34:21 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-04 05:45:15 19352 ----a-w- c:\windows\system32\drivers\ksskrpr.sys
2012-09-04 05:45:14 31848 ----a-w- c:\windows\system32\drivers\kavbootc64.sys
2012-09-04 05:45:14 27240 ----a-w- c:\windows\system32\drivers\kavbootc.sys
2012-09-04 05:45:14 208728 ----a-w- c:\windows\system32\drivers\kisknl64.sys
2012-09-04 05:45:13 24472 ----a-w- c:\windows\system32\drivers\bc.sys
2012-08-18 09:22:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-18 09:22:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 07:37:30 491912 ----a-w- c:\windows\system32\PPTVSvc.dll
2012-08-15 07:37:18 2291592 ----a-w- c:\windows\system32\kindling.dll
2012-08-13 08:49:44 144344 ----a-w- c:\windows\system32\drivers\kneps.sys
2012-08-02 07:09:30 24408 ----a-w- c:\windows\system32\drivers\klim6.sys
2012-07-25 06:53:48 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-06-19 09:28:12 136024 ----a-w- c:\windows\system32\drivers\kl1.sys
.
============= FINISH: 12:44:47.62 ===============