PC is infected

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Ccucu

Thread Starter
Joined
Dec 21, 2010
Messages
41
Hello.

My PC have had problems for some time but out of commodity I ignored them.
My antivirus expired some time ago and I have failed to renew it yet.

Yesterday internet stopped working so I decided to check it. I found out several crucial windows services won't start (event viewer service, dhcp service, etc).
My first idea was to run combofix and I did that from safe mode but that didn't fix the problem, so I decided to ask for help.

I followed the instructions and downloaded the tools. Here are the logs:

hijackthis.log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:03:04, on 11.01.2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\BARDIWIN\bainfoc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\nataly\Desktop\security tools\HijackThis.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] D:\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Bárdi Info (1)] D:\BARDIWIN\BAINFO.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Agentul Meteor.lnk = C:\MeteorMaximizer\broker.exe
O4 - Startup: Bárdi Info (D__BARDIWIN_).lnk = D:\BARDIWIN\bainfo.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP chain gap (#1 in chain of 18 missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6293 bytes
DDS.txt:
DDS (Ver_10-12-12.02) - NTFSx86
Run by nataly at 11:04:11,12 on 11.01.2011
Internet Explorer: 8.0.6001.18999

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\BARDIWIN\bainfoc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\nataly\Desktop\security tools\dds.scr
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [Ulead Memory Card Detector] c:\program files\ulead systems\ulead photo explorer 7.0\Monitor.exe
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [HP Software Update] d:\hp\hp software update\HPWuSchd2.exe
mRun: [Bárdi Info (1)] d:\bardiwin\BAINFO.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 7.0\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: portalauto.ro\certificat
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\r3hook.dll,c:\progra~1\kasper~1\kasper~1.0\adialhk.dll c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\nataly\appdata\roaming\mozilla\firefox\profiles\ndq3wpp5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\users\nataly\appdata\roaming\mozilla\firefox\profiles\ndq3wpp5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: d:\picasa3\npPicasa3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335
R? s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter
R? s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver
R? s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
R? s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AVP;Kaspersky Internet Security 7.0
S? KLIM6;Kaspersky Anti-Virus NDIS 6 Filter
S? PMBDeviceInfoProvider;PMBDeviceInfoProvider

=============== Created Last 30 ================

2011-01-11 08:40:32 -------- dc----w- c:\users\nataly\appdata\local\temp
2011-01-11 08:37:19 -------- dcsh--w- C:\$RECYCLE.BIN
2011-01-11 08:23:21 98816 -c--a-w- c:\windows\sed.exe
2011-01-11 08:23:21 89088 -c--a-w- c:\windows\MBR.exe
2011-01-11 08:23:21 256512 -c--a-w- c:\windows\PEV.exe
2011-01-11 08:23:21 161792 -c--a-w- c:\windows\SWREG.exe
2011-01-05 09:12:32 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{de3328d6-bd87-4b62-961a-0db4e60f90ed}\mpengine.dll
2010-12-15 16:16:11 515584 -c--a-w- c:\program files\windows mail\wab.exe
2010-12-15 16:16:10 66048 -c--a-w- c:\program files\windows mail\wabmig.exe
2010-12-15 16:16:10 33280 -c--a-w- c:\program files\windows mail\wabfind.dll
2010-12-15 16:16:04 2037248 -c--a-w- c:\windows\system32\win32k.sys
2010-12-15 16:15:57 603648 -c--a-w- c:\windows\system32\schedsvc.dll
2010-12-15 16:15:56 357376 -c--a-w- c:\windows\system32\taskschd.dll
2010-12-15 16:15:56 345088 -c--a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 16:15:55 270336 -c--a-w- c:\windows\system32\taskcomp.dll
2010-12-15 16:15:55 171520 -c--a-w- c:\windows\system32\taskeng.exe
2010-12-15 16:15:42 81920 -c--a-w- c:\windows\system32\consent.exe
2010-12-15 16:15:35 292352 -c--a-w- c:\windows\system32\atmfd.dll
2010-12-15 16:15:34 34304 -c--a-w- c:\windows\system32\atmlib.dll
2010-12-15 16:15:32 72704 -c--a-w- c:\windows\system32\fontsub.dll
2010-12-15 16:13:51 2048 -c--a-w- c:\windows\system32\tzres.dll
2010-12-15 16:12:54 2409784 -c--a-w- c:\program files\windows mail\OESpamFilter.dat

==================== Find3M ====================

2010-11-02 06:01:54 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 -c--a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 -c--a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 -c--a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 -c--a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 -c--a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 -c--a-w- c:\windows\system32\mshtml.tlb
2010-10-19 08:41:44 222080 -c----w- c:\windows\system32\MpSigStub.exe

============= FINISH: 11:07:35,92 ===============
ark.txt:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-11 12:17:38
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 MAXTOR_STM3160215A rev.3.AAD
Running: 9hcspvoe.exe; Driver: C:\Users\nataly\AppData\Local\Temp\pxryqpow.sys


---- System - GMER 1.0.15 ----

INT 0x52 ? 93ED1050
INT 0x61 ? 93F0DA50
INT 0x62 ? 931872D0
INT 0x71 ? 93F0DCD0
INT 0x72 ? 93187550
INT 0x82 ? 93187050
INT 0x92 ? 931877D0
INT 0xA2 ? 93F0D550
INT 0xA3 ? 93ED17D0
INT 0xB0 ? 93F0D2D0
INT 0xB1 ? 93187CD0
INT 0xB2 ? 93F0D7D0
INT 0xB3 ? 93ED1CD0

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spyo.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 9536D46F 5 Bytes JMP 93DAC1D8
? C:\Users\nataly\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[596] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: 32.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[596] USER32.dll!GetAppCompatFlags2 + 880 75DB6390 4 Bytes [70, 11, C6, 00]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[2908] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: 32.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[2908] USER32.dll!GetAppCompatFlags2 + 880 75DB6390 4 Bytes [70, 11, BF, 00]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 9310E1F8
Device \FileSystem\fastfat \FatCdrom 92B57500
Device \Driver\volmgr \Device\VolMgrControl 923511F8
Device \Driver\usbuhci \Device\USBPDO-0 93DA41F8
Device \Driver\usbuhci \Device\USBPDO-1 93DA41F8
Device \Driver\usbuhci \Device\USBPDO-2 93DA41F8
Device \Driver\usbuhci \Device\USBPDO-3 93DA41F8
Device \Driver\usbehci \Device\USBPDO-4 93D991F8

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\volmgr \Device\HarddiskVolume1 923511F8
Device \Driver\cdrom \Device\CdRom0 93E061F8
Device \Driver\volmgr \Device\HarddiskVolume2 923511F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 9310D1F8
Device \Driver\atapi \Device\Ide\IdePort0 9310D1F8
Device \Driver\atapi \Device\Ide\IdePort1 9310D1F8
Device \Driver\atapi \Device\Ide\IdePort2 9310D1F8
Device \Driver\atapi \Device\Ide\IdePort3 9310D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-2 9310D1F8
Device \Driver\volmgr \Device\HarddiskVolume4 923511F8
Device \Driver\netbt \Device\NetBt_Wins_Export 93F15500
Device \Driver\Smb \Device\NetbiosSmb 942A8500
Device \Driver\iScsiPrt \Device\RaidPort0 93E001F8

AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\USBSTOR \Device\0000005e 92B7A500
Device \Driver\USBSTOR \Device\0000005f 92B7A500
Device \Driver\usbuhci \Device\USBFDO-0 93DA41F8
Device \Driver\usbuhci \Device\USBFDO-1 93DA41F8
Device \Driver\usbuhci \Device\USBFDO-2 93DA41F8
Device \Driver\usbuhci \Device\USBFDO-3 93DA41F8
Device \Driver\usbehci \Device\USBFDO-4 93D991F8
Device \Driver\netbt \Device\NetBT_Tcpip_{72E2EDAE-7EE4-4F30-9DD4-7676ADBB3ECA} 93F15500
Device \FileSystem\fastfat \Fat 92B57500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 92B8F500

---- Threads - GMER 1.0.15 ----

Thread System [4:328] 9431D140
Thread System [4:336] 9431D140
Thread System [4:340] 943635E0
Thread System [4:344] 943635E0
Thread System [4:352] 94365640
Thread System [4:356] 94365640
Thread System [4:360] 94365640
Thread System [4:368] 943635E0
Thread System [4:728] 929F04B0
Thread System [4:1644] 92B69B00
Thread System [4:1668] 92B69B00

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet232\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet232\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Pro\

---- EOF - GMER 1.0.15 ----
System info:
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft® Windows Vista™ Home Basic , Service Pack 1, 32 bit
Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz, x64 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 1022 Mb
Graphics Card: ATI Radeon X1050 , 128 Mb
Hard Drives: C: Total - 19999 MB, Free - 1508 MB; D: Total - 132623 MB, Free - 113759 MB;
Motherboard: Gigabyte Technology Co., Ltd., 945GZM-S2, x.x,
Antivirus: Kaspersky Internet Security, Updated: No, On-Demand Scanner: Enabled
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top