DDS (Ver_10-12-12.02) - NTFSx86 Run by XxXxX at 22:06:59,82 on 2011-02-09 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.1526.815 [GMT 1:00] AV: Kaspersky Internet Security *Enabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE} SP: Kaspersky Internet Security *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Enabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe C:\Windows\notepad.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\XxXxX\Desktop\PETER\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://start.facemoods.com/?a=ddr mSearchAssistant = BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [LManager] c:\program files\launch manager\LManager.exe mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab TCP: {32D2D741-C438-4507-9E85-AF541F147E1D} = 89.108.195.20 217.17.34.10 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\xxxxx\appdata\roaming\mozilla\firefox\profiles\xp4185vs.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=ddr&q= FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\users\xxxxx\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} ============= SERVICES / DRIVERS =============== R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-11-3 21520] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] =============== Created Last 30 ================ 2011-02-09 20:12:46 162320 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll 2011-02-09 20:12:40 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2011-02-09 20:12:40 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2011-02-09 20:11:04 -------- d-----w- c:\program files\Kaspersky Lab 2011-02-09 20:11:04 -------- d-----w- c:\progra~2\Kaspersky Lab 2011-02-09 20:10:06 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files 2011-02-09 14:15:28 -------- d-----w- c:\program files\Unknown Device Identifier 2011-02-09 13:34:18 -------- d-----w- c:\users\xxxxx\appdata\roaming\Malwarebytes 2011-02-09 13:33:09 -------- d-----w- c:\progra~2\Malwarebytes 2011-02-09 13:33:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-08 14:03:07 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys 2011-02-08 14:03:07 23424 ----a-r- c:\windows\system32\drivers\ewdcsc.sys 2011-02-08 14:03:07 103680 ----a-w- c:\windows\system32\drivers\ewusbfake.sys 2011-02-08 14:03:07 101632 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys 2011-02-08 14:03:07 100864 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2011-02-08 14:02:27 -------- d-----w- c:\program files\PLAY ONLINE 2011-02-08 11:59:03 -------- d-----w- C:\_OTL 2011-02-07 18:41:29 -------- d-sh--w- C:\$RECYCLE.BIN 2011-02-04 23:50:20 -------- d-----w- c:\program files\Ask.com 2011-02-04 23:50:03 -------- d-----w- c:\users\xxxxx\appdata\roaming\HideIPEasy 2011-02-04 23:50:03 -------- d-----w- c:\progra~2\HideIPEasy 2011-02-04 23:49:56 -------- d-----w- c:\program files\HideIPEasy 2011-02-03 17:20:45 -------- d-----w- c:\program files\RMF FM Miasto Muzyki 2011-01-23 17:33:27 839680 ----a-w- c:\windows\system32\lameACM.acm 2011-01-23 17:33:27 810496 ----a-w- c:\windows\system32\xvidcore.dll 2011-01-23 17:33:27 630784 ----a-w- c:\windows\system32\vp7vfw.dll 2011-01-23 17:33:27 237568 ----a-w- c:\windows\system32\yv12vfw.dll 2011-01-23 17:33:27 183808 ----a-w- c:\windows\system32\xvidvfw.dll 2011-01-23 17:33:27 151552 ----a-w- c:\windows\system32\ac3acm.acm 2011-01-23 17:33:27 121344 ----a-w- c:\windows\system32\lagarith.dll 2011-01-23 17:33:26 80896 ----a-w- c:\windows\system32\ff_vfw.dll 2011-01-23 17:33:24 -------- d-----w- c:\program files\K-Lite Codec Pack 2011-01-19 20:55:12 -------- d-----w- C:\Downloads ==================== Find3M ==================== ============= FINISH: 22:09:08,52 ===============