Ok done. But the process needed to be done under Safe Mode, otherwise the "blue screen" will appear again. Here goes the new ComboFix log followed by fresh DDS logs (DDS and Attach).
ComboFix 10-11-02.05 - t i e s t o 11/05/2010 3:40.6.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.809 [GMT 8:00]
Running from: c:\documents and settings\t i e s t o.SUMMERBREEZE.000\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\t i e s t o.SUMMERBREEZE.000\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((( Files Created from 2010-10-04 to 2010-11-04 )))))))))))))))))))))))))))))))
.
2010-11-02 08:59 . 2010-10-19 08:00 294912 ----a-w- C:\gmer.exe
2010-11-02 08:54 . 2010-11-02 08:55 623616 ----a-w- C:\dds.scr
2010-10-31 14:02 . 2001-08-17 14:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-10-31 14:02 . 2001-08-17 14:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-10-31 14:02 . 2001-08-17 14:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-10-31 14:02 . 2001-08-17 14:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-10-31 14:02 . 2001-08-17 06:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-10-31 14:02 . 2001-08-17 06:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-10-31 14:02 . 2001-08-17 06:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-10-31 14:02 . 2001-08-17 06:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-10-31 14:02 . 2001-08-17 06:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-10-31 14:02 . 2001-08-17 06:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-10-31 14:02 . 2008-04-14 00:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-10-31 14:02 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-10-31 01:24 . 2010-10-31 01:24 388096 ----a-r- c:\documents and settings\t i e s t o.SUMMERBREEZE.000\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-31 01:24 . 2010-10-31 01:24 -------- d-----w- c:\program files\Trend Micro
2010-10-31 01:22 . 2010-10-31 01:23 1402880 ----a-w- C:\HiJackThis.msi
2010-10-27 05:38 . 2010-10-27 05:38 568640 ----a-w- C:\ChromeSetup(3).exe
2010-10-27 05:24 . 2010-10-27 05:43 -------- d-----w- c:\documents and settings\t i e s t o.SUMMERBREEZE.000\Local Settings\Application Data\Temp
2010-10-27 05:24 . 2010-10-27 05:31 -------- d-----w- c:\documents and settings\t i e s t o.SUMMERBREEZE.000\Local Settings\Application Data\Google
2010-10-26 15:50 . 2010-10-26 15:50 -------- d-----w- c:\documents and settings\Default User.WINDOWS\Application Data\Apple Computer
2010-10-26 15:48 . 2010-10-26 15:50 -------- d-----w- c:\documents and settings\Default User.WINDOWS\Local Settings\Application Data\Apple Computer
2010-10-26 15:23 . 2010-07-01 13:34 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
2010-10-26 15:23 . 2010-07-01 13:35 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2010-10-26 15:23 . 2010-10-26 16:15 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-10-26 15:23 . 2010-10-26 16:15 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-10-26 15:21 . 2010-11-04 19:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2010-10-26 14:49 . 2010-10-26 14:51 10838016 ----a-w- C:\Opera_1063_en_Setup.exe
2010-10-15 21:39 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 21:39 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 21:39 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-02 08:58 . 2010-11-02 08:58 286404 ----a-w- C:\gmer.zip
2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 04:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-10 05:58 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-04 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 10:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 10:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 10:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-05-25 19:57 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 10:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 10:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\t i e s t o.SUMMERBREEZE.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-27 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2007-12-07 656040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-02 20:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-09 12:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-12-07 10:17 107176 ----a-w- c:\program files\Lexmark Z2300 Series\ezprint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 08:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 08:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 15:08 417792 ----a-w- c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-10 20:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"d:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\lxdpcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdptime.exe"=
"c:\\Program Files\\Lexmark Z2300 Series\\lxdpmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpjswx.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Mobile Partner\\Mobile Partner.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Games\\BlackShot\\Blackshot\\system\\BlackShot.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
S1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
S1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [7/21/2009 1:23 PM 33824]
S2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [6/20/2009 8:53 PM 98984]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [6/5/2010 3:31 PM 114432]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\TIESTO~1.000\LOCALS~1\Temp\EQH61.tmp --> c:\docume~1\TIESTO~1.000\LOCALS~1\Temp\EQH61.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\plugins\UI\safedrv.sys --> c:\program files\Garena\plugins\UI\safedrv.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [6/5/2010 3:31 PM 100736]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 12:06 PM 32856]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder
2010-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-789336058-839522115-1004Core.job
- c:\documents and settings\t i e s t o.SUMMERBREEZE.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 05:30]
2010-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-789336058-839522115-1004UA.job
- c:\documents and settings\t i e s t o.SUMMERBREEZE.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 05:30]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\t i e s t o.SUMMERBREEZE.000\Application Data\Mozilla\Firefox\Profiles\z6r0w6fg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.searchslate.com/wp.ashx?ref=home&id=173FF - component: c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\documents and settings\t i e s t o.SUMMERBREEZE.000\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\t i e s t o.SUMMERBREEZE.000\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.0\Plugins\npybrowserplus_2.7.0.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-11-05 03:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\TIESTO~1.000\LOCALS~1\Temp\EQH61.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(240)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(784)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-11-05 03:57:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-04 19:57
ComboFix2.txt 2010-11-03 19:35
Pre-Run: 5,766,672,384 bytes free
Post-Run: 5,753,450,496 bytes free
- - End Of File - - 2C7B2DF1470BE775E71855EEBB231D0C
___________________________________________________________________________________________
DDS (Ver_10-11-01.01) - NTFSx86 MINIMAL
Run by t i e s t o at 3:59:01.85 on Fri 11/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.793 [GMT 8:00]
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\explorer.exe
C:\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.google.com/uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Google Update] "c:\documents and settings\t i e s t o.summerbreeze.000\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [lxdpmon.exe] "c:\program files\lexmark z2300 series\lxdpmon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -
hxxp://java.sun.com/products/plugin/aut ... s-i586.cabDPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabNotify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\tiesto~1.000\applic~1\mozilla\firefox\profiles\z6r0w6fg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.searchslate.com/wp.ashx?ref=home&id=173FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\documents and settings\t i e s t o.summerbreeze.000\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\t i e s t o.summerbreeze.000\local settings\application data\yahoo!\browserplus\2.7.0\plugins\npybrowserplus_2.7.0.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
S1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-26 475736]
S1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2009-7-21 33824]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-7-1 352976]
S2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [2009-6-20 98984]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-6-5 114432]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\tiesto~1.000\locals~1\temp\eqh61.tmp --> c:\docume~1\tiesto~1.000\locals~1\temp\EQH61.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\plugins\ui\safedrv.sys --> c:\program files\garena\plugins\ui\safedrv.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-6-5 100736]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
=============== Created Last 30 ================
2010-11-03 12:45:01 -------- d-sha-r- C:\cmdcons
2010-11-03 12:42:34 98816 ----a-w- c:\windows\sed.exe
2010-11-03 12:42:34 88064 ----a-w- c:\windows\MBR.exe
2010-11-03 12:42:34 256512 ----a-w- c:\windows\PEV.exe
2010-11-03 12:42:34 161792 ----a-w- c:\windows\SWREG.exe
2010-11-03 12:38:16 3901948 ----a-r- C:\ComboFix.exe
2010-11-02 08:59:18 294912 ----a-w- C:\gmer.exe
2010-11-02 08:54:52 623616 ----a-w- C:\dds.scr
2010-10-31 14:02:12 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-10-31 14:02:12 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-10-31 14:02:12 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-10-31 14:02:12 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-10-31 14:02:12 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-10-31 14:02:12 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-10-31 14:02:12 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-10-31 14:02:12 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-10-31 14:02:06 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-10-31 14:02:06 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-10-31 14:02:05 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-10-31 14:02:05 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-10-31 01:24:05 388096 ----a-r- c:\docume~1\tiesto~1.000\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-31 01:24:05 -------- d-----w- c:\program files\Trend Micro
2010-10-31 01:22:53 1402880 ----a-w- C:\HiJackThis.msi
2010-10-27 05:38:43 568640 ----a-w- C:\ChromeSetup(3).exe
2010-10-27 05:24:56 -------- d-----w- c:\docume~1\tiesto~1.000\locals~1\applic~1\Temp
2010-10-27 05:24:38 -------- d-----w- c:\docume~1\tiesto~1.000\locals~1\applic~1\Google
2010-10-26 15:23:46 109240 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
2010-10-26 15:23:42 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2010-10-26 15:23:31 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-10-26 15:23:31 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-10-26 15:21:26 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Kaspersky Lab
2010-10-26 14:49:53 10838016 ----a-w- C:\Opera_1063_en_Setup.exe
2010-10-15 21:39:49 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 21:39:48 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 21:39:06 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
==================== Find3M ====================
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 04:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
============= FINISH: 3:59:23.70 ===============
___________________________________________________________________________________________________
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-01.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/26/2009 1:47:00 AM
System Uptime: 11/5/2010 3:49:07 AM (0 hours ago)
Motherboard: Dell Inc. | | 0XD720
Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz | Microprocessor | 1995/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 24 GiB total, 5.384 GiB free.
D: is FIXED (NTFS) - 64 GiB total, 0.23 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP352: 10/20/2010 6:30:30 AM - System Checkpoint
RP353: 10/21/2010 6:15:58 PM - System Checkpoint
RP354: 10/22/2010 6:20:11 PM - System Checkpoint
RP355: 10/26/2010 10:02:35 PM - System Checkpoint
RP356: 10/26/2010 10:52:32 PM - Removed Opera 9.64
RP357: 10/26/2010 10:53:10 PM - Installed Opera 10.63.
RP358: 10/26/2010 11:12:25 PM - Removed Kaspersky Anti-Virus 2009.
RP359: 10/26/2010 11:21:09 PM - Installed Kaspersky Internet Security 2011.
RP360: 10/28/2010 6:50:44 PM - System Checkpoint
RP361: 10/31/2010 9:24:03 AM - Installed HiJackThis
RP362: 11/1/2010 11:45:23 AM - System Checkpoint
RP363: 11/2/2010 12:05:27 PM - System Checkpoint
RP364: 11/4/2010 12:33:12 AM - System Checkpoint
RP365: 11/5/2010 3:12:38 AM - ComboFix created restore point
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom 440x 10/100 Integrated Controller
Canon PIXMA iP1000
CCleaner
Celcom Broadband Manager
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
Dell Wireless WLAN Card
doPDF 6.2 printer
FQ Uploader version 0.21
Google Chrome
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HYSYS 3.2
Intel(R) PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 17
K-Lite Mega Codec Pack 1.61
Kaspersky Internet Security 2011
Lexmark Z2300 Series
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Mobile Partner
Modem Helper
Mozilla Firefox (3.0.19)
MpcStar 3.9
mPfMgr
mPfWiz
mProSafe
mSSO
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mWMI
mXML
mZConfig
Nero 7 Ultra Edition
Next Generation Visualisations
Opera 10.63
PowerDVD 5.7
QuickTime
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SigmaTel Audio
Synaptics Pointing Device Driver
Ultra Video Converter 1.4.2
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Video Watermark Factory
WebFldrs XP
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! BrowserPlus 2.7.0
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
11/4/2010 3:21:25 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec kl2 KLIF MRxSmb NetBIOS NetBT ohci1394 OMCI oreans32 RasAcd Rdbss Tcpip Tosrfcom
11/4/2010 3:21:25 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/4/2010 3:21:25 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/4/2010 3:21:25 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/4/2010 3:21:25 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/4/2010 3:21:25 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/4/2010 3:21:25 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/4/2010 3:21:21 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/4/2010 3:20:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/4/2010 3:20:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/3/2010 9:29:12 PM, error: System Error [1003] - Error code 1000008e, parameter1 80000004, parameter2 805bea4e, parameter3 b775c778, parameter4 00000000.
11/3/2010 9:12:24 PM, error: System Error [1003] - Error code 1000008e, parameter1 80000004, parameter2 805008a1, parameter3 b8268360, parameter4 00000000.
11/3/2010 8:56:39 PM, error: System Error [1003] - Error code 1000008e, parameter1 80000004, parameter2 804fa37c, parameter3 b790d5c8, parameter4 00000000.
11/3/2010 8:45:50 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
11/3/2010 4:14:02 AM, error: System Error [1003] - Error code 1000008e, parameter1 80000004, parameter2 ed50d2ea, parameter3 edb144a8, parameter4 00000000.
11/3/2010 4:10:22 AM, error: System Error [1003] - Error code 00000044, parameter1 fd13ae70, parameter2 00000d64, parameter3 00000000, parameter4 00000000.
11/3/2010 4:09:21 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdpCATSCustConnectService service to connect.
11/3/2010 4:09:21 AM, error: Service Control Manager [7000] - The lxdpCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/2/2010 8:44:55 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
10/30/2010 7:28:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WMI Performance Adapter service to connect.
10/30/2010 7:28:57 AM, error: Service Control Manager [7000] - The WMI Performance Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
==== End Of File ===========================