Weird-looking web pages

Question

hatespy 0 Newbie Poster

10 Years Ago

Hi,

I've been getting these weird-looking web pages for about a week now. They are on view at: http://foundfootageblog.wordpress.com/ . I'd never seen errors web pages with that kind of graphic on my notebook before 7/13/13.

I suspect there are malware on my notebook since those web pages have been showing up after I used a flash drive that I found out later that it was infected with my notebook.

Please let me know if my notebook is infected.

I followed the steps outlined in "Read me before posting a request for assistance" in this forum.

Here are my scanlogs:

windows-virus

Edited 10 Years Ago by hatespy

2 Contributors
5 Replies
212 Views
1 Hour Discussion Span
Latest Post 10 Years Ago Latest Post by Rik_

All 5 Replies

Rik_ 111 Nearly a Posting Maven

10 Years Ago

Before you do anything else, you need to put your hand in your pocket and buy a legal version of windows like the rest of us have.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

hatespy 0 Newbie Poster · Answer 1 · 2013-07-21T08:33:06+00:00

MalwareBytes’ Anti-Malware log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.19.10

Windows 7 Service Pack 1 x86 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
LENOVO :: LENOVO-NB [administrator]

7/20/2013 10:43:39
mbam-log-2013-07-20 (10-43-39).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\LENOVO\Desktop\Documents\Computer\Windows 8- Activator -\P8_v25.exe (Trojan.Dropper.SFX) -> Quarantined and deleted successfully.

(end)

hatespy 0 Newbie Poster · Answer 2 · 2013-07-21T08:34:00+00:00

GMER One.log:

GMER 2.1.19163 - http://www.gmer.net
Rootkit quick scan 2013-07-21 13:51:21
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 Hitachi_HTS543232A7A384 rev.ES2OA60W 298.09GB
Running: xewnq536.exe; Driver: C:\Users\LENOVO\AppData\Local\Temp\pxdcypog.sys

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\tdx \Device\Ip kltdi.sys
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys

---- EOF - GMER 2.1 ----

hatespy 0 Newbie Poster · Answer 3 · 2013-07-21T08:34:31+00:00

GMER Two.log:

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-21 14:45:22
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 Hitachi_HTS543232A7A384 rev.ES2OA60W 298.09GB
Running: xewnq536.exe; Driver: C:\Users\LENOVO\AppData\Local\Temp\pxdcypog.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x90C906BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x90C43C02]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0x90C43F4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x90C44390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x90C2C28C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x90C438DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x90C2C804]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x90C2C6EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0x90C43DAE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x90C93528]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x90C2C924]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSymbolicLinkObject [0x90C53EF0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x90C929BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x90C92BFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x90C92660]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0x90C43E7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x90C92506]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x90C2C2D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x90C907FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x90C90464]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x90C53F10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x90C4206C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x90C2C89A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x90C2C77A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x90C920AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x90C937D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x90C2C9BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x90C92718]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwPlugPlayControl [0x90C53F00]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x90C2CA44]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x90C4227A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x90C931D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x90C44174]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x90C44002]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0x90C440B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x90C441E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x90C92EFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x90C43A6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x90C9305C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x90C2CAE6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x90C9056E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x90C9224E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x90C92DA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x90C2CAF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x90C923AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x90C928B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x90C9393C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x90C93666]

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016cfe0a218
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 38858
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 13699
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016cfe0a218 (not active ControlSet)

---- EOF - GMER 2.1 ----

hatespy 0 Newbie Poster · Answer 4 · 2013-07-21T08:46:44+00:00

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16447 BrowserJavaVersion: 1.6.0_24
Run by LENOVO at 14:52:38 on 2013-07-21
Microsoft Windows 7 Ultimate 6.1.7601.1.874.66.1033.18.2550.921 [GMT 7:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\nalserv.exe
C:\Windows\system32\nlssrv32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\MindfulClock\Mfclock.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SafeIP\SafeIPs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.6.0_24\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
uRun: [Google Update] "c:\users\lenovo\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MindfulClock] "c:\program files\mindfulclock\Mfclock.exe"
uRun: [NokiaSuite.exe] c:\program files\nokia\nokia suite\NokiaSuite.exe -tray
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
mRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: ส่&งออกไปยัง Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\SafeIPs.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces{404AA332-4417-479E-91C5-4FF16C9D9AA3} : NameServer = 203.144.207.29,203.144.207.49
TCP: Interfaces{A1258C26-720F-4E20-B00E-657BE8463E3D}\14B414 : DHCPNameServer = 88.198.25.168 208.67.222.222
TCP: Interfaces{A1258C26-720F-4E20-B00E-657BE8463E3D}\4505D2C494E4B4F5132363035443 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lenovo\appdata\roaming\mozilla\firefox\profiles\a28bw9b5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - facebook.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8c24c9b5-c709-4a54-bc6d-f633b7d6f887%7D&mid=7dca3d5170cd47d1b1c9d15f95cb2ad3-3cc141e3f309327191a0a6355453054e968f50f5&ds=hk011&v=11.1.0.7&lang=en&pr=sa&d=2012-06-25%2000%3A35%3A12&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre1.6.0_24\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.6.0_24\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\lenovo\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 145040]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-12 116608]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376]
R2 NalServ;Nalpeiron Control Service;c:\windows\system32\nalserv.exe [2011-11-11 107232]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-11-11 66560]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-15 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 25944]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 25944]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
R3 SafeIPS;SafeIPS;c:\program files\safeip\SafeIPS.exe [2013-1-14 3793408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-1-8 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-1-8 29472]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-1-26 77624]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-1-16 62464]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-8-7 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-1-16 15872]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-1-26 181432]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-1-16 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-1-16 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-1-16 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2011-1-16 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-1-16 112640]
S3 utqymtmw;AVZ Kernel Driver;c:\windows\system32\drivers\utqymtmw.sys [2013-7-20 7168]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-8 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.

2013-07-21 01:15:15 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates{1bd3a371-56c3-4889-9a86-dc6148662c50}\offreg.dll
2013-07-20 09:46:37 7168 ----a-w- c:\windows\system32\drivers\utqymtmw.sys
2013-07-15 16:07:57 -------- d-----w- c:\users\lenovo\appdata\local\WinZip
2013-07-14 23:00:33 -------- d-----w- c:\users\lenovo\appdata\roaming\QuickScan
2013-07-14 17:20:42 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
.
==================== Find3M ====================
.

.
============= FINISH: 14:54:22.21 ===============

Weird-looking web pages

Recommended Answers Collapse Answers

All 5 Replies

Recommended Answers