Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"You had a pretty good vundo infection"


  • This topic is locked This topic is locked
5 replies to this topic

#1 mclean

mclean

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 28 January 2009 - 01:26 AM


garmanma
was great at getting me to this stage

see topic form:
http://www.bleepingcomputer.com/forums/t/197901/trojin-malware/


everything seems A-okay.... although the internet could be a little slow.... but it maybe me "blaming" my bleepingcomputer.... (at lest I still have some jokes in me!)

I was told to run DSS and post the log(s)

Thanks!!






DDS (Ver_09-01-19.01) - NTFSx86
Run by Family at 22:11:49.28 on 27/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.136 [GMT -8:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: Kaspersky Internet Security *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Family\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar =
uDefault_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1061223
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1061223
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WeatherEye] c:\program files\theweathernetwork\weathereye\WeatherEye.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NWEReboot]
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: []
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [BOC-427] c:\progra~1\comodo\cboclean\BOC427.exe
mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe" /d=60
StartupFolder: c:\docume~1\family\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: google.ca
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by132w.bay132.mail.live.com/mail/resources/MsnPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\google\google~1\goec62~1.dll,c:\windows\system32\niwebazi.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\niwebazi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\family\applic~1\mozilla\firefox\profiles\29wofm7f.default\
FF - prefs.js: browser.startup.homepage - hxxp://msn.ca/
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\family\application data\mozilla\firefox\profiles\29wofm7f.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\family\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 32784]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-1-22 213008]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-12-4 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-12-4 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-12-6 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-12-4 23680]

=============== Created Last 30 ================

2009-01-25 18:21 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-25 18:19 --d----- c:\program files\SUPERAntiSpyware
2009-01-25 18:19 --d----- c:\docume~1\family\applic~1\SUPERAntiSpyware.com
2009-01-25 14:17 2,541,088 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-25 14:17 442,400 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-01-25 14:17 20,932 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-01-25 14:17 2,592 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-01-25 13:53 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-25 13:53 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-23 22:53 --d----- c:\program files\a-squared Anti-Malware
2009-01-23 16:50 22,528 a------- c:\windows\system32\wsock32.dlb
2009-01-23 16:50 205,560 a------- c:\windows\UNBOC.EXE
2009-01-23 16:50 212,728 a------- c:\windows\CMDLIC.DLL
2009-01-23 16:50 --d----- c:\docume~1\alluse~1\applic~1\BOC427
2009-01-23 16:49 11,961 a------- c:\windows\BOC427.INI
2009-01-23 16:49 --d----- c:\program files\Comodo
2009-01-23 16:46 --d----- c:\program files\Spybot - Search & Destroy
2009-01-23 16:46 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-23 14:52 --d----- c:\documents and settings\family\.housecall6.6
2009-01-23 14:30 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-23 13:38 --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-01-23 13:38 --d----- c:\program files\Security Task Manager
2009-01-22 20:58 3,584 a--sh--- c:\windows\system32\Thumbs.db
2009-01-22 19:01 96,976 a------- c:\windows\system32\drivers\klin.dat
2009-01-22 19:01 87,855 a------- c:\windows\system32\drivers\klick.dat
2009-01-22 18:59 --d----- c:\program files\Kaspersky Lab
2009-01-22 18:59 --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-01-22 18:45 2,148 a------- c:\windows\system32\wpa.dbl
2009-01-22 10:03 --d----- c:\program files\AVG
2009-01-22 07:51 94,208 a------- c:\windows\system32\iestat.exe
2009-01-19 23:35 86 a------- c:\windows\system32\UACpxrryotj.dat
2009-01-19 10:50 0 a------- c:\windows\Irremote.ini
2009-01-12 21:27 --d----- c:\docume~1\alluse~1\applic~1\Avg8
2009-01-05 06:30 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-04 20:19 44,544 a------- c:\windows\system32\OVUI2.dll
2009-01-04 20:19 44,544 a------- c:\windows\system32\dllcache\ovui2.dll
2009-01-04 20:19 41,984 a------- c:\windows\system32\OVUI2RC.dll
2009-01-04 20:19 41,984 a------- c:\windows\system32\dllcache\ovui2rc.dll
2009-01-04 20:19 39,424 a------- c:\windows\system32\OVComS.exe
2009-01-04 20:19 39,424 a------- c:\windows\system32\dllcache\ovcoms.exe
2009-01-04 20:19 20,480 a------- c:\windows\system32\OVComC.dll
2009-01-04 20:19 20,480 a------- c:\windows\system32\dllcache\ovcomc.dll
2009-01-04 20:18 116,736 a------- c:\windows\system32\OVCodec2.dll
2009-01-04 20:18 116,736 a------- c:\windows\system32\dllcache\ovcodec2.dll
2009-01-04 20:18 74,240 a------- c:\windows\system32\dllcache\camexo20.dll
2009-01-04 20:18 74,240 a------- c:\windows\system\CamExO20.dll
2009-01-04 20:18 73,216 a------- c:\windows\system32\dllcache\camexo20.ax
2009-01-04 20:18 73,216 a------- c:\windows\system\CamExO20.ax
2009-01-04 20:18 314,752 a------- c:\windows\system32\drivers\CamDrO21.sys
2009-01-04 20:18 314,752 a------- c:\windows\system32\dllcache\camdro21.sys
2009-01-02 12:25 720,896 a------- c:\windows\iun6002.exe
2009-01-01 23:58 --d----- c:\program files\common files\Wise Installation Wizard
2009-01-01 15:38 1,294,028 ---sh--- c:\windows\system32\oliwuhud.ini
2009-01-01 03:38 1,294,028 ---sh--- c:\windows\system32\oyumulij.ini

==================== Find3M ====================

2009-01-22 18:44 90,112 a------- c:\windows\DUMP72ed.tmp
2008-12-12 22:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2007-03-01 12:26 284 a------- c:\docume~1\family\applic~1\ViewerApp.dat
2007-01-18 10:56 87,608 a------- c:\docume~1\family\applic~1\ezpinst.exe
2007-01-18 10:56 47,360 a------- c:\docume~1\family\applic~1\pcouffin.sys
2008-03-29 13:33 88 ---shr-- c:\windows\system32\695D59B577.sys
2008-03-29 13:34 2,672 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 22:14:00.74 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:17 PM

Posted 07 February 2009 - 02:45 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

Still may be something left.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Download and Run DDS
If you already have a copy of DDS, there is no need to download a new one.

Download DDS by sUBs from any of the links below:
DDS.com, DDS.scr, DDS.pif

Double click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".
When the scan is finished, two logs will open.
Post DDS.txt directly into your reply. Attach Attach.txt.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Please tell me what changes have been made to the computer since your topic was started. Also give me an update on any symptoms.

With Regards,
The Panda

#3 mclean

mclean
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 09 February 2009 - 01:59 PM

Thanks for helping. I rather wait a bit longer and get my computer back to it's clean state then only fix half of it straightaway...


okay here we go, below is the DDS log. I could not run F-Secure Online Scanner I got the blue screen of death it was "klif.sys" error.... ? everything would download and the scan seemed like it was about to start, then the blue screen would come up. I didn't try to do anything to fix I thought I would just report it to you

I have not done anything else to my computer- other than what you guys have told me. I have not been on it as much, I am wanting to make sure it's "clean" before I begin normal use. Internet seems to load slower than usual.

DDS log:







DDS (Ver_09-01-19.01) - NTFSx86
Run by Family at 21:08:44.28 on 07/02/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.142 [GMT -8:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Documents and Settings\Family\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar =
uDefault_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1061223
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1061223
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WeatherEye] c:\program files\theweathernetwork\weathereye\WeatherEye.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NWEReboot]
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [BOC-427] c:\progra~1\comodo\cboclean\BOC427.exe
mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe" /d=60
StartupFolder: c:\docume~1\family\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: google.ca
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by132w.bay132.mail.live.com/mail/resources/MsnPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\google\google~1\goec62~1.dll,c:\windows\system32\niwebazi.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\niwebazi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\family\applic~1\mozilla\firefox\profiles\29wofm7f.default\
FF - prefs.js: browser.startup.homepage - hxxp://msn.ca/
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\family\application data\mozilla\firefox\profiles\29wofm7f.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\family\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-1-22 213520]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-12-19 21920]
R4 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared anti-malware\a2service.exe [2009-1-23 419448]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-7-29 206088]
R4 BOCore;BOCore;c:\program files\comodo\cboclean\BOCore.exe [2009-1-23 73464]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-12-23 29744]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-12-4 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-12-4 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-12-6 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-12-4 23680]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2006-4-12 2375424]
S4 gupdate1c95c08e19a4f50;Google Update Service (gupdate1c95c08e19a4f50);c:\program files\google\update\GoogleUpdate.exe [2008-12-11 119280]

=============== Created Last 30 ================

2009-02-02 21:11 <DIR> --d----- c:\program files\MSECache
2009-01-31 11:05 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-01-25 18:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-25 18:19 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-25 18:19 <DIR> --d----- c:\docume~1\family\applic~1\SUPERAntiSpyware.com
2009-01-25 14:17 2,759,712 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-25 14:17 507,936 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-01-25 14:17 22,640 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-01-25 14:17 2,816 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-01-25 13:53 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-25 13:53 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-23 22:53 <DIR> --d----- c:\program files\a-squared Anti-Malware
2009-01-23 16:50 22,528 a------- c:\windows\system32\wsock32.dlb
2009-01-23 16:50 205,560 a------- c:\windows\UNBOC.EXE
2009-01-23 16:50 212,728 a------- c:\windows\CMDLIC.DLL
2009-01-23 16:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BOC427
2009-01-23 16:49 11,964 a------- c:\windows\BOC427.INI
2009-01-23 16:49 <DIR> --d----- c:\program files\Comodo
2009-01-23 16:46 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-23 16:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-23 14:52 <DIR> --d----- c:\documents and settings\family\.housecall6.6
2009-01-23 14:30 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-23 13:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-01-23 13:38 <DIR> --d----- c:\program files\Security Task Manager
2009-01-22 20:58 3,584 a--sh--- c:\windows\system32\Thumbs.db
2009-01-22 19:01 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-01-22 19:01 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-01-22 18:59 <DIR> --d----- c:\program files\Kaspersky Lab
2009-01-22 18:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-01-22 18:45 2,148 a------- c:\windows\system32\wpa.dbl
2009-01-22 10:03 <DIR> --d----- c:\program files\AVG
2009-01-22 07:51 94,208 a------- c:\windows\system32\iestat.exe
2009-01-19 23:35 86 a------- c:\windows\system32\UACpxrryotj.dat
2009-01-19 10:50 0 a------- c:\windows\Irremote.ini
2009-01-12 21:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8

==================== Find3M ====================

2009-02-05 05:46 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-01-22 18:44 90,112 a------- c:\windows\DUMP72ed.tmp
2009-01-05 14:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2009-01-02 12:24 720,896 a------- c:\windows\iun6002.exe
2008-12-12 22:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2007-03-01 12:26 284 a------- c:\docume~1\family\applic~1\ViewerApp.dat
2007-01-18 10:56 87,608 a------- c:\docume~1\family\applic~1\ezpinst.exe
2007-01-18 10:56 47,360 a------- c:\docume~1\family\applic~1\pcouffin.sys
2008-03-29 13:33 88 ---shr-- c:\windows\system32\695D59B577.sys
2008-03-29 13:34 2,672 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:10:00.15 ===============


thanks,
mclean

Attached Files



#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:17 PM

Posted 09 February 2009 - 03:39 PM

Hello.

Kaspersky doesn't like online scans. That's no problem.

It looks clean, however, there are some leftover entries which are not active.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

To disable SpyBot's TeaTimer:
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
Apply Registry Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg
  • Hit OK.
When done properly, the icon should look like Posted Image.

Double click fix.reg and answer Yes to the prompts. You should recieve the message that the entries have been successfully merged. If not, post back with the error message.

Delete fix.reg after use.

Re-enable your protection.

Other than that, it looks like you are good to go.

With Regards,
The Panda

#5 mclean

mclean
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 16 February 2009 - 11:13 PM

Thanks! :thumbup2:

Seems everything is up and running A-okay! thank you so much panda (and bleeping computer)

I will be using this is site (and telling friends) if I have any other computer issues

Once again,

thank you

mclean

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:17 PM

Posted 17 February 2009 - 08:20 AM

Glad we could help.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users