Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.zlob.g


  • This topic is locked This topic is locked
8 replies to this topic

#1 smk8108

smk8108

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 09 February 2009 - 02:20 PM

hi
One of my computers was infected by Trojan.zlob.g. I reformatted that pc and now would like some help to see if this one also was infected. I've found the manual uninstall instructions, but could not find any of the listed dlls, processes, or other infection sites on either of my pcs. It could mean that niether was infected, but I would like to make sure. Here are my dds logs.


DDS (Ver_09-02-01.01) - NTFSx86
Run by family at 13:55:59.22 on Mon 02/09/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.894.348 [GMT -5:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\family\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\family\appdata\roaming\mozilla\firefox\profiles\242wovxe.default\

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]

=============== Created Last 30 ================

2009-02-09 11:30 147,456 a------- c:\windows\system32\Faultrep.dll
2009-02-09 11:30 125,952 a------- c:\windows\system32\wersvc.dll
2009-02-08 21:06 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-02-08 21:06 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-02-08 21:06 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-02-08 21:06 15,360 a------- c:\windows\system32\pacerprf.dll
2009-02-08 21:06 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-08 21:06 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-08 21:06 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-08 21:06 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-08 21:06 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-08 21:06 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-02-08 18:19 553 a------- c:\windows\USetup.iss
2009-02-08 18:19 98,304 a------- c:\windows\RTKAUDIOSERVICE.EXE
2009-02-08 18:18 2,047,576 a------- c:\windows\system32\drivers\RTKVHDA.sys
2009-02-08 18:18 1,191,936 a------- c:\windows\RtlUpd.exe
2009-02-08 18:18 636,416 a------- c:\windows\system32\RtkPgExt.dll
2009-02-08 18:18 532,480 a------- c:\windows\system32\RTSndMgr.cpl
2009-02-08 18:18 339,968 a------- c:\windows\system32\SRSTSXT.dll
2009-02-08 18:18 135,168 a------- c:\windows\system32\SRSWOW.dll
2009-02-08 18:18 4,874,240 a------- c:\windows\RtHDVCpl.exe
2009-02-08 18:18 29,696 a------- c:\windows\system32\RtkCoInst.dll
2009-02-08 18:18 315,392 a------- c:\windows\HideWin.exe
2009-02-08 18:14 353,280 a------- c:\windows\system32\idecoiins.dll
2009-02-08 18:14 353,280 a------- c:\windows\system32\idecoi.dll
2009-02-08 18:14 110,112 a------- c:\windows\system32\drivers\nvstor32.sys
2009-02-08 18:14 <DIR> --d----- c:\users\family\appdata\roaming\WinBatch
2009-02-07 16:42 <DIR> --d----- C:\PerfLogs
2009-02-07 12:18 2,623,488 a------- c:\windows\system32\SLsvc.exe
2009-02-07 12:18 1,541,120 a------- c:\windows\system32\onex.dll
2009-02-07 12:16 2,011,648 a------- c:\windows\system32\milcore.dll
2009-02-07 12:15 413,184 a------- c:\windows\system32\imkr80.ime
2009-02-07 12:14 816,128 a------- c:\windows\system32\d3dim700.dll
2009-02-07 12:13 357,888 a------- c:\windows\system32\wbemcomn.dll
2009-02-07 12:13 704,512 a------- c:\windows\system32\SmiEngine.dll
2009-02-07 12:13 139,264 a------- c:\windows\system32\SmiInstaller.dll
2009-02-07 12:13 129,536 a------- c:\windows\system32\sqmapi.dll
2009-02-07 12:13 218,624 a------- c:\windows\system32\wdscore.dll
2009-02-07 12:13 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-02-07 12:13 258,560 a------- c:\windows\system32\dpx.dll
2009-02-07 12:13 246,784 a------- c:\windows\system32\drvstore.dll
2009-02-07 12:13 305,152 a------- c:\windows\system32\msdelta.dll
2009-02-07 12:13 35,328 a------- c:\windows\system32\mspatcha.dll
2009-02-06 14:05 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-02-06 14:05 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-06 14:05 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-02-06 14:00 164 a------- C:\install.dat
2009-02-03 14:21 269,312 a------- c:\windows\system32\es.dll
2009-02-03 14:18 622,080 a------- c:\windows\system32\icardagt.exe
2009-02-03 14:18 97,800 a------- c:\windows\system32\infocardapi.dll
2009-02-03 14:18 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-02-03 14:18 11,264 a------- c:\windows\system32\icardres.dll
2009-02-03 14:18 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-03 14:18 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-02-03 14:18 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-02-03 14:18 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-02-03 14:00 49,152 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-02-03 14:00 16,384 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-02-03 14:00 21,708,800 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-02-03 13:56 96,760 a------- c:\windows\system32\dfshim.dll
2009-02-03 13:56 41,984 a------- c:\windows\system32\netfxperf.dll
2009-02-03 13:56 282,112 a------- c:\windows\system32\mscoree.dll
2009-02-03 13:56 158,720 a------- c:\windows\system32\mscorier.dll
2009-02-03 13:56 83,968 a------- c:\windows\system32\mscories.dll
2009-01-26 14:42 1,820 a------- c:\windows\system32\rasctrnm.h
2009-01-26 14:42 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-01-26 14:42 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-01-26 14:42 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-01-26 14:38 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-01-26 14:38 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-01-26 14:38 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-01-26 14:36 1,645,568 a------- c:\windows\system32\connect.dll
2009-01-26 12:26 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-01-26 12:26 61,440 a------- c:\windows\system32\winipsec.dll
2009-01-26 12:26 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-01-26 12:26 272,896 a------- c:\windows\system32\polstore.dll
2009-01-26 12:22 296,960 a------- c:\windows\system32\gdi32.dll
2009-01-26 12:22 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-01-26 12:21 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-01-26 12:20 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-01-26 12:20 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-01-26 12:20 1,695,744 a------- c:\windows\system32\gameux.dll
2009-01-26 12:20 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-01-26 12:19 2,032,640 a------- c:\windows\system32\win32k.sys
2009-01-26 12:18 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-01-26 12:18 2,048 a------- c:\windows\system32\msxml3r.dll
2009-01-26 12:17 1,732 a------- c:\windows\system32\drivers\nvphy.bin
2009-01-26 12:16 2,048 a------- c:\windows\system32\tzres.dll
2009-01-26 12:12 2,927,104 a------- c:\windows\explorer.exe
2009-01-26 12:10 827,392 a------- c:\windows\system32\wininet.dll
2009-01-26 12:07 3,466,752 a------- c:\windows\system32\NlsData0013.dll
2009-01-26 12:05 6,656 a------- c:\windows\system32\kbd106n.dll
2009-01-26 12:05 927,288 a------- c:\windows\system32\winresume.exe
2009-01-26 12:05 988,216 a------- c:\windows\system32\winload.exe
2009-01-26 12:05 378,368 a------- c:\windows\system32\srcore.dll
2009-01-26 12:05 318,464 a------- c:\windows\system32\rstrui.exe
2009-01-26 12:05 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-01-26 12:05 40,960 a------- c:\windows\system32\srclient.dll
2009-01-26 12:05 19,000 a------- c:\windows\system32\kd1394.dll
2009-01-26 12:05 14,848 a------- c:\windows\system32\srdelayed.exe
2009-01-26 12:05 615,992 a------- c:\windows\system32\ci.dll
2009-01-26 12:03 443,392 a------- c:\windows\system32\win32spl.dll
2009-01-26 12:03 37,888 a------- c:\windows\system32\printcom.dll
2009-01-26 12:03 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-01-26 12:03 14,848 a------- c:\windows\system32\wshrm.dll
2009-01-26 12:02 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-26 12:02 2,868,736 a------- c:\windows\system32\mf.dll
2009-01-26 12:02 98,816 a------- c:\windows\system32\mfps.dll
2009-01-26 12:02 94,720 a------- c:\windows\system32\logagent.exe
2009-01-26 12:02 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-01-26 12:02 24,576 a------- c:\windows\system32\mfpmp.exe
2009-01-26 12:02 2,048 a------- c:\windows\system32\mferror.dll
2009-01-26 12:02 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-01-26 12:01 738,304 a------- c:\windows\system32\inetcomm.dll
2009-01-26 12:01 84,480 a------- c:\windows\system32\INETRES.dll
2009-01-26 12:01 1,314,816 a------- c:\windows\system32\quartz.dll
2009-01-26 12:00 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-26 11:59 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2009-01-26 11:59 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2009-01-26 11:58 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-01-26 11:58 2,048 a------- c:\windows\system32\msxml6r.dll
2009-01-26 11:29 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-01-26 11:28 83,456 a------- c:\windows\system32\wudriver.dll
2009-01-26 11:28 162,064 a------- c:\windows\system32\wuwebv.dll
2009-01-26 11:28 31,232 a------- c:\windows\system32\wuapp.exe
2009-01-22 12:52 0 a------- c:\users\family\appdata\roaming\wklnhst.dat
2009-01-22 12:44 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-01-22 12:44 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-01-22 12:44 2,594,848 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-22 12:44 360,480 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-01-22 12:44 22,400 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-01-22 12:44 2,312 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-01-22 12:44 <DIR> --d----- c:\programdata\Kaspersky Lab
2009-01-22 12:44 <DIR> --d----- c:\program files\Kaspersky Lab
2009-01-22 12:44 <DIR> --d----- c:\progra~2\Kaspersky Lab
2009-01-22 12:43 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-01-22 12:43 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-01-20 12:34 <DIR> --d----- c:\programdata\muvee Technologies
2009-01-17 13:38 1,828 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_RK572AA-ABA a1700n_YC_0Pavi_QCNH650_E71NAv3PrA2_49_INODUSM3_SASUSTek Computer INC._V1.05_B5.04_T061215_WUH0_L409_M895_J250_7AMD_8Athlon 64 X2 Dual Core_92.2_#070210_N10DE0269_Z14F12F20_G10DE0241.MRK
2009-01-16 19:35 <DIR> --d----- c:\windows\system32\oem
2009-01-16 17:55 <DIR> --d----- c:\program files\CCleaner
2009-01-16 17:30 44 a------- c:\windows\system\hpsysdrv.dat
2009-01-16 17:24 <DIR> --d----- c:\users\family
2009-01-16 17:18 <DIR> --dsh--- c:\programdata\Documents
2009-01-16 17:18 <DIR> --dsh--- C:\Documents and Settings

==================== Find3M ====================

2009-02-08 18:19 86,016 a------- c:\windows\inf\infstrng.dat
2009-02-08 18:19 51,200 a------- c:\windows\inf\infpub.dat
2009-02-08 18:19 86,016 a------- c:\windows\inf\infstor.dat
2009-02-08 18:18 319,456 a------- c:\windows\DIFxAPI.dll
2009-02-07 16:52 174 a--sh--- c:\program files\desktop.ini
2009-02-07 16:42 665,600 a------- c:\windows\inf\drvindex.dat
2009-02-07 16:20 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-02-07 16:20 82,432 a------- c:\windows\system32\axaltocm.dll
2009-01-26 12:20 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-01-26 12:20 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-01-26 12:20 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-01-26 12:20 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-01-26 12:20 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-01-26 12:20 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-01-26 12:07 4,497,408 a------- c:\windows\system32\NlsData0019.dll
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:57:40.57 ===============


Any help would be much appreciated. Thank you.

Attached Files



BC AdBot (Login to Remove)

 


#2 smk8108

smk8108
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 09 February 2009 - 02:54 PM

I also would like to add that prior to reformatting the pc I'm not asking help about none of my virus scans detected a virus.

#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 20 February 2009 - 04:33 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Download and Run DDS
If you already have a copy of DDS, there is no need to download a new one.

DDS is a tool that gives us a general overview of the condition of your machine.

Download DDS by sUBs from any of the links below:
DDS.com, DDS.scr, DDS.pif

Double click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".
When the scan is finished, two logs will open.
Post DDS.txt directly into your reply. Attach Attach.txt.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Please post back with:
-the DDS logs
-the F-Secure scan log

Please give me an update on the symptoms. Also tell me of any changes you have made to this computer.

With Regards,
The Panda

#4 smk8108

smk8108
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 23 February 2009 - 11:27 AM

hello

here is my new dds log

DDS (Ver_09-02-01.01) - NTFSx86
Run by family at 10:56:31.16 on Mon 02/23/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.894.343 [GMT -5:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\family\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\family\appdata\roaming\mozilla\firefox\profiles\242wovxe.default\

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-9 1153368]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]

=============== Created Last 30 ================

2009-02-12 12:58 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-12 12:58 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-12 12:58 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-12 12:58 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-12 12:58 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-11 09:51 827,392 a------- c:\windows\system32\wininet.dll
2009-02-11 09:51 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-09 14:23 <DIR> --d----- c:\users\family\appdata\roaming\Malwarebytes
2009-02-09 14:23 <DIR> --d----- c:\programdata\Malwarebytes
2009-02-09 14:23 <DIR> --d----- c:\progra~2\Malwarebytes
2009-02-09 11:30 147,456 a------- c:\windows\system32\Faultrep.dll
2009-02-09 11:30 125,952 a------- c:\windows\system32\wersvc.dll
2009-02-08 21:06 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-02-08 21:06 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-02-08 21:06 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-02-08 21:06 15,360 a------- c:\windows\system32\pacerprf.dll
2009-02-08 21:06 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-02-08 18:19 553 a------- c:\windows\USetup.iss
2009-02-08 18:19 98,304 a------- c:\windows\RTKAUDIOSERVICE.EXE
2009-02-08 18:18 2,047,576 a------- c:\windows\system32\drivers\RTKVHDA.sys
2009-02-08 18:18 1,191,936 a------- c:\windows\RtlUpd.exe
2009-02-08 18:18 636,416 a------- c:\windows\system32\RtkPgExt.dll
2009-02-08 18:18 532,480 a------- c:\windows\system32\RTSndMgr.cpl
2009-02-08 18:18 339,968 a------- c:\windows\system32\SRSTSXT.dll
2009-02-08 18:18 135,168 a------- c:\windows\system32\SRSWOW.dll
2009-02-08 18:18 4,874,240 a------- c:\windows\RtHDVCpl.exe
2009-02-08 18:18 29,696 a------- c:\windows\system32\RtkCoInst.dll
2009-02-08 18:18 315,392 a------- c:\windows\HideWin.exe
2009-02-08 18:14 353,280 a------- c:\windows\system32\idecoiins.dll
2009-02-08 18:14 353,280 a------- c:\windows\system32\idecoi.dll
2009-02-08 18:14 110,112 a------- c:\windows\system32\drivers\nvstor32.sys
2009-02-08 18:14 <DIR> --d----- c:\users\family\appdata\roaming\WinBatch
2009-02-07 16:42 <DIR> --d----- C:\PerfLogs
2009-02-07 12:18 2,623,488 a------- c:\windows\system32\SLsvc.exe
2009-02-07 12:18 1,541,120 a------- c:\windows\system32\onex.dll
2009-02-07 12:16 2,011,648 a------- c:\windows\system32\milcore.dll
2009-02-07 12:15 413,184 a------- c:\windows\system32\imkr80.ime
2009-02-07 12:14 816,128 a------- c:\windows\system32\d3dim700.dll
2009-02-07 12:13 357,888 a------- c:\windows\system32\wbemcomn.dll
2009-02-07 12:13 704,512 a------- c:\windows\system32\SmiEngine.dll
2009-02-07 12:13 139,264 a------- c:\windows\system32\SmiInstaller.dll
2009-02-07 12:13 129,536 a------- c:\windows\system32\sqmapi.dll
2009-02-07 12:13 218,624 a------- c:\windows\system32\wdscore.dll
2009-02-07 12:13 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-02-07 12:13 258,560 a------- c:\windows\system32\dpx.dll
2009-02-07 12:13 246,784 a------- c:\windows\system32\drvstore.dll
2009-02-07 12:13 305,152 a------- c:\windows\system32\msdelta.dll
2009-02-07 12:13 35,328 a------- c:\windows\system32\mspatcha.dll
2009-02-06 14:05 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-02-06 14:05 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-06 14:05 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-02-06 14:00 164 a------- C:\install.dat
2009-02-03 14:21 269,312 a------- c:\windows\system32\es.dll
2009-02-03 14:18 622,080 a------- c:\windows\system32\icardagt.exe
2009-02-03 14:18 97,800 a------- c:\windows\system32\infocardapi.dll
2009-02-03 14:18 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-02-03 14:18 11,264 a------- c:\windows\system32\icardres.dll
2009-02-03 14:18 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-03 14:18 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-02-03 14:18 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-02-03 14:18 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-02-03 14:00 49,152 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-

hello

here is my new dds log

DDS (Ver_09-02-01.01) - NTFSx86
Run by family at 10:56:31.16 on Mon 02/23/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.894.343 [GMT -5:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\family\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\family\appdata\roaming\mozilla\firefox\profiles\242wovxe.default\

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-9 1153368]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]

=============== Created Last 30 ================

2009-02-12 12:58 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-12 12:58 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-12 12:58 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-12 12:58 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-12 12:58 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-11 09:51 827,392 a------- c:\windows\system32\wininet.dll
2009-02-11 09:51 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-09 14:23 <DIR> --d----- c:\users\family\appdata\roaming\Malwarebytes
2009-02-09 14:23 <DIR> --d----- c:\programdata\Malwarebytes
2009-02-09 14:23 <DIR> --d----- c:\progra~2\Malwarebytes
2009-02-09 11:30 147,456 a------- c:\windows\system32\Faultrep.dll
2009-02-09 11:30 125,952 a------- c:\windows\system32\wersvc.dll
2009-02-08 21:06 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-02-08 21:06 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-02-08 21:06 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-02-08 21:06 15,360 a------- c:\windows\system32\pacerprf.dll
2009-02-08 21:06 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-02-08 18:19 553 a------- c:\windows\USetup.iss
2009-02-08 18:19 98,304 a------- c:\windows\RTKAUDIOSERVICE.EXE
2009-02-08 18:18 2,047,576 a------- c:\windows\system32\drivers\RTKVHDA.sys
2009-02-08 18:18 1,191,936 a------- c:\windows\RtlUpd.exe
2009-02-08 18:18 636,416 a------- c:\windows\system32\RtkPgExt.dll
2009-02-08 18:18 532,480 a------- c:\windows\system32\RTSndMgr.cpl
2009-02-08 18:18 339,968 a------- c:\windows\system32\SRSTSXT.dll
2009-02-08 18:18 135,168 a------- c:\windows\system32\SRSWOW.dll
2009-02-08 18:18 4,874,240 a------- c:\windows\RtHDVCpl.exe
2009-02-08 18:18 29,696 a------- c:\windows\system32\RtkCoInst.dll
2009-02-08 18:18 315,392 a------- c:\windows\HideWin.exe
2009-02-08 18:14 353,280 a------- c:\windows\system32\idecoiins.dll
2009-02-08 18:14 353,280 a------- c:\windows\system32\idecoi.dll
2009-02-08 18:14 110,112 a------- c:\windows\system32\drivers\nvstor32.sys
2009-02-08 18:14 <DIR> --d----- c:\users\family\appdata\roaming\WinBatch
2009-02-07 16:42 <DIR> --d----- C:\PerfLogs
2009-02-07 12:18 2,623,488 a------- c:\windows\system32\SLsvc.exe
2009-02-07 12:18 1,541,120 a------- c:\windows\system32\onex.dll
2009-02-07 12:16 2,011,648 a------- c:\windows\system32\milcore.dll
2009-02-07 12:15 413,184 a------- c:\windows\system32\imkr80.ime
2009-02-07 12:14 816,128 a------- c:\windows\system32\d3dim700.dll
2009-02-07 12:13 357,888 a------- c:\windows\system32\wbemcomn.dll
2009-02-07 12:13 704,512 a------- c:\windows\system32\SmiEngine.dll
2009-02-07 12:13 139,264 a------- c:\windows\system32\SmiInstaller.dll
2009-02-07 12:13 129,536 a------- c:\windows\system32\sqmapi.dll
2009-02-07 12:13 218,624 a------- c:\windows\system32\wdscore.dll
2009-02-07 12:13 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-02-07 12:13 258,560 a------- c:\windows\system32\dpx.dll
2009-02-07 12:13 246,784 a------- c:\windows\system32\drvstore.dll
2009-02-07 12:13 305,152 a------- c:\windows\system32\msdelta.dll
2009-02-07 12:13 35,328 a------- c:\windows\system32\mspatcha.dll
2009-02-06 14:05 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-02-06 14:05 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-06 14:05 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-02-06 14:00 164 a------- C:\install.dat
2009-02-03 14:21 269,312 a------- c:\windows\system32\es.dll
2009-02-03 14:18 622,080 a------- c:\windows\system32\icardagt.exe
2009-02-03 14:18 97,800 a------- c:\windows\system32\infocardapi.dll
2009-02-03 14:18 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-02-03 14:18 11,264 a------- c:\windows\system32\icardres.dll
2009-02-03 14:18 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-03 14:18 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-02-03 14:18 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-02-03 14:18 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-02-03 14:00 49,152 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-02-03 14:00 16,384 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-02-03 14:00 21,708,800 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-02-03 13:56 96,760 a------- c:\windows\system32\dfshim.dll
2009-02-03 13:56 41,984 a------- c:\windows\system32\netfxperf.dll
2009-02-03 13:56 282,112 a------- c:\windows\system32\mscoree.dll
2009-02-03 13:56 158,720 a------- c:\windows\system32\mscorier.dll
2009-02-03 13:56 83,968 a------- c:\windows\system32\mscories.dll
2009-01-26 14:42 1,820 a------- c:\windows\system32\rasctrnm.h
2009-01-26 14:42 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-01-26 14:42 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-01-26 14:42 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-01-26 14:38 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-01-26 14:38 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-01-26 14:38 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-01-26 14:36 1,645,568 a------- c:\windows\system32\connect.dll
2009-01-26 12:26 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-01-26 12:26 61,440 a------- c:\windows\system32\winipsec.dll
2009-01-26 12:26 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-01-26 12:26 272,896 a------- c:\windows\system32\polstore.dll
2009-01-26 12:22 296,960 a------- c:\windows\system32\gdi32.dll
2009-01-26 12:21 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-01-26 12:20 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-01-26 12:20 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-01-26 12:20 1,695,744 a------- c:\windows\system32\gameux.dll
2009-01-26 12:20 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-01-26 12:19 2,032,640 a------- c:\windows\system32\win32k.sys
2009-01-26 12:18 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-01-26 12:18 2,048 a------- c:\windows\system32\msxml3r.dll
2009-01-26 12:17 1,732 a------- c:\windows\system32\drivers\nvphy.bin
2009-01-26 12:16 2,048 a------- c:\windows\system32\tzres.dll
2009-01-26 12:12 2,927,104 a------- c:\windows\explorer.exe
2009-01-26 12:07 3,466,752 a------- c:\windows\system32\NlsData0013.dll
2009-01-26 12:05 6,656 a------- c:\windows\system32\kbd106n.dll
2009-01-26 12:05 927,288 a------- c:\windows\system32\winresume.exe
2009-01-26 12:05 988,216 a------- c:\windows\system32\winload.exe
2009-01-26 12:05 378,368 a------- c:\windows\system32\srcore.dll
2009-01-26 12:05 318,464 a------- c:\windows\system32\rstrui.exe
2009-01-26 12:05 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-01-26 12:05 40,960 a------- c:\windows\system32\srclient.dll
2009-01-26 12:05 19,000 a------- c:\windows\system32\kd1394.dll
2009-01-26 12:05 14,848 a------- c:\windows\system32\srdelayed.exe
2009-01-26 12:05 615,992 a------- c:\windows\system32\ci.dll
2009-01-26 12:03 443,392 a------- c:\windows\system32\win32spl.dll
2009-01-26 12:03 37,888 a------- c:\windows\system32\printcom.dll
2009-01-26 12:03 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-01-26 12:03 14,848 a------- c:\windows\system32\wshrm.dll
2009-01-26 12:02 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-26 12:02 2,868,736 a------- c:\windows\system32\mf.dll
2009-01-26 12:02 98,816 a------- c:\windows\system32\mfps.dll
2009-01-26 12:02 94,720 a------- c:\windows\system32\logagent.exe
2009-01-26 12:02 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-01-26 12:02 24,576 a------- c:\windows\system32\mfpmp.exe
2009-01-26 12:02 2,048 a------- c:\windows\system32\mferror.dll
2009-01-26 12:02 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-01-26 12:01 738,304 a------- c:\windows\system32\inetcomm.dll
2009-01-26 12:01 84,480 a------- c:\windows\system32\INETRES.dll
2009-01-26 12:01 1,314,816 a------- c:\windows\system32\quartz.dll
2009-01-26 12:00 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-26 11:59 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2009-01-26 11:59 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2009-01-26 11:58 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-01-26 11:58 2,048 a------- c:\windows\system32\msxml6r.dll
2009-01-26 11:29 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-01-26 11:28 83,456 a------- c:\windows\system32\wudriver.dll
2009-01-26 11:28 162,064 a------- c:\windows\system32\wuwebv.dll
2009-01-26 11:28 31,232 a------- c:\windows\system32\wuapp.exe

==================== Find3M ====================

2009-02-23 02:30 2,637,856 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-02-23 02:30 368,672 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-02-23 02:30 23,784 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-02-23 02:30 2,340 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-02-11 09:52 51,200 a------- c:\windows\inf\infpub.dat
2009-02-11 09:52 86,016 a------- c:\windows\inf\infstrng.dat
2009-02-10 09:16 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-02-08 18:19 86,016 a------- c:\windows\inf\infstor.dat
2009-02-08 18:18 319,456 a------- c:\windows\DIFxAPI.dll
2009-02-07 16:52 174 a--sh--- c:\program files\desktop.ini
2009-02-07 16:42 665,600 a------- c:\windows\inf\drvindex.dat
2009-02-07 16:20 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-02-07 16:20 82,432 a------- c:\windows\system32\axaltocm.dll
2009-02-03 13:30 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-02-03 13:30 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-01-26 12:20 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-01-26 12:20 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-01-26 12:20 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-01-26 12:20 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-01-26 12:20 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-01-26 12:20 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-01-26 12:07 4,497,408 a------- c:\windows\system32\NlsData0019.dll
2009-01-22 12:52 0 a------- c:\users\family\appdata\roaming\wklnhst.dat
2009-01-17 13:38 1,828 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_RK572AA-ABA a1700n_YC_0Pavi_QCNH650_E71NAv3PrA2_49_INODUSM3_SASUSTek Computer INC._V1.05_B5.04_T061215_WUH0_L409_M895_J250_7AMD_8Athlon 64 X2 Dual Core_92.2_#070210_N10DE0269_Z14F12F20_G10DE0241.MRK
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 10:58:45.90 =========

hello

here is my new dds log

DDS (Ver_09-02-01.01) - NTFSx86
Run by family at 10:56:31.16 on Mon 02/23/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.894.343 [GMT -5:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\family\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\family\appdata\roaming\mozilla\firefox\profiles\242wovxe.default\

============= SERVICES / DRIVERS ===============

R0 klbg

hello

here is my new dds log

DDS (Ver_09-02-01.01) - NTFSx86
Run by family at 10:56:31.16 on Mon 02/23/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.894.343 [GMT -5:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\

Attached Files



#5 smk8108

smk8108
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 23 February 2009 - 11:30 AM

when i started running F-secure online i got a system error, klif.sys, screen went blue and had to restart

#6 smk8108

smk8108
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 23 February 2009 - 11:39 AM

this computer didn't really have too many symptoms. the computer on my network that got the infection had all the major problems, not being able to connected to the internet, the defender anti virus pop-up, and slow performance and frequent crashes. none of the virus scans found anything on it and i could not find anything manually. that pc has been reformatted and i not concerned with it. The pc that the dds logs are from was not directly infected. it didn't really have any symptoms just somethings out of the ordinary. the major ones was it took me twelve times to log into my im. i'm guessing that was the virus copying my password. other than that nothing really unusual.

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 23 February 2009 - 02:49 PM

Hello.

Kaspersky doesn't like online scans sometimes. We'll skip that.

Your DDS logs look clean. There doesn't appear to be an infection on this machine.

With Regards,
The Panda

#8 smk8108

smk8108
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 23 February 2009 - 02:56 PM

thank you for your help

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 24 February 2009 - 03:34 PM

Welcome.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users