Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me


  • This topic is locked This topic is locked
2 replies to this topic

#1 Ray911

Ray911

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 09 August 2009 - 06:14 AM

I have a dell vostro 200 running on XP sp3. I cannot access task manager or registry editor, every time i have to use them i have to use "Smart Virus Remover" from "Technize". I tried installing Kaspersky 2010 to run a scan but it was hectic to install it as the virus disables Task manager and registry editor every 5 seconds so i had to keep on pressing "Restore windows default settings" buttons on SmartVR every 2 seconds and succeded. But now every time avp.exe runs the virus closes it and now i m unable to press the SmartVR button and register Kaspersky at the same time. Smartvr ran a scan but it being a small standalone scanner couldnt do much. Here are my logs:


DDS (Ver_09-05-14.01) - NTFSx86
Run by User at 0:20:22.62 on 09/08/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.536 [GMT 3:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE
C:\Rafay\Software\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdoosoft] c:\windows\system32\olhrwef.exe
mRun: [LClock] c:\program files\lclock\LClock.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\user\startm~1\programs\startup\styler.lnk - c:\docume~1\user\applic~1\microsoft\installer\{e9ecf354-2422-4fdb-9abf-d8adac0ef941}\_585b207a.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~2\mzvkbd.dll,c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~2\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-6-15 128016]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-8-8 33808]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-7-1 603904]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\espiln.sys --> c:\windows\system32\drivers\espiln.sys [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-8-8 19472]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]

=============== Created Last 30 ================

2009-08-08 09:14 <DIR> --d----- C:\Sage.Peachtree.Quantum.2010.Accountant.Edition.FINAL-RiFT
2009-08-08 09:14 <DIR> --d----- C:\Kaspersky.KAV&KIS.2010.v.9.0.0.463.Final
2009-08-08 09:12 19,472 a------- c:\windows\system32\drivers\klmouflt.sys
2009-08-08 09:11 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-08-08 09:08 105,395 a------- c:\windows\system32\drivers\klin.dat
2009-08-08 09:08 94,643 a------- c:\windows\system32\drivers\klick.dat
2009-07-25 10:34 105,984 ---shr-- c:\windows\system32\nmdfgds1.dll
2009-07-23 06:35 <DIR> --d----- c:\program files\Smart Virus Remover
2009-07-14 02:31 67,072 a------- c:\windows\system\oncrpc.dll
2009-07-14 02:31 894,464 a------- c:\windows\system\MFC40D.DLL
2009-07-14 02:31 666,112 a------- c:\windows\system\MFCO40D.DLL
2009-07-14 02:31 444,928 a------- c:\windows\system\MSVCR40D.DLL
2009-07-14 02:31 306,688 a------- c:\windows\istrings.dll
2009-07-14 02:31 551,424 a------- c:\windows\dbinit.dll
2009-07-14 02:31 409,600 a------- c:\windows\instlib.dll
2009-07-14 01:56 <DIR> --d----- c:\program files\ETK-PriceExport
2009-07-14 01:53 921,872 a------- c:\windows\system\MFC40.DLL
2009-07-14 01:53 326,656 a------- c:\windows\system\Msvcrt40.dll
2009-07-14 01:53 <DIR> --d----- C:\BMW95
2009-07-14 01:52 283,648 a------- c:\windows\uninst.exe
2009-07-14 01:52 <DIR> --d----- c:\documents and settings\user\WINDOWS
2009-07-11 06:42 <DIR> --d----- c:\docume~1\user\applic~1\YoudaGames
2009-07-11 06:42 <DIR> --d----- c:\program files\Youdagames

==================== Find3M ====================

2009-08-04 10:01 105,984 ---shr-- c:\windows\system32\nmdfgds0.dll
2009-07-06 07:30 29,359 a------- c:\windows\hpoins03.dat
2009-07-03 15:48 219,664 a------- c:\windows\system32\klogon.dll
2009-07-03 15:45 27,507 a------- c:\windows\system32\drivers\klopp.dat
2009-07-02 00:32 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-01 07:07 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-07-01 07:07 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-07-01 01:56 315,392 a------- c:\windows\HideWin.exe
2009-06-30 11:00 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-30 02:54 415,586 a------- c:\windows\system32\olhrwef.exe
2009-06-30 02:54 415,586 ---shr-- C:\2nuk.com
2009-06-15 14:01 128,016 a------- c:\windows\system32\drivers\kl1.sys

============= FINISH: 0:20:27.81 ===============

Attached Files


Edited by Ray911, 09 August 2009 - 06:15 AM.

Screw Malware & All Kinds of viruses using OUR BELOVED HJT

BC AdBot (Login to Remove)

 


#2 Ray911

Ray911
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 10 August 2009 - 03:52 PM

it was a case of Win32.sality . solved it by simple system restore a month back
Screw Malware & All Kinds of viruses using OUR BELOVED HJT

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 10 August 2009 - 04:01 PM

Thanks for letting us know Ray911.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users