Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista 32 Bit On Dell Possible Java Infection [Computer 2]


  • This topic is locked This topic is locked
3 replies to this topic

#1 geezor

geezor

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 21 April 2011 - 05:43 PM

The computer is a Dell Inspiron 1525 with Vista Home Basic 32 Bit Sp2 Intel Celeron CPu 550 @ 2.00 GHZ, 1 gig Ram Mobile Intel 965 Chipset Family

My friend's computer was slow so I tried to do as much as I could to help it. I updated their service packs 1 and 2. I updated their Java. They had Utorrent on it so I uninstalled that. I got them using Firefox. I ran a Malwarebytes scan. I also used Ccleaner. I also ran Kaspersky scan.


The computer is still incredibly slow to open files and I'm scared it has been infected since it was vulnerable for many years.

Any help would be appreciated.



.
DDS (Ver_11-03-05.01) - NTFSx86
Run by natasha at 14:49:56.27 on 21/04/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.1013.133 [GMT -4:00]
.
AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Users\natasha.natasha-PC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky pure\ievkbd.dll
BHO: Surf Canyon Search Engine Assistant: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - c:\program files\surf canyon\surfcanyon.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure\avp.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\natash~1.nat\appdata\roaming\mozilla\firefox\profiles\j7ymvc62.default\
FF - prefs.js: browser.startup.homepage - google.ca
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2011-4-20 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2011-4-20 39352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-8-25 73728]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\common files\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-25 111616]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S2 AVP;Kaspersky PURE;c:\program files\kaspersky lab\kaspersky pure\avp.exe [2010-10-1 348760]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-3 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-20 38224]
.
=============== Created Last 30 ================
.
2011-04-21 18:23:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-21 17:26:22 -------- d-----w- c:\windows\system32\eu-ES
2011-04-21 17:26:22 -------- d-----w- c:\windows\system32\ca-ES
2011-04-21 17:26:20 -------- d-----w- c:\windows\system32\vi-VN
2011-04-21 17:22:05 -------- d-----w- c:\windows\system32\SPReview
2011-04-21 17:03:12 928768 ----a-w- c:\windows\system32\scavenge.dll
2011-04-21 17:03:03 57856 ----a-w- c:\windows\system32\compcln.exe
2011-04-21 16:57:59 550400 ----a-w- c:\windows\system32\rpcss.dll
2011-04-21 16:56:58 85504 ----a-w- c:\windows\system32\msctfui.dll
2011-04-21 16:55:59 389632 ----a-w- c:\windows\system32\sysmon.ocx
2011-04-21 16:51:16 -------- d-----w- c:\windows\system32\EventProviders
2011-04-21 01:07:12 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2011-04-21 01:03:12 -------- d-----w- c:\program files\CCleaner
2011-04-21 00:53:28 -------- d-----w- c:\users\natasha.natasha-pc\dwhelper
2011-04-20 23:39:32 -------- d-----w- c:\users\natash~1.nat\appdata\roaming\Malwarebytes
2011-04-20 23:39:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-20 23:38:57 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-20 23:38:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 23:38:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-20 23:08:16 -------- d-----w- C:\PerfLogs
2011-04-20 22:28:15 162392 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-04-20 22:28:02 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-04-20 22:28:02 115267 ----a-w- c:\windows\system32\drivers\klin.dat
2011-04-20 22:27:21 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-04-20 22:27:21 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-04-20 22:25:24 -------- d-----w- c:\program files\common files\InfoWatch
2011-04-20 22:25:16 -------- d-----w- c:\program files\Kaspersky Lab
2011-04-20 22:25:15 -------- d-----w- c:\progra~2\Kaspersky Lab
2011-04-19 05:46:21 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3d71ff9b-63af-4bba-a057-0adc562c6a82}\mpengine.dll
2011-04-18 01:26:22 53248 ----a-w- c:\windows\system32\PNPXAssocPrx.dll
2011-04-18 01:26:11 2585088 ----a-w- c:\windows\system32\FirewallControlPanel.exe
2011-04-18 01:26:11 2249216 ----a-w- c:\windows\system32\Firewall.cpl
2011-04-18 01:26:11 17920 ----a-w- c:\windows\system32\wfapigp.dll
2011-04-18 01:26:10 87552 ----a-w- c:\windows\system32\icfupgd.dll
2011-04-18 01:26:10 64000 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2011-04-18 01:26:10 403968 ----a-w- c:\windows\system32\FirewallAPI.dll
2011-04-18 01:26:09 54272 ----a-w- c:\windows\system32\fwcfg.dll
2011-04-18 01:26:09 251904 ----a-w- c:\windows\system32\authfwcfg.dll
2011-04-18 01:26:08 4595712 ----a-w- c:\windows\system32\AuthFWSnapin.dll
2011-04-18 01:26:07 509952 ----a-w- c:\windows\system32\AuthFWGP.dll
2011-04-18 01:24:59 758784 ----a-w- c:\windows\system32\WMADMOD.DLL
2011-04-18 01:23:59 47104 ----a-w- c:\windows\system32\cfgbkend.dll
2011-04-18 01:22:59 58880 ----a-w- c:\windows\system32\dfrgifc.exe
2011-04-18 01:21:38 68096 ----a-w- c:\windows\system32\KMSVC.DLL
2011-04-18 01:20:59 688128 ----a-w- c:\program files\common files\system\ole db\oledb32.dll
2011-04-18 01:18:57 134656 ----a-w- c:\windows\system32\dps.dll
2011-04-18 01:17:54 52792 ----a-w- c:\windows\system32\drivers\volmgr.sys
2011-04-18 01:17:53 31288 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-04-18 01:17:53 15288 ----a-w- c:\windows\system32\drivers\swenum.sys
2011-04-18 01:17:52 16440 ----a-w- c:\windows\system32\drivers\msisadrv.sys
2011-04-18 01:17:50 35384 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2011-04-18 01:17:49 74240 ----a-w- c:\windows\system32\IPBusEnum.dll
2011-04-18 01:17:48 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2011-04-18 01:17:45 69120 ----a-w- c:\windows\system32\GuidedHelp.dll
2011-04-18 01:17:44 13312 ----a-w- c:\windows\system32\fdPHost.dll
2011-04-18 01:17:38 616448 ----a-w- c:\windows\system32\dsuiext.dll
2011-04-18 01:17:09 41472 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-04-18 01:16:54 28216 ----a-w- c:\windows\system32\drivers\battc.sys
2011-04-18 01:16:54 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2011-04-18 01:16:50 81408 ----a-w- c:\windows\system32\ACW.exe
2011-04-18 01:16:49 20792 ----a-w- c:\windows\system32\drivers\compbatt.sys
2011-04-18 01:16:49 1405952 ----a-w- c:\windows\system32\ActiveContentWizard.dll
2011-04-18 01:16:49 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2011-04-18 01:16:36 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys
2011-04-13 01:27:13 -------- d-----w- c:\users\natash~1.nat\appdata\roaming\AVS4YOU
2011-04-13 01:24:49 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-04-13 01:24:48 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-04-13 01:24:25 -------- d-----w- c:\program files\common files\AVSMedia
2011-04-13 01:23:43 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-04-13 01:23:43 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-04-13 01:23:43 -------- d-----w- c:\program files\AVS4YOU
2011-04-13 01:23:43 -------- d-----w- c:\progra~2\AVS4YOU
2011-04-11 14:52:16 -------- d-----w- c:\users\natash~1.nat\appdata\local\Apple Computer
2011-04-11 14:51:34 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-04-11 14:51:33 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-11 14:50:05 -------- d-----w- c:\program files\iPod
2011-04-11 14:49:54 -------- d-----w- c:\program files\iTunes
2011-04-11 14:49:54 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-11 14:42:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-04-11 14:42:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-04-11 14:42:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-04-11 14:42:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-04-11 14:42:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-04-11 14:42:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-04-11 14:42:32 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-04-11 14:40:08 -------- d-----w- c:\users\natash~1.nat\appdata\local\Apple
2011-04-11 14:34:44 -------- d-----w- c:\program files\Bonjour
2011-04-10 02:52:08 -------- d--h--w- c:\windows\msdownld.tmp
.
==================== Find3M ====================
.
2011-04-20 22:42:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-04-20 22:42:20 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 14:51:31.92 ===============




GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-21 15:32:47
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BB2O
Running: gmer.exe; Driver: C:\Users\NATASH~1.NAT\AppData\Local\Temp\fwliyfow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8AE27BDC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8AE29538]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8AE2978E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8AE29A08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8AE2845C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8AE28B3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8AE28F48]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8AE28604]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8AE28E20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8AE277E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8AE28CDC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8AE2799E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8AE2907A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8AE2ACBC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8AE280FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8AE28D7E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8AE2A6AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8AE2B67E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8AE2875E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8AE2A740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8AE2AD70]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8AE28FEA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8AE284DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8AE28EB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8AE27DE2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8AE2ACE6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8AE2911C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8AE27D06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8AE29C4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8AE2B088]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8AE2A9D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8AE294A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8AE2936C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8AE2A44E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8AE2B560]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8AE28878]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8AE28318]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8AE29CFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8AE2A83A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8AE2B1C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8AE2B2AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8AE2B3D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8AE2A5DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8AE27F5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8AE27EB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8AE2AF3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8AE2803A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8AE281FA]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 119 81AF287C 4 Bytes [DC, 7B, E2, 8A]
.text ntkrnlpa.exe!KeSetEvent + 13D 81AF28A0 8 Bytes [38, 95, E2, 8A, 8E, 97, E2, ...] {CMP [EBP-0x6871751e], DL; LOOP 0xffffffffffffff92}
.text ntkrnlpa.exe!KeSetEvent + 181 81AF28E4 4 Bytes [08, 9A, E2, 8A]
.text ntkrnlpa.exe!KeSetEvent + 1A9 81AF290C 4 Bytes [5C, 84, E2, 8A]
.text ntkrnlpa.exe!KeSetEvent + 1C1 81AF2924 4 Bytes [3E, 8B, E2, 8A]
.text ...
? C:\Users\NATASH~1.NAT\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Edited by geezor, 21 April 2011 - 05:45 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:24 AM

Posted 30 April 2011 - 06:30 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 geezor

geezor
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 01 May 2011 - 03:44 AM

We're just going to format the computer. Thanks.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:24 AM

Posted 01 May 2011 - 04:11 PM

Thanks for letting me know :thumbup2:

-----------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users