Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.lechna.H


  • This topic is locked This topic is locked
2 replies to this topic

#1 priz1971

priz1971

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 17 June 2011 - 03:29 AM

Been infected before and removed easily. Now have tried all online options (other than yourselves) and no program has found.

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Priz at 17:27:50 on 2011-06-17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2943.1909 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Wireless Broadband\Wireless Broadband.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
H:\Gamez n Stuff\Saved Games\Important\MFC Mute\MFC-MUTE-INNO-SETUP-FILES\Install Files\fileSharingMUTE-MFC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Priz\Desktop\Defogger.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1605787
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero8\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero8\incd\InCD.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlusUninst_Adobe.exe" /Get1noarp
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{B93F5309-8366-444E-A5E6-00137DAD8092} : NameServer = 211.29.132.12 61.88.88.88
Notify: klogon - c:\windows\system32\klogon.dll
Notify: System Safety Monitor - SSMWinlogonEx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R0 safemon;System Safety Monitor 2.0 Core Engine;c:\windows\system32\drivers\safemon.sys [2008-5-1 147984]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-6-13 565552]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-7-10 53032]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-6-12 35816]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 PPEMSCAN;Protector Plus Email Scan Driver;\??\c:\protector plus\ppemscan.sys --> c:\protector plus\PPEMSCAN.sys [?]
S3 PPFW;Protector Plus FireWall Driver;\??\c:\protector plus\ppfw.sys --> c:\protector plus\PPFW.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2011-6-13 24416]
S3 VBENGNT;VBENGNT;\??\c:\protector plus\vbengnt.sys --> c:\protector plus\VBENGNT.sys [?]
S4 vsdatant;vsdatant;a --> a [?]
.
=============== Created Last 30 ================
.
2011-06-17 05:58:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 21:06:09 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-16 21:06:09 215920 ----a-w- c:\windows\system32\muweb.dll
2011-06-16 21:06:09 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-06-16 15:41:18 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-06-16 15:40:59 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d74e7ee1-411e-4093-bad4-b5f010174f24}\mpengine.dll
2011-06-16 14:17:27 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-16 14:00:34 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-16 10:01:14 -------- d-----w- c:\windows\ServicePackFiles
2011-06-16 04:25:37 -------- d-sh--w- c:\documents and settings\priz\PrivacIE
2011-06-16 04:11:34 -------- d-sh--w- c:\documents and settings\priz\IETldCache
2011-06-16 04:07:52 -------- dc-h--w- c:\windows\ie8
2011-06-16 01:41:45 -------- d-----w- c:\documents and settings\priz\local settings\application data\Ahead
2011-06-16 01:34:49 -------- d-----w- c:\program files\Nero
2011-06-16 01:34:48 -------- d-----w- c:\documents and settings\all users\application data\Nero
2011-06-16 01:33:37 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe
2011-06-16 01:33:37 47616 ----a-w- c:\program files\windows media player\msoobci.dll
2011-06-16 01:33:01 -------- d-----w- c:\windows\RegisteredPackages
2011-06-15 14:13:03 -------- d-sha-r- C:\cmdcons
2011-06-15 13:39:36 98816 ----a-w- c:\windows\sed.exe
2011-06-15 13:39:36 518144 ----a-w- c:\windows\SWREG.exe
2011-06-15 13:39:36 256512 ----a-w- c:\windows\PEV.exe
2011-06-15 13:39:36 208896 ----a-w- c:\windows\MBR.exe
2011-06-15 04:04:09 -------- d-----w- c:\windows\system32\PreInstall
2011-06-15 04:04:08 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-06-15 04:04:07 -------- d--h--w- c:\windows\$hf_mig$
2011-06-15 02:38:14 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-06-15 01:38:46 -------- d-----w- c:\documents and settings\priz\application data\Malwarebytes
2011-06-15 01:38:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-14 03:18:32 -------- d-----w- c:\documents and settings\priz\application data\RegistryKeys
2011-06-14 03:07:07 -------- d-----w- c:\documents and settings\all users\application data\FileCure
2011-06-14 03:07:06 -------- d-----w- c:\program files\ParetoLogic
2011-06-14 02:54:59 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-06-14 02:54:59 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-06-14 02:53:58 -------- d-----w- c:\program files\Kaspersky Lab
2011-06-14 02:53:58 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2011-06-14 00:48:41 -------- d-----w- c:\program files\System Safety Monitor
2011-06-13 21:40:14 -------- d-----w- c:\program files\Norton AntiVirus
2011-06-13 20:35:42 -------- d-sh--w- c:\documents and settings\priz\UserData
2011-06-13 18:41:16 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-06-13 18:26:21 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-13 18:21:11 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2011-06-13 16:33:16 -------- d-----w- c:\documents and settings\priz\local settings\application data\uTorrentBar
2011-06-13 16:33:07 -------- d-----w- c:\program files\uTorrent Ultra Accelerator
2011-06-13 16:08:36 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2011-06-13 01:37:31 41648 ----a-w- c:\windows\_SETUPD_.EXE
2011-06-12 22:04:32 -------- d-----w- c:\documents and settings\priz\local settings\application data\Symantec
2011-06-12 22:03:34 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2011-06-12 22:03:27 -------- d-----w- c:\program files\Symantec
2011-06-12 22:03:27 -------- d-----w- c:\program files\common files\Symantec Shared
2011-06-12 22:03:27 -------- d-----w- c:\documents and settings\all users\application data\Symantec
2011-06-12 19:46:47 -------- d-----w- c:\program files\CCleaner
2011-06-12 19:03:20 37600 ----a-w- c:\windows\system32\Partizan.exe
2011-06-12 19:03:20 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2011-06-12 18:56:55 2 --shatr- c:\windows\winstart.bat
2011-06-12 18:56:26 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2011-06-12 18:56:21 -------- d-----w- c:\program files\UnHackMe
2011-06-12 17:31:12 -------- d-----w- c:\documents and settings\priz\local settings\application data\Conduit
2011-06-12 17:31:08 -------- d-----w- c:\documents and settings\priz\local settings\application data\Temp
2011-06-12 17:29:50 -------- d-----w- c:\program files\PeerGuardian2
2011-06-12 17:29:03 -------- d-----w- c:\program files\uTorrent
2011-06-12 17:28:48 -------- d-----w- c:\documents and settings\priz\application data\uTorrent
2011-06-12 00:08:58 -------- d-----w- c:\program files\VideoLAN
2011-06-11 17:02:31 -------- d-----w- c:\program files\Sunbelt Software
2011-06-11 16:50:32 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-06-11 16:50:32 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-06-11 16:50:32 102528 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-06-11 16:50:32 100480 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-06-11 16:50:27 -------- d-----w- c:\program files\Wireless Broadband
2011-06-11 16:50:06 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-06-11 16:24:31 -------- d-s---w- c:\windows\system32\Microsoft
.
==================== Find3M ====================
.
2011-04-25 06:13:10 229776 ----a-w- c:\windows\system32\klogon.dll
.
============= FINISH: 17:28:25.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:12 PM

Posted 23 June 2011 - 08:15 AM

Hello priz1971 and welcome to BC. :)

Sorry about the delay, do you still need help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:12 PM

Posted 29 June 2011 - 09:15 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users