Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware on XP Pro Machine


  • This topic is locked This topic is locked
22 replies to this topic

#1 altenuta

altenuta

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 AM

Posted 04 November 2011 - 01:07 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic425103.html ~ OB

Running on Optiplex E521. I initially ran SAS, GMER and MWB. I took the drive out of the machine and ran all in safe mode on another PC with help from the Shooter93. It fixed many issues but many problems still exist. I have no system restore. the optical drive doesn't show up, IE doesn't work, and I can't install Oct Malitious SW update among other things. I can only work on this machine on fridays as the person is off on that day. One thing that was fixed is I am now able to reinstall MS Security Essentials which wouldn't work. It found and removed 4 trojans: sirefef.B (2 instances), hiloti.f, serefef.0.

I will post all logs I have so far. Gmer is running so will post it when it finishes.

Thanks in advance for your help.

Al

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by bernie at 9:55:49 on 2011-11-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.480 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PNP4\pnplus4.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Documents and Settings\bernie\Local Settings\Temp\install_flashplayer11x32_mssa_aih.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Documents and Settings\bernie\My Documents\Downloads\SecurityCheck.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uDefault_Page_URL = hxxp://smbusiness.dellnet.com/
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - Updater For Simppull Toolbar
BHO: Freecause Shopping BHO: {d071359c-30ad-4645-9b78-7a3283571f25} - Shop to Win
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\bernie\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [BuildBU] c:\dell\bldbubg.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVMV0gtR0JZUzQtOU5USEQtUUE3WEQtQzJRSEgtTkZGS0o"&"inst=NzctNzkwMzIzNTgyLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzEtU1QxMkZBUFArMS1TVDEyRk9JKzE"&"prod=90"&"ver=2012.0.1831"&"mid=0bfd7d8c2be847d1b74fd151cd960de0-fb03e70ffa3e64ce7e29dec76efe78b6897b3111
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pinkno~1.lnk - c:\program files\pnp4\pnplus4.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pinkno~2.lnk - c:\program files\pnp4\pnplus4.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {946B3E9E-E21A-49c8-9F63-900533FAFE14} - {454b4812-e572-4703-a1bb-63490809eac0}
IE: {E77EDA01-3C56-4a96-8D08-02B42891C169} - {580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3DFD2B52-C6E9-11D4-8226-005004F658FC} - hxxp://192.168.0.3/ilccrm/Plugin/eWarePluginX.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178924796072
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D35A424F-7331-40EE-9AD4-066E93BEF635} - hxxp://192.168.0.3/ilccrm/Plugin/crmoutlookplugininitial.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{BA640689-723B-4990-980B-CCE26003B806} : DhcpNameServer = 192.168.0.1
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: cru629.dat
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Notification Packages = scecli DLB320.dll
Hosts: 0.0.0.0 123spywar.com
Hosts: 0.0.0.0 www.123spywar.com
Hosts: 0.0.0.0 1clickspyclean.com
Hosts: 0.0.0.0 www.1clickspyclean.com
Hosts: 0.0.0.0 1clicksuite.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bernie\application data\mozilla\firefox\profiles\isq54gf4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\bernie\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-10-17 565552]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsla9942831;MpKsla9942831;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2774934a-fcd8-425f-a3dd-b1c24422592d}\MpKsla9942831.sys [2011-11-3 28752]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S1 MpKsl0530e2f4;MpKsl0530e2f4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17931da0-a1db-4f70-90ff-e580e678cd00}\mpksl0530e2f4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17931da0-a1db-4f70-90ff-e580e678cd00}\MpKsl0530e2f4.sys [?]
S1 MpKsl169b603b;MpKsl169b603b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24d53884-4d34-4396-acf0-0bfe6826e215}\mpksl169b603b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24d53884-4d34-4396-acf0-0bfe6826e215}\MpKsl169b603b.sys [?]
S1 MpKsl1b0b9548;MpKsl1b0b9548;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{558aa36f-7c30-4b1a-9ce3-7b1bea4bf6e6}\mpksl1b0b9548.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{558aa36f-7c30-4b1a-9ce3-7b1bea4bf6e6}\MpKsl1b0b9548.sys [?]
S1 MpKsl401ade5d;MpKsl401ade5d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c475ffc-72aa-47b4-94b4-073610af734b}\mpksl401ade5d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c475ffc-72aa-47b4-94b4-073610af734b}\MpKsl401ade5d.sys [?]
S1 MpKsl43d08164;MpKsl43d08164;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17931da0-a1db-4f70-90ff-e580e678cd00}\mpksl43d08164.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17931da0-a1db-4f70-90ff-e580e678cd00}\MpKsl43d08164.sys [?]
S1 MpKsl464b09a1;MpKsl464b09a1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f21b2d8-933d-4ea0-9a50-8e7c3d6a3f17}\mpksl464b09a1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f21b2d8-933d-4ea0-9a50-8e7c3d6a3f17}\MpKsl464b09a1.sys [?]
S1 MpKsl49bb8a19;MpKsl49bb8a19;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{15ca3588-1341-41aa-a0fb-28d61aa8a96d}\mpksl49bb8a19.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{15ca3588-1341-41aa-a0fb-28d61aa8a96d}\MpKsl49bb8a19.sys [?]
S1 MpKsl5ba41d2a;MpKsl5ba41d2a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1e805e2-587e-4219-8f22-5318d144280b}\mpksl5ba41d2a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1e805e2-587e-4219-8f22-5318d144280b}\MpKsl5ba41d2a.sys [?]
S1 MpKsl7cee1b01;MpKsl7cee1b01;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba3d68f7-4015-4f74-aec1-7f21ade5c85e}\mpksl7cee1b01.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba3d68f7-4015-4f74-aec1-7f21ade5c85e}\MpKsl7cee1b01.sys [?]
S1 MpKsl7ebf17a4;MpKsl7ebf17a4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f3ea0c77-57c3-4b43-a1aa-21ac5b4927ca}\mpksl7ebf17a4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f3ea0c77-57c3-4b43-a1aa-21ac5b4927ca}\MpKsl7ebf17a4.sys [?]
S1 MpKsl93751046;MpKsl93751046;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{118103f3-004a-41f4-9991-071c50879d90}\mpksl93751046.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{118103f3-004a-41f4-9991-071c50879d90}\MpKsl93751046.sys [?]
S1 MpKsl94cacf36;MpKsl94cacf36;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{84ec37b8-cd21-49c5-b8f3-0814aebac5cf}\mpksl94cacf36.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{84ec37b8-cd21-49c5-b8f3-0814aebac5cf}\MpKsl94cacf36.sys [?]
S1 MpKslad023713;MpKslad023713;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{92f419d1-5323-4164-8dd4-dcfc83da1a1c}\mpkslad023713.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{92f419d1-5323-4164-8dd4-dcfc83da1a1c}\MpKslad023713.sys [?]
S1 MpKslf67385c3;MpKslf67385c3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d9f9dae5-82ea-4889-940b-8b3c5762a21d}\mpkslf67385c3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d9f9dae5-82ea-4889-940b-8b3c5762a21d}\MpKslf67385c3.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispywares\sasdifsv.sys --> c:\program files\superantispywares\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispywares\saskutil.sys --> c:\program files\superantispywares\SASKUTIL.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-10-14 27064]
S3 SASENUM;SASENUM;\??\c:\program files\superantispywares\sasenum.sys --> c:\program files\superantispywares\SASENUM.SYS [?]
.
=============== File Associations ===============
.
scrfile="%1" %*
.
=============== Created Last 30 ================
.
2011-11-03 23:12:24 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2774934a-fcd8-425f-a3dd-b1c24422592d}\MpKsla9942831.sys
2011-11-03 23:12:03 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2774934a-fcd8-425f-a3dd-b1c24422592d}\offreg.dll
2011-11-03 23:11:59 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2774934a-fcd8-425f-a3dd-b1c24422592d}\mpengine.dll
2011-11-03 00:00:13 -------- d-----w- c:\documents and settings\bernie\local settings\application data\Solid State Networks
2011-10-28 21:09:09 -------- d-----w- c:\documents and settings\bernie\local settings\application data\PNP4
2011-10-28 21:05:25 340552 ----a-w- c:\windows\system32\cswskax5.ocx
2011-10-28 16:05:46 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-28 16:02:36 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-21 22:34:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-21 20:31:57 -------- d-----w- c:\windows\system32\NtmsData
2011-10-21 17:13:19 -------- d-----w- c:\program files\Trend Micro
2011-10-21 17:08:23 102800 ------w- c:\windows\system32\drivers\tmcomm.sys
2011-10-21 17:00:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-21 14:50:01 -------- d--h--w- c:\windows\PIF
2011-10-18 22:25:14 -------- d-----w- c:\documents and settings\bernie\application data\Systweak
2011-10-18 22:25:12 17280 ------w- c:\windows\system32\roboot.exe
2011-10-18 22:10:46 -------- d-----w- c:\documents and settings\bernie\application data\AVG
2011-10-18 17:27:56 -------- d-----w- c:\documents and settings\all users\application data\WinMaximizer
2011-10-18 15:28:27 -------- d-----w- c:\documents and settings\bernie\application data\ParetoLogic
2011-10-18 15:28:27 -------- d-----w- c:\documents and settings\bernie\application data\DriverCure
2011-10-18 15:28:02 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2011-10-18 15:18:20 -------- d-----w- c:\documents and settings\bernie\application data\FixCleaner
2011-10-18 15:18:10 -------- d-----w- c:\program files\FixCleaner
2011-10-17 19:33:37 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2011-10-17 17:45:45 97859 ------w- c:\windows\system32\drivers\klick.dat
2011-10-17 17:45:45 115369 ------w- c:\windows\system32\drivers\klin.dat
2011-10-14 20:07:30 -------- d-----w- c:\documents and settings\bernie\local settings\application data\VS Revo Group
2011-10-14 20:07:24 27064 ------w- c:\windows\system32\drivers\revoflt.sys
2011-10-14 20:07:22 -------- d-----w- c:\program files\VS Revo Group
2011-10-13 20:27:20 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-10-13 20:22:59 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-10-13 16:09:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-13 16:09:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-13 16:08:57 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-10-13 16:08:56 -------- d-----w- C:\70054cb1c8db71cf15
2011-10-13 16:05:58 -------- d-----w- c:\documents and settings\bernie\application data\WeatherBug
.
==================== Find3M ====================
.
2011-09-26 18:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 06:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2008-03-10 15:29:53 19300 ------w- c:\program files\common files\fypevurova.exe
2008-03-10 15:29:53 16072 ------w- c:\program files\common files\yvedily.bin
2008-03-07 17:49:14 15669 ------w- c:\program files\common files\edunida.sys
2008-03-07 17:49:14 14619 ------w- c:\program files\common files\vufajyc.vbs
2008-03-07 17:49:14 13866 ------w- c:\program files\common files\egucazipe.bin
2008-03-06 18:25:08 18166 ------w- c:\program files\common files\qejokah.exe
2008-03-06 17:44:08 13431 ------w- c:\program files\common files\otekewudeb.bat
1998-04-27 02:00:00 570128 ------w- c:\program files\common files\DAO350.DLL
.
============= FINISH: 9:56:10.51 ===============

Attached Files


Edited by Orange Blossom, 04 November 2011 - 03:23 PM.


BC AdBot (Login to Remove)

 


#2 altenuta

altenuta
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 AM

Posted 04 November 2011 - 04:46 PM

It took a long time to run gmer. I am now going to attach the file.

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:11 AM

Posted 05 November 2011 - 09:07 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 altenuta

altenuta
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 AM

Posted 06 November 2011 - 03:04 PM

Attached File  ComboFix.txt   25.97KB   4 downloads

I just ran combofix from this thread. http://www.bleepingcomputer.com/forums/topic426328.html/page__gopid__2463800#entry2463800

I had to restart about 3 imes during the process. Hope the log is complete.

Thanks,
Al

Edited by Orange Blossom, 06 November 2011 - 05:33 PM.
Revealed link. ~ OB


#5 altenuta

altenuta
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 AM

Posted 06 November 2011 - 03:06 PM

BTW: I won't be able to go further with this until Friday because its an employees machine and that's their day off.

Al

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:11 AM

Posted 06 November 2011 - 05:36 PM

Hello altenuta,

I have merged your new topic to your previously existing topic on the same issue. Please keep all posts regarding this issue to this topic by using the Add Reply button found near the bottom of the topic. Starting new topics confuses things for everyone and delays the assistance you receive.

Back you Gringo,

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:11 AM

Posted 06 November 2011 - 09:57 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\program files\Common Files\fypevurova.exe
c:\program files\Common Files\yvedily.bin
c:\program files\Common Files\edunida.sys
c:\program files\Common Files\vufajyc.vbs
c:\program files\Common Files\egucazipe.bin
c:\program files\Common Files\qejokah.exe
c:\program files\Common Files\otekewudeb.bat

FCopy::
c:\windows\system32\dllcache\beep.sys | c:\windows\System32\drivers\beep.sys


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:11 AM

Posted 09 November 2011 - 09:56 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 altenuta

altenuta
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 AM

Posted 09 November 2011 - 12:22 PM

please bump me up. I will not be able to get back to this computer til friday.

Al

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:11 AM

Posted 09 November 2011 - 02:45 PM

:busy: 11-12
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 altenuta

altenuta
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 AM

Posted 09 November 2011 - 03:27 PM

thanks

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:11 AM

Posted 10 November 2011 - 10:23 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 altenuta

altenuta
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 AM

Posted 11 November 2011 - 12:06 PM

I am just beginning the scan. I will post ASAP

Thanks,
Al

#14 altenuta

altenuta
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 AM

Posted 11 November 2011 - 12:35 PM

Here is the latest Combofix log. I noticed that a lot of my services are back such as Sysem Restore and Search. What I am still lacking is that the optical drive does not show up in My Computer. I didn't have to restart but I got a Msg that Combofix is outdated and gave me the choice to quit or run in limited mode or something like that. Do I need to reload combofix and scan again?

ComboFix 11-11-06.02 - bernie 11/11/2011 9:08.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.548 [GMT -8:00]
Running from: c:\documents and settings\bernie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\bernie\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
- REDUCED FUNCTIONALITY MODE -
.
FILE ::
"c:\program files\Common Files\edunida.sys"
"c:\program files\Common Files\egucazipe.bin"
"c:\program files\Common Files\fypevurova.exe"
"c:\program files\Common Files\otekewudeb.bat"
"c:\program files\Common Files\qejokah.exe"
"c:\program files\Common Files\vufajyc.vbs"
"c:\program files\Common Files\yvedily.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\edunida.sys
c:\program files\Common Files\egucazipe.bin
c:\program files\Common Files\fypevurova.exe
c:\program files\Common Files\otekewudeb.bat
c:\program files\Common Files\qejokah.exe
c:\program files\Common Files\vufajyc.vbs
c:\program files\Common Files\yvedily.bin
c:\windows\dasetup.log
c:\windows\system32\drivers\hosts
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\beep.sys --> c:\windows\System32\drivers\beep.sys
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 17:07 . 2004-08-04 10:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2011-11-11 17:07 . 2004-08-04 10:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2011-11-11 02:19 . 2011-11-11 02:19 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37B09A59-0C5B-46DC-A716-91B0AFC5C3A6}\MpKsl3f92f902.sys
2011-11-11 02:18 . 2011-11-11 02:18 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37B09A59-0C5B-46DC-A716-91B0AFC5C3A6}\offreg.dll
2011-11-11 02:18 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37B09A59-0C5B-46DC-A716-91B0AFC5C3A6}\mpengine.dll
2011-11-08 00:05 . 2011-11-09 15:41 -------- d-----w- c:\windows\LastGood
2011-11-03 00:00 . 2011-11-03 00:00 -------- d-----w- c:\documents and settings\bernie\Local Settings\Application Data\Solid State Networks
2011-11-02 21:14 . 2011-11-02 21:14 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-10-28 21:09 . 2011-10-28 21:16 -------- d-----w- c:\documents and settings\bernie\Local Settings\Application Data\PNP4
2011-10-28 21:05 . 2008-01-29 11:06 340552 ------w- c:\windows\system32\cswskax5.ocx
2011-10-28 16:05 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-28 16:02 . 2011-10-28 16:02 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-28 15:50 . 2011-10-28 15:50 -------- d-----w- c:\documents and settings\bernie\Local Settings\Application Data\Mozilla
2011-10-21 22:34 . 2011-10-21 22:34 41272 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-21 20:31 . 2011-11-11 00:33 -------- d-----w- c:\windows\system32\NtmsData
2011-10-21 17:13 . 2011-10-21 17:13 388096 ------r- c:\documents and settings\administrator.INTERSTATE-LABE.000\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-21 17:13 . 2011-10-21 22:45 -------- d-----w- c:\program files\Trend Micro
2011-10-21 17:08 . 2011-10-21 17:08 102800 ------w- c:\windows\system32\drivers\tmcomm.sys
2011-10-21 17:00 . 2011-10-21 22:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-21 14:50 . 2011-10-21 14:50 -------- d--h--w- c:\windows\PIF
2011-10-18 22:25 . 2011-10-21 14:56 -------- d-----w- c:\documents and settings\bernie\Application Data\Systweak
2011-10-18 22:25 . 2011-09-30 22:37 17280 ------w- c:\windows\system32\roboot.exe
2011-10-18 22:10 . 2011-10-18 22:11 -------- d-----w- c:\documents and settings\bernie\Application Data\AVG
2011-10-18 17:27 . 2011-10-18 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\WinMaximizer
2011-10-18 15:28 . 2011-10-18 15:28 -------- d-----w- c:\documents and settings\bernie\Application Data\ParetoLogic
2011-10-18 15:28 . 2011-10-18 15:28 -------- d-----w- c:\documents and settings\bernie\Application Data\DriverCure
2011-10-18 15:28 . 2011-10-18 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-10-18 15:18 . 2011-10-18 15:19 -------- d-----w- c:\documents and settings\bernie\Application Data\FixCleaner
2011-10-18 15:18 . 2011-10-18 19:46 -------- d-----w- c:\program files\FixCleaner
2011-10-17 22:25 . 2011-10-18 19:44 -------- d-----w- c:\program files\Windows Defender
2011-10-17 19:33 . 2011-10-17 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2011-10-17 17:45 . 2011-10-17 17:45 97859 ------w- c:\windows\system32\drivers\klick.dat
2011-10-17 17:45 . 2011-10-17 17:45 115369 ------w- c:\windows\system32\drivers\klin.dat
2011-10-14 23:24 . 2011-10-14 23:24 -------- d-----w- c:\documents and settings\administrator.INTERSTATE-LABE.000\Local Settings\Application Data\PackageAware
2011-10-14 21:54 . 2011-10-14 21:54 -------- d-----w- c:\documents and settings\administrator.INTERSTATE-LABE.000\Local Settings\Application Data\VS Revo Group
2011-10-14 20:07 . 2011-10-14 20:07 -------- d-----w- c:\documents and settings\bernie\Local Settings\Application Data\VS Revo Group
2011-10-14 20:07 . 2009-12-30 18:20 27064 ------w- c:\windows\system32\drivers\revoflt.sys
2011-10-14 20:07 . 2011-10-14 20:07 -------- d-----w- c:\program files\VS Revo Group
2011-10-13 20:27 . 2011-10-17 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-10-13 20:22 . 2011-10-17 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-13 16:09 . 2011-10-13 16:09 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-13 16:08 . 2011-10-13 16:34 -------- d-----w- c:\documents and settings\administrator.INTERSTATE-LABE.000\Application Data\Apple Computer
2011-10-13 16:08 . 2011-10-13 16:08 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-10-13 16:08 . 2011-10-13 16:08 -------- d-----w- C:\70054cb1c8db71cf15
2011-10-13 16:05 . 2011-10-13 16:05 -------- d-----w- c:\documents and settings\bernie\Application Data\WeatherBug
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 18:41 . 2008-07-30 02:59 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-11 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-11 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-22 18:12 . 2011-09-22 18:12 18944 ------r- c:\documents and settings\bernie\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-09-09 09:12 . 2004-08-11 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-11 23:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 06:05 . 2011-08-31 06:05 83816 ------w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ------w- c:\windows\system32\dnssd.dll
2011-08-31 06:05 . 2011-08-31 06:05 50536 ------w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05 . 2011-08-31 06:05 178536 ------w- c:\windows\system32\dnssdX.dll
2011-08-22 23:48 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-11 23:00 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-11 23:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
1998-04-27 02:00 . 2005-08-04 22:52 570128 ------w- c:\program files\Common Files\DAO350.DLL
2011-09-29 06:53 . 2011-10-28 15:50 134104 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2010-02-18 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2008-03-07 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-03-07 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-03-07 81920]
"BuildBU"="c:\dell\bldbubg.exe" [2008-03-07 61440]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVMV0gtR0JZUzQtOU5USEQtUUE3WEQtQzJRSEgtTkZGS0o&inst=NzctNzkwMzIzNTgyLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzEtU1QxMkZBUFArMS1TVDEyRk9JKzE&prod=90&ver=2012.0.1831&mid=0bfd7d8c2be847d1b74fd151cd960de0-fb03e70ffa3e64ce7e29dec76efe78b6897b3111" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\OFFICE11\OSA.EXE [2007-3-22 99672]
Pink Notes Plus v4.lnk - c:\program files\PNP4\pnplus4.exe [2005-10-27 634904]
PinkNotes Plus v4.lnk - c:\program files\PNP4\pnplus4.exe [2005-10-27 634904]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\PNP4\\pnplus4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [3/4/2011 12:23 PM 11352]
R1 MpKsl3f92f902;MpKsl3f92f902;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37B09A59-0C5B-46DC-A716-91B0AFC5C3A6}\MpKsl3f92f902.sys [11/10/2011 6:19 PM 28752]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/10/2011 5:34 PM 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 7:27 PM 19472]
S1 MpKsl0530e2f4;MpKsl0530e2f4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17931DA0-A1DB-4F70-90FF-E580E678CD00}\MpKsl0530e2f4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17931DA0-A1DB-4F70-90FF-E580E678CD00}\MpKsl0530e2f4.sys [?]
S1 MpKsl169b603b;MpKsl169b603b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24D53884-4D34-4396-ACF0-0BFE6826E215}\MpKsl169b603b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24D53884-4D34-4396-ACF0-0BFE6826E215}\MpKsl169b603b.sys [?]
S1 MpKsl1b0b9548;MpKsl1b0b9548;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{558AA36F-7C30-4B1A-9CE3-7B1BEA4BF6E6}\MpKsl1b0b9548.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{558AA36F-7C30-4B1A-9CE3-7B1BEA4BF6E6}\MpKsl1b0b9548.sys [?]
S1 MpKsl401ade5d;MpKsl401ade5d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C475FFC-72AA-47B4-94B4-073610AF734B}\MpKsl401ade5d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C475FFC-72AA-47B4-94B4-073610AF734B}\MpKsl401ade5d.sys [?]
S1 MpKsl43d08164;MpKsl43d08164;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17931DA0-A1DB-4F70-90FF-E580E678CD00}\MpKsl43d08164.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17931DA0-A1DB-4F70-90FF-E580E678CD00}\MpKsl43d08164.sys [?]
S1 MpKsl464b09a1;MpKsl464b09a1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F21B2D8-933D-4EA0-9A50-8E7C3D6A3F17}\MpKsl464b09a1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F21B2D8-933D-4EA0-9A50-8E7C3D6A3F17}\MpKsl464b09a1.sys [?]
S1 MpKsl49bb8a19;MpKsl49bb8a19;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15CA3588-1341-41AA-A0FB-28D61AA8A96D}\MpKsl49bb8a19.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15CA3588-1341-41AA-A0FB-28D61AA8A96D}\MpKsl49bb8a19.sys [?]
S1 MpKsl5ba41d2a;MpKsl5ba41d2a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1E805E2-587E-4219-8F22-5318D144280B}\MpKsl5ba41d2a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1E805E2-587E-4219-8F22-5318D144280B}\MpKsl5ba41d2a.sys [?]
S1 MpKsl7cee1b01;MpKsl7cee1b01;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA3D68F7-4015-4F74-AEC1-7F21ADE5C85E}\MpKsl7cee1b01.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA3D68F7-4015-4F74-AEC1-7F21ADE5C85E}\MpKsl7cee1b01.sys [?]
S1 MpKsl7ebf17a4;MpKsl7ebf17a4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F3EA0C77-57C3-4B43-A1AA-21AC5B4927CA}\MpKsl7ebf17a4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F3EA0C77-57C3-4B43-A1AA-21AC5B4927CA}\MpKsl7ebf17a4.sys [?]
S1 MpKsl93751046;MpKsl93751046;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{118103F3-004A-41F4-9991-071C50879D90}\MpKsl93751046.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{118103F3-004A-41F4-9991-071C50879D90}\MpKsl93751046.sys [?]
S1 MpKsl94cacf36;MpKsl94cacf36;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{84EC37B8-CD21-49C5-B8F3-0814AEBAC5CF}\MpKsl94cacf36.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{84EC37B8-CD21-49C5-B8F3-0814AEBAC5CF}\MpKsl94cacf36.sys [?]
S1 MpKsla9942831;MpKsla9942831;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2774934A-FCD8-425F-A3DD-B1C24422592D}\MpKsla9942831.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2774934A-FCD8-425F-A3DD-B1C24422592D}\MpKsla9942831.sys [?]
S1 MpKslad023713;MpKslad023713;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92F419D1-5323-4164-8DD4-DCFC83DA1A1C}\MpKslad023713.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92F419D1-5323-4164-8DD4-DCFC83DA1A1C}\MpKslad023713.sys [?]
S1 MpKslf67385c3;MpKslf67385c3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9F9DAE5-82EA-4889-940B-8B3C5762A21D}\MpKslf67385c3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9F9DAE5-82EA-4889-940B-8B3C5762A21D}\MpKslf67385c3.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpywares\SASDIFSV.SYS --> c:\program files\SUPERAntiSpywares\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpywares\SASKUTIL.sys --> c:\program files\SUPERAntiSpywares\SASKUTIL.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10/14/2011 12:07 PM 27064]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpywares\SASENUM.SYS --> c:\program files\SUPERAntiSpywares\SASENUM.SYS [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL3F92F902
*NewlyCreated* - MPKSL8CC76C85
*NewlyCreated* - MPKSLD48A50F5
*Deregistered* - MpKsl8cc76c85
*Deregistered* - MpKsld48a50f5
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-933769587-3110208100-3131441782-1235Core.job
- c:\documents and settings\bernie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-28 17:47]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-933769587-3110208100-3131441782-1235UA.job
- c:\documents and settings\bernie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-28 17:47]
.
2011-11-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
DPF: {3DFD2B52-C6E9-11D4-8226-005004F658FC} - hxxp://192.168.0.3/ilccrm/Plugin/eWarePluginX.cab
DPF: {D35A424F-7331-40EE-9AD4-066E93BEF635} - hxxp://192.168.0.3/ilccrm/Plugin/crmoutlookplugininitial.cab
FF - ProfilePath - c:\documents and settings\bernie\Application Data\Mozilla\Firefox\Profiles\isq54gf4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-11 09:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-11-11 09:14:35
ComboFix-quarantined-files.txt 2011-11-11 17:14
ComboFix2.txt 2011-11-06 19:41
.
Pre-Run: 94,158,372,864 bytes free
Post-Run: 94,577,131,520 bytes free
.
- - End Of File - - B897C167E59C25928EE6DD8A94517BF6


Thanks,
Al

#15 altenuta

altenuta
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 AM

Posted 11 November 2011 - 01:04 PM

I forgot to mention that the computer goes into auto lock which was not enabled before we started having problems. How do I go about getting rid of this problem?

Al




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users