Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
4 replies to this topic

#1 toots_jwu

toots_jwu

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 10 November 2011 - 08:54 PM

For the last month or so I have this annoying browser hijacking thing. I'm not sure if it's only for my google searches but it always redirects me to either domainsa.com or 404bucks etc. I have tried malwarebytes,Kaspersky,Superantispyware, CCleaner, Ad-aware, Spywareblaster, Hitman Pro..none have helped. I have a hijackthis log and I hope someone can help me. THank you.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:42:57 PM, on 10/11/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1291492291031
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

--
End of file - 4171 bytes

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:12 AM

Posted 11 November 2011 - 02:29 PM

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 toots_jwu

toots_jwu
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 12 November 2011 - 04:07 AM

Hi again, here you go....



MY DDS LOG:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_23
Run by Owner at 3:34:48 on 2011-11-12
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.341 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
.
============== Pseudo HJT Report ===============
.
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1291492291031
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{4C6BA795-AA60-419B-B43E-266404399CDF} : DhcpNameServer = 64.71.255.198
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\ko8sa75p.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\ko8sa75p.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\ko8sa75p.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\ko8sa75p.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\ko8sa75p.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\ko8sa75p.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Swag Bucks Community Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - %profile%\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
FF - Ext: Hotmail-Ad-Zap!: hotmail-ad-zap@csenthilkumar.com - %profile%\extensions\hotmail-ad-zap@csenthilkumar.com
FF - Ext: NoSquint: nosquint@urandom.ca - %profile%\extensions\nosquint@urandom.ca
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-10-16 64512]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-29 315408]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
S3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys --> c:\windows\system32\drivers\appliand.sys [?]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-29 22216]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-29 366152]
.
=============== Created Last 30 ================
.
2011-11-09 04:33:50 -------- d-----w- C:\spoolerlogs
2011-10-30 02:47:05 -------- d-----w- c:\documents and settings\owner\application data\Keynote Systems
2011-10-24 13:15:57 -------- d-----w- c:\program files\CCleaner
2011-10-21 10:22:15 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2011-10-21 10:20:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-21 10:20:52 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-17 04:04:52 -------- d-----w- c:\program files\SpywareBlaster
2011-10-16 22:18:49 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-16 20:24:20 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-16 20:23:54 -------- d-----w- c:\program files\Lavasoft
2011-10-16 18:33:51 570128 ----a-w- c:\program files\common files\microsoft shared\dao\DAO350.DLL
2011-10-16 18:33:51 3584 ----a-w- c:\program files\common files\microsoft shared\dao\comcat.dll
2011-10-16 18:33:51 244024 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2011-10-16 18:33:51 203976 ----a-w- c:\windows\system32\richtx32.ocx
2011-10-16 18:33:51 140096 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-10-16 18:33:51 1338880 ----a-w- c:\program files\common files\microsoft shared\dao\shdocvw.dll
2011-10-16 18:33:51 118784 ----a-w- c:\windows\system32\msstdfmt.dll
2011-10-16 18:24:39 -------- d-----w- c:\windows\SxsCaPendDel
2011-10-16 17:19:56 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sunbelt Software
2011-10-14 10:14:23 -------- d--h--w- c:\windows\system32\WLANProfiles
2011-10-13 09:23:58 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-10-13 09:18:40 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-13 09:18:38 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-10-13 09:18:01 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
.
==================== Find3M ====================
.
2011-11-04 11:00:55 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-11-04 11:00:55 21361 ----a-w- c:\windows\AegisP.sys
2011-11-04 11:00:54 376832 -c--a-w- c:\windows\system32\AegisI5Installer.exe
2011-10-09 19:54:53 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-31 21:00:50 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 3:35:44.73 ===============






MY ATTACH LOG:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 27/09/2011 5:23:59 PM
System Uptime: 07/11/2011 2:26:48 PM (109 hours ago)
.
Motherboard: Dell Inc. | | 0MG532
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | Microprocessor | 798/133mhz
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | Microprocessor | 798/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 110 GiB total, 95.976 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Kaspersky Anti-Virus NDIS Miniport
Device ID: ROOT\KL_KLIM5MP\0000
Manufacturer: Kaspersky Lab
Name: WAN Miniport (Network Monitor) - Kaspersky Anti-Virus NDIS Miniport
PNP Device ID: ROOT\KL_KLIM5MP\0000
Service: klim5
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Kaspersky Anti-Virus NDIS Miniport
Device ID: ROOT\KL_KLIM5MP\0001
Manufacturer: Kaspersky Lab
Name: Broadcom 440x 10/100 Integrated Controller - Kaspersky Anti-Virus NDIS Miniport
PNP Device ID: ROOT\KL_KLIM5MP\0001
Service: klim5
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Kaspersky Anti-Virus NDIS Miniport
Device ID: ROOT\KL_KLIM5MP\0002
Manufacturer: Kaspersky Lab
Name: Intel® PRO/Wireless 3945ABG Network Connection - Kaspersky Anti-Virus NDIS Miniport
PNP Device ID: ROOT\KL_KLIM5MP\0002
Service: klim5
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Kaspersky Anti-Virus NDIS Miniport
Device ID: ROOT\KL_KLIM5MP\0003
Manufacturer: Kaspersky Lab
Name: WAN Miniport (IP) - Kaspersky Anti-Virus NDIS Miniport
PNP Device ID: ROOT\KL_KLIM5MP\0003
Service: klim5
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Kaspersky Anti-Virus NDIS Miniport
Device ID: ROOT\KL_KLIM5MP\0004
Manufacturer: Kaspersky Lab
Name: 1394 Net Adapter - Kaspersky Anti-Virus NDIS Miniport
PNP Device ID: ROOT\KL_KLIM5MP\0004
Service: klim5
.
==== System Restore Points ===================
.
RP1: 27/09/2011 5:30:51 PM - System Checkpoint
RP2: 28/09/2011 6:15:15 PM - System Checkpoint
RP3: 29/09/2011 6:50:13 PM - System Checkpoint
RP4: 30/09/2011 6:34:15 PM - Installed LG United Mobile Driver
RP5: 30/09/2011 6:35:41 PM - Installed MCCI®Firmware Update Driver for MTK.
RP6: 30/09/2011 6:40:00 PM - Installed LG United Mobile Driver
RP7: 30/09/2011 6:46:29 PM - Removed LG United Mobile Driver
RP8: 30/09/2011 6:48:58 PM - Removed MCCI®Firmware Update Driver for MTK.
RP9: 01/10/2011 7:16:30 PM - System Checkpoint
RP10: 02/10/2011 7:47:40 PM - System Checkpoint
RP11: 02/10/2011 8:25:22 PM - Installed HiJackThis
RP12: 04/10/2011 3:47:37 AM - System Checkpoint
RP13: 05/10/2011 6:59:13 PM - System Checkpoint
RP14: 06/10/2011 7:17:39 PM - System Checkpoint
RP15: 08/10/2011 2:02:37 AM - System Checkpoint
RP16: 09/10/2011 2:43:26 AM - System Checkpoint
RP17: 09/10/2011 3:48:53 PM - Installed Ad-Aware
RP18: 09/10/2011 3:49:25 PM - Installed Ad-Aware
RP19: 10/10/2011 6:46:45 PM - System Checkpoint
RP20: 11/10/2011 7:03:34 PM - System Checkpoint
RP21: 12/10/2011 7:10:38 PM - System Checkpoint
RP22: 13/10/2011 8:02:13 PM - System Checkpoint
RP23: 14/10/2011 8:17:09 PM - System Checkpoint
RP24: 15/10/2011 9:47:59 PM - System Checkpoint
RP25: 16/10/2011 2:23:53 PM - Removed Ad-Aware
RP26: 16/10/2011 4:23:17 PM - Installed Ad-Aware
RP27: 16/10/2011 4:23:48 PM - Installed Ad-Aware
RP28: 16/10/2011 4:30:32 PM - Removed Ask Toolbar.
RP29: 17/10/2011 7:35:09 PM - System Checkpoint
RP30: 18/10/2011 8:12:07 PM - System Checkpoint
RP31: 19/10/2011 8:23:17 PM - System Checkpoint
RP32: 20/10/2011 8:37:56 PM - System Checkpoint
RP33: 21/10/2011 8:49:32 PM - System Checkpoint
RP34: 22/10/2011 9:28:01 PM - System Checkpoint
RP35: 24/10/2011 6:30:50 AM - System Checkpoint
RP36: 24/10/2011 8:58:11 AM - Removed Skype Click to Call
RP37: 24/10/2011 8:59:55 AM - Removed Skype™ 5.5
RP38: 24/10/2011 9:24:44 AM - Removed Ask Toolbar.
RP39: 25/10/2011 8:12:01 PM - System Checkpoint
RP40: 26/10/2011 9:31:12 PM - System Checkpoint
RP41: 28/10/2011 3:54:23 AM - System Checkpoint
RP42: 29/10/2011 9:44:19 PM - System Checkpoint
RP43: 30/10/2011 9:48:37 PM - System Checkpoint
RP44: 31/10/2011 10:35:25 PM - System Checkpoint
RP45: 01/11/2011 10:51:19 PM - System Checkpoint
RP46: 03/11/2011 1:06:01 AM - System Checkpoint
RP47: 04/11/2011 6:38:35 AM - System Checkpoint
RP48: 05/11/2011 2:35:04 PM - System Checkpoint
RP49: 07/11/2011 10:29:22 AM - System Checkpoint
RP50: 08/11/2011 8:25:37 PM - System Checkpoint
RP51: 09/11/2011 8:49:19 PM - System Checkpoint
RP52: 10/11/2011 9:30:46 PM - System Checkpoint
RP53: 10/11/2011 8:27:48 PM - System Checkpoint
RP54: 11/11/2011 9:02:51 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Camtasia Studio 7
CCleaner
Conexant HDA D110 MDC V.92 Modem
Foxit Reader
GOM Player
HiJackThis
Hitman Pro 3.5
hp psc 700 series
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
Java Auto Updater
Java™ 6 Update 23
K-Lite Codec Pack 6.7.0 (Full)
Kaspersky Internet Security 2010
Malwarebytes' Anti-Malware version 1.51.2.1300
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 2.0
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.6.22)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 6.0 Parser
mWlsSafe
mWMI
mZConfig
Performance Maximizer Incrediads.
QuickSet
SigmaTel Audio
Sothink FLV Player
SpywareBlaster 4.4
SUPERAntiSpyware
Synaptics Pointing Device Driver
Tracks Eraser Pro v8.3 build 1000
VLC media player 1.1.5
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live installer
Windows Live Messenger
Windows Media Format Runtime
WinRAR archiver
WinZip 14.5
.
==== Event Viewer Messages From Past Week ========
.
11/11/2011 12:20:40 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0018DE0E36E6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
08/11/2011 11:34:29 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/11/2011 10:22:25 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0018DE0E36E6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
07/11/2011 10:22:20 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 74:F0:6D:57:21:CD. Network operations on this system may be disrupted as a result.
07/11/2011 10:11:27 AM, error: Print [6161] - The document Microsoft Word - Document2 owned by Owner failed to print on printer hp psc 700 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 80220. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\JEN-D2632CF1D5A. Win32 error code returned by the print processor: 259 (0x103).
07/11/2011 10:09:09 AM, error: Print [6161] - The document Microsoft Word - Document2 owned by Owner failed to print on printer hp psc 700 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 65536. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\JEN-D2632CF1D5A. Win32 error code returned by the print processor: 259 (0x103).
.
==== End Of File ===========================






MY ASWMBR LOG:


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-12 03:51:34
-----------------------------
03:51:34.031 OS Version: Windows 5.1.2600 Service Pack 2
03:51:34.031 Number of processors: 2 586 0xE08
03:51:34.031 ComputerName: JEN-D2632CF1D5A UserName: Owner
03:51:34.453 Initialize success
03:51:41.781 AVAST engine defs: 11111101
03:51:43.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
03:51:43.765 Disk 0 Vendor: WDC_WD1200BEVS-75LAT0 02.06M02 Size: 113035MB BusType: 3
03:51:45.765 Disk 0 MBR read successfully
03:51:45.765 Disk 0 MBR scan
03:51:45.812 Disk 0 Windows XP default MBR code
03:51:45.812 Disk 0 scanning sectors +231480585
03:51:45.890 Disk 0 scanning C:\WINDOWS\system32\drivers
03:51:58.859 Service scanning
03:52:00.156 Modules scanning
03:52:08.468 Disk 0 trace - called modules:
03:52:08.593
03:52:08.953 AVAST engine scan C:\WINDOWS
03:52:13.031 AVAST engine scan C:\WINDOWS\system32
03:54:30.437 AVAST engine scan C:\WINDOWS\system32\drivers
03:54:46.531 AVAST engine scan C:\Documents and Settings\Owner
03:57:40.250 AVAST engine scan C:\Documents and Settings\All Users
04:02:16.703 Scan finished successfully
04:04:45.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
04:04:45.921 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Edited by toots_jwu, 12 November 2011 - 04:12 AM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:12 AM

Posted 12 November 2011 - 10:36 AM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:12 AM

Posted 24 November 2011 - 08:50 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users