Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix log


  • This topic is locked This topic is locked
3 replies to this topic

#1 sanzeeb

sanzeeb

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 25 November 2011 - 11:33 AM

i had chrome, mozilla and IE all installed. now after i encountered searchqu in all three browsers, unintalled chrome and firefox.
i now use on IE, tried to disable from tools.
it still is there, even after using combofix :(


ComboFix 11-11-25.01 - karki 11/25/2011 21:40:09.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1015.401 [GMT 5.75:45]
Running from: c:\users\karki\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\users\karki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{32989FC8-260A-4936-AFB1-5AB8C3ABCFD0}.xps
c:\users\karki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{56B69221-9D26-40EC-935C-9178310A71E0}.xps
c:\users\karki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7C713CFD-0BF3-45C0-AA11-C0CAB6B0526F}.xps
c:\users\karki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CFA8E5AC-9998-4683-B685-6B1968708847}.xps
c:\users\karki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E42AA8D6-7FAD-4562-9F07-5DF9CE11B6E5}.xps
c:\users\karki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F004926F-55B0-4815-BB77-CC224FB0B51F}.xps
c:\users\karki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F5F9D88D-9769-4745-BBB3-BABA9555C835}.xps
c:\users\karki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FE044864-4FB0-4E03-AF92-92FA3082D6E6}.xps
c:\users\karki\AppData\Roaming\tazebama
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))
.
.
2011-11-25 12:27 . 2011-11-25 12:27 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9716518D-B2CF-4516-90CE-ED4CC13556E6}\MpKsl3ab66541.sys
2011-11-25 12:21 . 2011-11-25 12:21 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9716518D-B2CF-4516-90CE-ED4CC13556E6}\MpKsla842d0f5.sys
2011-11-25 12:20 . 2011-11-25 12:27 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9716518D-B2CF-4516-90CE-ED4CC13556E6}\offreg.dll
2011-11-25 12:20 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9716518D-B2CF-4516-90CE-ED4CC13556E6}\mpengine.dll
2011-11-20 12:37 . 2011-11-20 12:38 -------- d-----w- c:\users\karki\AppData\Local\Ilivid Player
2011-11-20 12:22 . 2011-11-20 12:51 -------- d-----w- c:\programdata\boost_interprocess
2011-11-20 12:18 . 2011-11-20 12:18 -------- d-----w- c:\users\karki\AppData\Local\PackageAware
2011-11-13 09:07 . 2011-11-13 09:07 0 ---ha-w- c:\users\karki\AppData\Local\BIT2503.tmp
2011-11-10 02:14 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 02:14 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 02:14 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 03:50 . 2011-11-05 06:06 -------- d-----w- c:\users\karki\AppData\Roaming\FLV2MP3
2011-11-05 02:34 . 2011-11-05 06:58 -------- d-----w- c:\users\karki\AppData\Roaming\NCH Software
2011-11-05 02:34 . 2011-11-25 02:50 -------- d-----w- c:\programdata\NCH Software
2011-11-05 02:34 . 2011-11-25 02:50 -------- d-----w- c:\program files\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 13:41 . 2011-10-11 13:42 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFB94E49-3528-4A4F-B1A8-2B0A87F151C4}\gapaengine.dll
2011-10-07 03:48 . 2011-07-22 16:20 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-02 23:21 . 2011-09-16 15:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-01 02:42 . 2011-10-12 03:37 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-10 14:33 . 2011-09-10 14:33 0 ---ha-w- c:\users\karki\AppData\Local\BIT15C1.tmp
2011-09-05 15:59 . 2011-09-05 15:59 0 ---ha-w- c:\users\karki\AppData\Local\BIT4C85.tmp
2011-09-05 14:33 . 2011-09-05 14:33 0 ---ha-w- c:\users\karki\AppData\Local\BIT6A9C.tmp
2011-09-05 12:20 . 2011-09-05 12:20 0 ---ha-w- c:\users\karki\AppData\Local\BIT295E.tmp
2011-09-04 00:43 . 2011-09-04 00:43 0 ---ha-w- c:\users\karki\AppData\Local\BITF95F.tmp
2011-08-30 11:29 . 2011-08-30 11:29 0 ---ha-w- c:\users\karki\AppData\Local\BITCA40.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-08 65216]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-10-08 641400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 05:59 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-05-27 16:13 4269296 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
R1 MpKsl01d32e82;MpKsl01d32e82;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70593D20-67BC-4D1C-8C6D-201BCF4A75CF}\MpKsl01d32e82.sys [x]
R1 MpKsl033024e2;MpKsl033024e2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEC254A4-4BED-4313-B8FE-7D77E50AC624}\MpKsl033024e2.sys [x]
R1 MpKsl05ed2acc;MpKsl05ed2acc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{537283E4-0A7D-4928-82D8-445401C7CB3E}\MpKsl05ed2acc.sys [x]
R1 MpKsl071fe265;MpKsl071fe265;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F12386B0-DD80-46C2-8655-B3BE25677BA5}\MpKsl071fe265.sys [x]
R1 MpKsl075c6be0;MpKsl075c6be0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38B791A2-4419-4204-937B-E08A928CC350}\MpKsl075c6be0.sys [x]
R1 MpKsl09600166;MpKsl09600166;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BCD914F-77B2-46C6-A5B7-47DFFFAE9FFE}\MpKsl09600166.sys [x]
R1 MpKsl0ac63208;MpKsl0ac63208;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B5FA865-3FB8-4D0F-A479-4DE6EB2BA358}\MpKsl0ac63208.sys [x]
R1 MpKsl0be3d169;MpKsl0be3d169;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CEED8B5A-70AB-4F64-9C63-6964139C010A}\MpKsl0be3d169.sys [x]
R1 MpKsl0bfeb17c;MpKsl0bfeb17c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBA68346-5943-4CE5-82F0-B5E9BBC4CEB1}\MpKsl0bfeb17c.sys [x]
R1 MpKsl0daa14b0;MpKsl0daa14b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A209737-6E89-4070-B4C8-DD33B583BE18}\MpKsl0daa14b0.sys [x]
R1 MpKsl0ddd44b0;MpKsl0ddd44b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9D6885C-444C-437A-9E97-27AEEE583270}\MpKsl0ddd44b0.sys [x]
R1 MpKsl10b0a1e6;MpKsl10b0a1e6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7765F0F-76DC-456A-8A5B-0BDDCD6C69FF}\MpKsl10b0a1e6.sys [x]
R1 MpKsl11c76b19;MpKsl11c76b19;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0F147C1-E03D-4019-8D70-340F6659CC55}\MpKsl11c76b19.sys [x]
R1 MpKsl127205b9;MpKsl127205b9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CB2FAEC-F649-4E41-88BB-5F42F4654716}\MpKsl127205b9.sys [x]
R1 MpKsl139524ec;MpKsl139524ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEC254A4-4BED-4313-B8FE-7D77E50AC624}\MpKsl139524ec.sys [x]
R1 MpKsl146384fa;MpKsl146384fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF99F2E1-E308-4B50-8541-181E9D6A128D}\MpKsl146384fa.sys [x]
R1 MpKsl1a17ac32;MpKsl1a17ac32;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{17B67140-26B4-48A2-87C1-951F570A1BB9}\MpKsl1a17ac32.sys [x]
R1 MpKsl1cc51b50;MpKsl1cc51b50;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A209737-6E89-4070-B4C8-DD33B583BE18}\MpKsl1cc51b50.sys [x]
R1 MpKsl20bfa133;MpKsl20bfa133;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBE8F6BA-08E3-4DD3-9FE7-F9223E850B27}\MpKsl20bfa133.sys [x]
R1 MpKsl224a2413;MpKsl224a2413;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D925913B-FCAD-4110-B946-989FF4E1CBB2}\MpKsl224a2413.sys [x]
R1 MpKsl25f0af76;MpKsl25f0af76;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8D50638-5C37-402B-8AD7-566AD422F45C}\MpKsl25f0af76.sys [x]
R1 MpKsl27c36d53;MpKsl27c36d53;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEC254A4-4BED-4313-B8FE-7D77E50AC624}\MpKsl27c36d53.sys [x]
R1 MpKsl2e7fec82;MpKsl2e7fec82;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA3CABFA-C4B5-4145-9D8D-86FE5A6B7CD9}\MpKsl2e7fec82.sys [x]
R1 MpKsl31ccbe3e;MpKsl31ccbe3e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21E6BF10-5B02-4802-B977-00254BB6208D}\MpKsl31ccbe3e.sys [x]
R1 MpKsl331f6c14;MpKsl331f6c14;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEC254A4-4BED-4313-B8FE-7D77E50AC624}\MpKsl331f6c14.sys [x]
R1 MpKsl3333da95;MpKsl3333da95;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD2EB7C2-F3EC-4F5F-8546-F49514903669}\MpKsl3333da95.sys [x]
R1 MpKsl33ce30b6;MpKsl33ce30b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B79E7CE5-D3BE-4937-ACE5-3BE46D1B7019}\MpKsl33ce30b6.sys [x]
R1 MpKsl3a84bf86;MpKsl3a84bf86;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1FFC02C2-58E3-4A0F-92DD-901CDCB11504}\MpKsl3a84bf86.sys [x]
R1 MpKsl3b145602;MpKsl3b145602;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEC254A4-4BED-4313-B8FE-7D77E50AC624}\MpKsl3b145602.sys [x]
R1 MpKsl3cb537e5;MpKsl3cb537e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{87780CBD-E145-4A07-87BC-0EA0CA3C5C4C}\MpKsl3cb537e5.sys [x]
R1 MpKsl3d8a55cb;MpKsl3d8a55cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D2F8CF9-C1D4-462D-9A4C-408670B7AD7D}\MpKsl3d8a55cb.sys [x]
R1 MpKsl3f01ea00;MpKsl3f01ea00;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24A03F42-822A-49A8-80F3-60A60328E79A}\MpKsl3f01ea00.sys [x]
R1 MpKsl49025018;MpKsl49025018;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{079F492F-A046-48C7-A261-2AA60386A266}\MpKsl49025018.sys [x]
R1 MpKsl4980193e;MpKsl4980193e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72781BCA-8875-4C81-BF5B-685535E3E3CA}\MpKsl4980193e.sys [x]
R1 MpKsl4ae2c7db;MpKsl4ae2c7db;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E5F45D2-0758-46D9-BBD9-ADC638DD5CAD}\MpKsl4ae2c7db.sys [x]
R1 MpKsl4b554151;MpKsl4b554151;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B72D8BA4-A8B2-47F6-928D-8F07171E2C61}\MpKsl4b554151.sys [x]
R1 MpKsl4ccdf44e;MpKsl4ccdf44e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{390DE78B-E38A-4F29-9C27-677E7BF3A90E}\MpKsl4ccdf44e.sys [x]
R1 MpKsl4df9ad68;MpKsl4df9ad68;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91190776-9D74-4C57-8B3E-604219D8FBFD}\MpKsl4df9ad68.sys [x]
R1 MpKsl4ee5e0af;MpKsl4ee5e0af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{537283E4-0A7D-4928-82D8-445401C7CB3E}\MpKsl4ee5e0af.sys [x]
R1 MpKsl4fdfc8d8;MpKsl4fdfc8d8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9D6885C-444C-437A-9E97-27AEEE583270}\MpKsl4fdfc8d8.sys [x]
R1 MpKsl51cf0467;MpKsl51cf0467;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9DDB093C-DFB9-4974-A703-4B7BD23F04B3}\MpKsl51cf0467.sys [x]
R1 MpKsl53796eea;MpKsl53796eea;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41985474-90FB-4FFD-AD03-1FE3404BB91F}\MpKsl53796eea.sys [x]
R1 MpKsl55dc1345;MpKsl55dc1345;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7EE3125-A281-4690-AEBC-59EA999C802F}\MpKsl55dc1345.sys [x]
R1 MpKsl572f0660;MpKsl572f0660;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD2EB7C2-F3EC-4F5F-8546-F49514903669}\MpKsl572f0660.sys [x]
R1 MpKsl598fb8be;MpKsl598fb8be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21E6BF10-5B02-4802-B977-00254BB6208D}\MpKsl598fb8be.sys [x]
R1 MpKsl59be14cf;MpKsl59be14cf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{823E8365-E24F-478B-AB41-BEA348AF4BAB}\MpKsl59be14cf.sys [x]
R1 MpKsl5e61fbed;MpKsl5e61fbed;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C93A0616-0A0B-451E-8C7C-042296046863}\MpKsl5e61fbed.sys [x]
R1 MpKsl5f38c8c4;MpKsl5f38c8c4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9D6885C-444C-437A-9E97-27AEEE583270}\MpKsl5f38c8c4.sys [x]
R1 MpKsl620c9c81;MpKsl620c9c81;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB8433EE-BCC3-4E6E-8253-7DDB435E1E34}\MpKsl620c9c81.sys [x]
R1 MpKsl663295f6;MpKsl663295f6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9D6885C-444C-437A-9E97-27AEEE583270}\MpKsl663295f6.sys [x]
R1 MpKsl689657a8;MpKsl689657a8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8EB9FA2B-8F26-4F65-96D7-2A13E781A713}\MpKsl689657a8.sys [x]
R1 MpKsl6c7a6380;MpKsl6c7a6380;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A9E1D730-AB4F-40E2-96E8-499D447DF48D}\MpKsl6c7a6380.sys [x]
R1 MpKsl6e78f818;MpKsl6e78f818;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B97A1C1-6269-4838-B8E0-919CAF9B7CAC}\MpKsl6e78f818.sys [x]
R1 MpKsl7087a586;MpKsl7087a586;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70593D20-67BC-4D1C-8C6D-201BCF4A75CF}\MpKsl7087a586.sys [x]
R1 MpKsl71b477ae;MpKsl71b477ae;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{390DE78B-E38A-4F29-9C27-677E7BF3A90E}\MpKsl71b477ae.sys [x]
R1 MpKsl7221b385;MpKsl7221b385;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{079F492F-A046-48C7-A261-2AA60386A266}\MpKsl7221b385.sys [x]
R1 MpKsl740b3666;MpKsl740b3666;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9D6885C-444C-437A-9E97-27AEEE583270}\MpKsl740b3666.sys [x]
R1 MpKsl78b54bc8;MpKsl78b54bc8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1FFC02C2-58E3-4A0F-92DD-901CDCB11504}\MpKsl78b54bc8.sys [x]
R1 MpKsl79022543;MpKsl79022543;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEC254A4-4BED-4313-B8FE-7D77E50AC624}\MpKsl79022543.sys [x]
R1 MpKsl7b1c6e66;MpKsl7b1c6e66;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9D6885C-444C-437A-9E97-27AEEE583270}\MpKsl7b1c6e66.sys [x]
R1 MpKsl8210be4f;MpKsl8210be4f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{823E8365-E24F-478B-AB41-BEA348AF4BAB}\MpKsl8210be4f.sys [x]
R1 MpKsl881b0186;MpKsl881b0186;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{079F492F-A046-48C7-A261-2AA60386A266}\MpKsl881b0186.sys [x]
R1 MpKsl92e05295;MpKsl92e05295;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF99F2E1-E308-4B50-8541-181E9D6A128D}\MpKsl92e05295.sys [x]
R1 MpKsl9432a834;MpKsl9432a834;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A45A30B-CECB-4D29-A988-EF6E3B7501DC}\MpKsl9432a834.sys [x]
R1 MpKsl944c4357;MpKsl944c4357;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9D6885C-444C-437A-9E97-27AEEE583270}\MpKsl944c4357.sys [x]
R1 MpKsl980161f9;MpKsl980161f9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70593D20-67BC-4D1C-8C6D-201BCF4A75CF}\MpKsl980161f9.sys [x]
R1 MpKsl9929e642;MpKsl9929e642;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AADD084C-A82C-4105-8998-F9578DB59BC7}\MpKsl9929e642.sys [x]
R1 MpKsla1865a8a;MpKsla1865a8a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A721433E-ABD5-4F57-9521-ECF8691C5F5D}\MpKsla1865a8a.sys [x]
R1 MpKsla1f19a03;MpKsla1f19a03;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E92C0E9A-A6FE-4EC2-9244-0BC33976D631}\MpKsla1f19a03.sys [x]
R1 MpKsla673c53f;MpKsla673c53f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC26C4E5-97C1-457D-A824-A2BB179D6501}\MpKsla673c53f.sys [x]
R1 MpKsla790972f;MpKsla790972f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{347E483E-F7D7-400A-B12C-1FCEB689EAE4}\MpKsla790972f.sys [x]
R1 MpKsla80ddd71;MpKsla80ddd71;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21E6BF10-5B02-4802-B977-00254BB6208D}\MpKsla80ddd71.sys [x]
R1 MpKsla933e849;MpKsla933e849;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64D3639C-020C-43B5-B145-AEE0E5235A0F}\MpKsla933e849.sys [x]
R1 MpKslac140bcc;MpKslac140bcc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{347E483E-F7D7-400A-B12C-1FCEB689EAE4}\MpKslac140bcc.sys [x]
R1 MpKslac4425b4;MpKslac4425b4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{079F492F-A046-48C7-A261-2AA60386A266}\MpKslac4425b4.sys [x]
R1 MpKslacd408cc;MpKslacd408cc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23C9124F-BE50-45A6-9A96-798EB5A76AC8}\MpKslacd408cc.sys [x]
R1 MpKslad896363;MpKslad896363;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64D3639C-020C-43B5-B145-AEE0E5235A0F}\MpKslad896363.sys [x]
R1 MpKslb60aec9c;MpKslb60aec9c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A45A30B-CECB-4D29-A988-EF6E3B7501DC}\MpKslb60aec9c.sys [x]
R1 MpKslb879759c;MpKslb879759c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA214022-BB77-4BC9-9A87-15E4DAF05B54}\MpKslb879759c.sys [x]
R1 MpKslb91ac0fc;MpKslb91ac0fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9AC9541-105E-4F19-A428-D11D8A9B76F4}\MpKslb91ac0fc.sys [x]
R1 MpKslbce769a2;MpKslbce769a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{17B67140-26B4-48A2-87C1-951F570A1BB9}\MpKslbce769a2.sys [x]
R1 MpKslbdfdfc45;MpKslbdfdfc45;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49EE3732-41A4-4AAC-8224-3B73F07865FA}\MpKslbdfdfc45.sys [x]
R1 MpKslc0422df3;MpKslc0422df3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E92C0E9A-A6FE-4EC2-9244-0BC33976D631}\MpKslc0422df3.sys [x]
R1 MpKslc5ba8350;MpKslc5ba8350;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{390DE78B-E38A-4F29-9C27-677E7BF3A90E}\MpKslc5ba8350.sys [x]
R1 MpKslc9e43826;MpKslc9e43826;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E745BF9-4201-4995-9611-9EFAAD73167E}\MpKslc9e43826.sys [x]
R1 MpKslcb08e5c0;MpKslcb08e5c0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC26C4E5-97C1-457D-A824-A2BB179D6501}\MpKslcb08e5c0.sys [x]
R1 MpKslcbe6713e;MpKslcbe6713e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEC254A4-4BED-4313-B8FE-7D77E50AC624}\MpKslcbe6713e.sys [x]
R1 MpKslcf1b0d24;MpKslcf1b0d24;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41985474-90FB-4FFD-AD03-1FE3404BB91F}\MpKslcf1b0d24.sys [x]
R1 MpKsld0e115dc;MpKsld0e115dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A11F34E-153E-4BC9-8B3A-42FF162045A9}\MpKsld0e115dc.sys [x]
R1 MpKsld29a5cbb;MpKsld29a5cbb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9D6885C-444C-437A-9E97-27AEEE583270}\MpKsld29a5cbb.sys [x]
R1 MpKsld2e16c4e;MpKsld2e16c4e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B79E7CE5-D3BE-4937-ACE5-3BE46D1B7019}\MpKsld2e16c4e.sys [x]
R1 MpKsld44f219b;MpKsld44f219b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4463F1F1-0ED3-4FCF-9D1E-E9A7787D4F61}\MpKsld44f219b.sys [x]
R1 MpKsld76ddf29;MpKsld76ddf29;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95E5AC73-4DCA-43E8-B23D-A3CC81C486E5}\MpKsld76ddf29.sys [x]
R1 MpKsld9e62450;MpKsld9e62450;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02009CB4-75C1-4FD9-B4C7-704ABE515F6F}\MpKsld9e62450.sys [x]
R1 MpKsldb5ac28b;MpKsldb5ac28b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{390DE78B-E38A-4F29-9C27-677E7BF3A90E}\MpKsldb5ac28b.sys [x]
R1 MpKsldf17ce37;MpKsldf17ce37;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24A03F42-822A-49A8-80F3-60A60328E79A}\MpKsldf17ce37.sys [x]
R1 MpKsle15c2d60;MpKsle15c2d60;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9D6885C-444C-437A-9E97-27AEEE583270}\MpKsle15c2d60.sys [x]
R1 MpKsle209881a;MpKsle209881a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB3089CE-D119-4F6D-A72D-06A72EAFF3C4}\MpKsle209881a.sys [x]
R1 MpKsle2ad2718;MpKsle2ad2718;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD02218D-FEB5-4AE4-93A5-9BEEA4C5E367}\MpKsle2ad2718.sys [x]
R1 MpKsle4286e33;MpKsle4286e33;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB3089CE-D119-4F6D-A72D-06A72EAFF3C4}\MpKsle4286e33.sys [x]
R1 MpKsle7da393e;MpKsle7da393e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72781BCA-8875-4C81-BF5B-685535E3E3CA}\MpKsle7da393e.sys [x]
R1 MpKsleac7787e;MpKsleac7787e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{990EB375-818B-4E9C-89EA-3ED4092DC88B}\MpKsleac7787e.sys [x]
R1 MpKsled606a03;MpKsled606a03;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F12386B0-DD80-46C2-8655-B3BE25677BA5}\MpKsled606a03.sys [x]
R1 MpKsleebcef4d;MpKsleebcef4d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF7F33A8-ED92-493D-B490-3B73F2A52814}\MpKsleebcef4d.sys [x]
R1 MpKslef146bdf;MpKslef146bdf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A071AC57-921C-4B1B-9E4C-8BCF96571187}\MpKslef146bdf.sys [x]
R1 MpKsleff6264f;MpKsleff6264f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD02218D-FEB5-4AE4-93A5-9BEEA4C5E367}\MpKsleff6264f.sys [x]
R1 MpKslf1c76386;MpKslf1c76386;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBD34AD6-D3ED-4268-A976-6109332D0CB1}\MpKslf1c76386.sys [x]
R1 MpKslf590b0e2;MpKslf590b0e2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AEFD121-F711-447E-AEA6-967F05437D5B}\MpKslf590b0e2.sys [x]
R1 MpKslf5c8c779;MpKslf5c8c779;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E08ED78D-0BBD-4DCC-955B-F83A0AD55DC0}\MpKslf5c8c779.sys [x]
R1 MpKslf6377735;MpKslf6377735;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AE987AB-6989-4035-BC74-57818378A7A4}\MpKslf6377735.sys [x]
R1 MpKslf7c2f192;MpKslf7c2f192;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95E5AC73-4DCA-43E8-B23D-A3CC81C486E5}\MpKslf7c2f192.sys [x]
R1 MpKslf88333c6;MpKslf88333c6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECF2909B-93C1-4E3C-B6A0-FFE4C99E5156}\MpKslf88333c6.sys [x]
R1 MpKslfef6fe24;MpKslfef6fe24;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB8433EE-BCC3-4E6E-8253-7DDB435E1E34}\MpKslfef6fe24.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-19 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-19 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-19 1343400]
S1 MpKsl23766c21;MpKsl23766c21;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91190776-9D74-4C57-8B3E-604219D8FBFD}\MpKsl23766c21.sys [x]
S1 MpKsl3ab66541;MpKsl3ab66541;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9716518D-B2CF-4516-90CE-ED4CC13556E6}\MpKsl3ab66541.sys [2011-11-25 28752]
S1 MpKsla842d0f5;MpKsla842d0f5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9716518D-B2CF-4516-90CE-ED4CC13556E6}\MpKsla842d0f5.sys [2011-11-25 28752]
S1 MpKslf58392c9;MpKslf58392c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91190776-9D74-4C57-8B3E-604219D8FBFD}\MpKslf58392c9.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2011-08-15 31408]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL3AB66541
*NewlyCreated* - MPKSLA842D0F5
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-19 08:29]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-19 08:29]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1425590418-511252940-3804645200-1000Core.job
- c:\users\karki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 01:57]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1425590418-511252940-3804645200-1000UA.job
- c:\users\karki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 01:57]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: S&end to OneNote - e:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{4331DBC3-1FA3-465B-90E8-C85F04A618EC}: NameServer = 202.79.32.4
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-USB Antivirus - c:\program files\USB Disk Security\USBGuard.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-25 21:52:35
ComboFix-quarantined-files.txt 2011-11-25 16:07
.
Pre-Run: 4,348,067,840 bytes free
Post-Run: 5,211,607,040 bytes free
.
- - End Of File - - A067BB152E256296B5E8112337656EDF

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 27 November 2011 - 11:14 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 02 December 2011 - 08:46 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 05 December 2011 - 12:17 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users