Inactive XP supposedly infected with System Check

E

evtoma

Posts: 6   +0
Malwarebytes Anti-Malware (Proba) 1.60.0.1800
www.malwarebytes.org

Versiunea bazei de date: v2012.01.21.01

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
maman :: HOME-9390AD840C [administrator]

Protectie: Activat

21.01.2012 10:42:39
mbam-log-2012-01-21 (10-42-39).txt

Modul de scanare: Scanare rapida
Optiuni de scanare activate: Memorie | Pornire | Registru | Sistemul fisierelor | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Optiuni de scanare dezactivate: P2P
Obiecte scanate: 257401
Timp trecut: 36 minute, 39 secunde

Procese din Memorie detectate: 1
C:\Documents and Settings\All Users\Application Data\FpNsnrTURn.exe (Rogue.FakeHDD) -> 3840 -> Va fi inlaturat dupa o repornire.

Module de Memorie detectate: 0
(Nu au fost detectate obiecte malicioase)

Chei de Registru detectate: 7
HKCR\AppID\{D3A39EAC-36F5-4FB6-BDD4-9908F6C4CFFF} (Adware.K.GoodJoy) -> Pus in carantina si inlaturat cu succes.
HKCR\CLSID\{D7BE8ED1-B138-48FD-BB22-9779A39130B1} (Redir.GSearch) -> Pus in carantina si inlaturat cu succes.
HKCR\TypeLib\{A1A1E70D-58C5-4349-83B6-BE9682B9874D} (Redir.GSearch) -> Pus in carantina si inlaturat cu succes.
HKCR\Interface\{4BF423F5-1689-4003-8A05-829048C7D869} (Redir.GSearch) -> Pus in carantina si inlaturat cu succes.
HKCR\SearchBHO.CSearchBHO.1 (Redir.GSearch) -> Pus in carantina si inlaturat cu succes.
HKCR\SearchBHO.CSearchBHO (Redir.GSearch) -> Pus in carantina si inlaturat cu succes.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D7BE8ED1-B138-48FD-BB22-9779A39130B1} (Redir.GSearch) -> Pus in carantina si inlaturat cu succes.

Valori de Registru detectate: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FpNsnrTURn.exe (Rogue.FakeHDD) -> Date: C:\Documents and Settings\All Users\Application Data\FpNsnrTURn.exe -> Pus in carantina si inlaturat cu succes.
HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{D7BE8ED1-B138-48FD-BB22-9779A39130B1} (Redir.GSearch) -> Date: -> Pus in carantina si inlaturat cu succes.
HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{D7BE8ED1-B138-48FD-BB22-9779A39130B1} (Redir.GSearch) -> Date: -> Pus in carantina si inlaturat cu succes.

Date din Registru detectate: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Daunator: (0) Bun: (1) -> Pus in carantina si reparat cu succes.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Daunator: (0) Bun: (1) -> Pus in carantina si reparat cu succes.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Daunator: (0) Bun: (1) -> Pus in carantina si reparat cu succes.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Daunator: (0) Bun: (1) -> Pus in carantina si reparat cu succes.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Daunator: (0) Bun: (1) -> Pus in carantina si reparat cu succes.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Daunator: (0) Bun: (1) -> Pus in carantina si reparat cu succes.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Daunator: (1) Bun: (0) -> Pus in carantina si reparat cu succes.

Foldere detectate: 0
(Nu au fost detectate obiecte malicioase)

Fisiere detectate: 3
C:\Documents and Settings\All Users\Application Data\FpNsnrTURn.exe (Rogue.FakeHDD) -> Va fi inlaturat dupa o repornire.
C:\Documents and Settings\Elena\Application Data\Mozilla\Firefox\Profiles\w1jqubi7.default\extensions\SearchHelper\SearchBHO.dll (Redir.GSearch) -> Pus in carantina si inlaturat cu succes.
C:\Documents and Settings\All Users\Application Data\GpqRwrYgl5BpWB.exe (Rogue.FakeAlert) -> Pus in carantina si inlaturat cu succes.

(sfarsit)
 
gmer

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-21 13:42:33
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0 Hitachi_ rev.ST2O
Running: orowvxjp.exe; Driver: C:\DOCUME~1\maman\LOCALS~1\Temp\pgxyqkoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAF67AF74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAF67B00C]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- EOF - GMER 1.0.15 ----
 
dds report

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29
Run by maman at 13:46:03 on 2012-01-21
Microsoft Windows XP Professional 5.1.2600.2.1250.40.1033.18.1791.1019 [GMT 2:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Secunia\PSI\PSI_TRAY.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\maman\My Documents\Descărcări\dds.scr
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://start.allgameshome.com/
mSearchAssistant = hxxp://www.google.com/ie
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSof1.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar.dll
BHO: MyPlayCity Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {EEE6C35C-6118-11DC-9C72-001320C79847} - No File
BHO: TBSB00808 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\allgameshome toolbar\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_0.dll
TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSof1.dll
TB: Subtitles.com.br FileBulldog Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\subtitles.com.br filebulldog toolbar\tbcore3.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar.dll
TB: MyPlayCity Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AllGamesHome Toolbar: {5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d} - c:\program files\allgameshome toolbar\tbcore3.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_0.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [FreePDF Assistant] c:\program files\freepdf_xp\fpassist.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [BigDogPath] c:\windows\VM_STI.EXE Philips SPC210NC Webcam
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EasyDownloads] "d:\copia-program files\easy downloads\easydownloads.exe" -tray
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\allgameshome toolbar\tbcore3.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 95.77.94.88 78.96.7.88
TCP: Interfaces\{4E786DC3-5AF6-4721-9E2D-96B963882B6B} : DhcpNameServer = 95.77.94.88 78.96.7.88
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\maman\application data\mozilla\firefox\profiles\5o0ar2p0.default\
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\depozit\pachete\picasa3\npPicasa3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-3-20 475736]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-21 652872]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-8-24 185640]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-21 20464]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-10-25 1617408]
S2 gupdate;Serviciul Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-5 136176]
S3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-26 1656960]
S3 AsrCDDrv;AsrCDDrv;\??\c:\windows\system32\drivers\asrcddrv.sys --> c:\windows\system32\drivers\AsrCDDrv.sys [?]
S3 cpuz135;cpuz135;\??\c:\docume~1\test\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\test\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
S3 gupdatem;Serviciul Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-5 136176]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-6 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-6 8320]
S4 Joulemeter Service;Joulemeter Service;"d:\copia-program files\joulemeterservice.exe" --> d:\copia-program files\JoulemeterService.exe [?]
.
=============== Created Last 30 ================
.
2012-01-21 11:40:09 -------- d-----w- c:\windows\IrfanView
2012-01-21 11:34:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-21 11:34:51 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-01-21 11:34:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-21 11:29:01 -------- d-----w- c:\documents and settings\maman\local settings\application data\Secunia PSI
2012-01-21 11:28:38 -------- d-----w- c:\program files\Secunia
2012-01-21 08:39:33 -------- d-----w- c:\documents and settings\maman\application data\Malwarebytes
2012-01-21 08:39:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-21 08:38:59 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-21 08:38:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-21 07:50:20 -------- d-----w- c:\documents and settings\maman\local settings\application data\Mozilla
2012-01-20 21:13:42 -------- d-----w- c:\documents and settings\maman\local settings\application data\Microsoft
2012-01-12 11:45:03 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-12 11:45:03 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-12 11:45:03 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-12 11:45:03 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2011-12-24 22:20:22 -------- d-----w- C:\spoolerlogs
.
==================== Find3M ====================
.
2012-01-21 11:42:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-29 21:35:09 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
.
============= FINISH: 13:46:42,31 ===============
 
attach file from dds

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 25.10.2011 14:24:44
System Uptime: 21.01.2012 11:34:08 (2 hours ago)
.
Motherboard: ASRock | | N68C-S UCC
Processor: AMD Sempron(tm) Dual Core Processor 2100 | CPUSocket | 1808/200mhz
Processor: AMD Sempron(tm) Dual Core Processor 2100 | CPUSocket | 1808/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 29,443 GiB free.
D: is FIXED (NTFS) - 249 GiB total, 156,438 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Kaspersky Anti-Virus NDIS Miniport
Device ID: ROOT\KL_KLIM5MP\0000
Manufacturer: Kaspersky Lab
Name: WAN Miniport (Network Monitor) - Kaspersky Anti-Virus NDIS Miniport
PNP Device ID: ROOT\KL_KLIM5MP\0000
Service: klim5
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Kaspersky Anti-Virus NDIS Miniport
Device ID: ROOT\KL_KLIM5MP\0001
Manufacturer: Kaspersky Lab
Name: Hamachi Network Interface - Kaspersky Anti-Virus NDIS Miniport
PNP Device ID: ROOT\KL_KLIM5MP\0001
Service: klim5
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Kaspersky Anti-Virus NDIS Miniport
Device ID: ROOT\KL_KLIM5MP\0002
Manufacturer: Kaspersky Lab
Name: NVIDIA nForce 10/100 Mbps Ethernet - Kaspersky Anti-Virus NDIS Miniport
PNP Device ID: ROOT\KL_KLIM5MP\0002
Service: klim5
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Kaspersky Anti-Virus NDIS Miniport
Device ID: ROOT\KL_KLIM5MP\0003
Manufacturer: Kaspersky Lab
Name: WAN Miniport (IP) - Kaspersky Anti-Virus NDIS Miniport
PNP Device ID: ROOT\KL_KLIM5MP\0003
Service: klim5
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 3110c
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader X (10.1.1)
Adobe Stock Photos 1.0
AllGamesHome Toolbar
Ask Toolbar
µTorrent
Audacity 1.3.12 (Unicode)
BS Player Toolbar
BS.Player FREE
Canon LBP2900
ConvertHelper 2.2
ebgcInfra
ebgcRes
ebgcSDK
FreePDF XP (Remove only)
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript 8.71
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
Hotfix for Windows XP (KB915865)
Inca Ball Cave ScreenSaver
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 29
JavaScript Menu Builder Titanium Trial
Kaspersky Internet Security 2011
Kea Coloring Book 3.5.0
Malwarebytes Anti-Malware versiunea 1.60.0.1800
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Primary Interoperability Assemblies 2005
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 9.0.1 (x86 ro)
MSVC80_x86
MSVC80_x86_v2
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Ultra Edition
neroxml
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
OpenOffice.org 3.3
PC Connectivity Solution
PeerGuardian 2.0
Picasa 3
Platform
Realtek High Definition Audio Driver
RedMon - Redirection Port Monitor
Secunia PSI (2.0.0.4003)
Skype™ 4.2
Software Update for Web Folders
TeamViewer 4
TransferDesktop
Treasure Pyramid
Unlocker 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VIA Platform Device Manager
Web Games Player Plugin
WebFldrs XP
Winamp
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinUtilities 9.67 Free Edition
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
YouSendIt Express
.
==== Event Viewer Messages From Past Week ========
.
20.01.2012 23:06:20, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
20.01.2012 23:04:32, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips KLIF Processor
20.01.2012 23:03:54, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
20.01.2012 14:53:53, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
18.01.2012 17:01:04, error: System Error [1003] - Error code 000000d1, parameter1 0000002c, parameter2 00000002, parameter3 00000000, parameter4 b6665b8f.
15.01.2012 09:49:12, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================
 
let me know...

... if that PC it's officially clean.

BTW, who/what is big blue from your random question, beside the movie?

Thank you,

Emil
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===========================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Hi,
I downloaded the required software but I didn't have enough time to finish the job as the infected computer is 2000km away and I understood everything it's ok. Of course I have to do it but it will take some more days.

Thank you Broni,

Emil
 

Similar threads

S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
K
  • Locked
Inactive PC restarts by itself
Replies
8
Views
3K
Broni
Broni
dubs1987
Solved Possible virus infection (slowing down of browsing, programs, etc)
Replies
22
Views
6K
Broni
Broni

Latest posts

Back