Tetonbob, sorry for the second AV program. This is my mom's laptop and my dad's first thing when one AV detects a virus is to install another six or seven of them
KIS wanted an update this morning, I allowed it and it detected mlJApPIC.dll, deleted it again and created a backup copy, or atleast it sais so. I think everything started (the trojan) from the AMX mod for Counter Strike that my brother installed.
Here is the DDS log, I have also attached the Attach.txt:
....................................................................................................
DDS (Version 1.0) - NTFSx86
Run by Krasi at 10:24:22.48 on ·ҐІўє°ІєЄ 12/04/2008
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.2046.1478 [GMT 2:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\Datecs\Flex2K.exe
C:\DOCUME~1\Krasi\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Krasi\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://support.kaspersky.com/
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [LClock] c:\program files\lclock\LClock.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [NotebookHardwareControl] "c:\program files\notebook hardware control\nhc.exe" -quiet
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\windows\datecs\Flex2K.exe
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-4-16 112144]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 32784]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2008-8-14 213008]
R2 AVP;Kaspersky Internet Security;"c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe" -r [2008-4-25 201992]
R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\drivers\AVerA310USB.sys [2008-8-13 26368]
R3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2008-8-13 42240]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-3-25 24592]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\system32\drivers\ss_bus.sys [2008-10-15 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\drivers\ss_mdfl.sys [2008-10-15 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\drivers\ss_mdm.sys [2008-10-15 94000]
=============== Created Last 30 ================
2008-12-03 11:03 <DIR> --d----- c:\windows\system32\xircom
2008-12-03 11:03 <DIR> --d----- c:\program files\msn gaming zone
2008-12-03 10:57 161,792 a------- c:\windows\SWREG.exe
2008-12-03 10:57 98,816 a------- c:\windows\sed.exe
2008-12-03 10:43 <DIR> --dshr-- C:\cmdcons
2008-12-03 10:43 <DIR> --d----- c:\windows\setup.pss
2008-12-03 10:43 <DIR> --d----- c:\windows\setupupd
2008-12-02 10:25 250 a------- c:\windows\gmer.ini
2008-12-02 02:34 <DIR> --d----- c:\windows\pss
2008-11-22 17:25 <DIR> --d----- c:\docume~1\krasi\applic~1\TeamViewer
2008-11-22 16:35 <DIR> --d----- c:\program files\ESET
2008-11-21 20:58 <DIR> --d----- c:\docume~1\krasi\applic~1\Thinking Minds Budiling Bytes
2008-11-21 19:02 <DIR> --d----- c:\docume~1\krasi\applic~1\Real Desktop
2008-11-21 19:01 <DIR> --d----- c:\docume~1\krasi\applic~1\AD ON Multimedia
2008-11-19 18:45 30,206 a------- c:\windows\system32\msiexec.rar
2008-11-18 18:59 33,824 a------- c:\windows\system32\drivers\oreans32.sys
==================== Find3M ====================
2008-12-04 10:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2008-12-03 11:03 <DIR> --d----- c:\program files\Windows NT
2008-11-21 21:33 <DIR> --d----- c:\docume~1\krasi\applic~1\uTorrent
2008-11-19 18:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2008-11-19 16:46 <DIR> --d----- c:\docume~1\krasi\applic~1\PC Suite
2008-11-02 17:29 <DIR> --d----- c:\docume~1\krasi\applic~1\WeatherWatcher
2008-11-01 19:19 <DIR> --d----- c:\program files\Launch Manager
2008-10-25 23:44 <DIR> --d----- c:\program files\Skype
2008-10-15 18:22 <DIR> --d----- c:\docume~1\krasi\applic~1\Samsung
2008-10-15 18:17 <DIR> --d----- c:\program files\Samsung
2008-10-04 08:50 <DIR> --d----- c:\docume~1\krasi\applic~1\Ubisoft
2008-10-04 08:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ubisoft
2008-09-27 11:32 <DIR> --d----- c:\docume~1\krasi\applic~1\Nokia
2008-09-26 16:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Suite
2008-09-26 16:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Installations
2008-08-14 00:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2008-08-14 00:43 <DIR> --d----- c:\docume~1\krasi\applic~1\DAEMON Tools Pro
2008-08-13 23:44 <DIR> --d----- c:\docume~1\krasi\applic~1\Intel
2008-08-13 23:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intel
2008-08-13 23:15 <DIR> --d----- c:\docume~1\krasi\applic~1\Styler
2008-08-13 23:13 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081420080815\index.dat
============= FINISH: 10:25:06.60 ===============