Kaspersky service not running

pavanbl · 06-04-2009, 09:15 PM

This is thread is extension to the previous thread.
Need help with Regedit

My issue now is that when I install any anti virus Kaspersky or NOD32 the service does not start in services.msc . I get error 1053 with kaspersky. According to the previous thread I came to know that my PC is infected with Virus. My Registry editor file regedit.exe is now regedit.com . So now I need a best possible solution except PC format. Kindly find the logs from my system below:

DDS.txt:-

DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 10:28:35.03 on Sat 04/04/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.5.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1283 [GMT 5.5:30]

============== Running Processes ===============

F:\WINDOWS.0\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS.0\System32\svchost.exe -k netsvcs
F:\WINDOWS.0\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
F:\WINDOWS.0\system32\svchost.exe
F:\WINDOWS.0\Explorer.EXE
F:\WINDOWS.0\system32\spoolsv.exe
F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
F:\WINDOWS.0\system32\nvsvc32.exe
F:\WINDOWS.0\system32\svchost.exe -k imgsvc
F:\WINDOWS.0\System32\TUProgSt.exe
svchost.exe "F:\WINDOWS.0\system32\1037e.exe"
F:\Program Files\Java\jre1.5.0_16\bin\jusched.exe
F:\WINDOWS.0\system32\ctfmon.exe
F:\WINDOWS.0\System32\svchost.exe
F:\WINDOWS.0\System32\svchost.exe
F:\WINDOWS.0\System32\svchost.exe
F:\WINDOWS.0\TEMP\BN4D.tmp
F:\WINDOWS.0\System32\svchost.exe
F:\WINDOWS.0\system32\svchost.exe
F:\WINDOWS.0\System32\svchost.exe
F:\WINDOWS.0\TEMP\BN4E.tmp
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS.0\System32\svchost.exe
F:\WINDOWS.0\TEMP\BN53.tmp
F:\WINDOWS.0\System32\svchost.exe
F:\WINDOWS.0\TEMP\BN54.tmp
F:\WINDOWS.0\System32\svchost.exe
F:\WINDOWS.0\TEMP\BN5C.tmp
F:\WINDOWS.0\system32\msiexec.exe
F:\WINDOWS.0\System32\svchost.exe
F:\WINDOWS.0\TEMP\BN71.tmp
F:\WINDOWS.0\System32\svchost.exe
F:\WINDOWS.0\TEMP\BNA7.tmp
F:\WINDOWS.0\System32\svchost.exe
F:\WINDOWS.0\System32\svchost.exe
F:\WINDOWS.0\TEMP\BNA8.tmp
F:\WINDOWS.0\System32\svchost.exe
F:\Documents and Settings\Administrator.HOME\Desktop\Download\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = www.google.com
uInternet Connection Wizard,ShellNext = hxxp://85.114.141.207/meds/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - f:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - f:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - f:\program files\java\jre1.5.0_16\bin\ssv.dll
uRun: [ctfmon.exe] f:\windows.0\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE f:\windows.0\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "f:\program files\java\jre1.5.0_16\bin\jusched.exe"
mRun: [AVP] "f:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: f:\docume~1\alluse~1.0\startm~1\programs\startup\ciscos~1.lnk - f:\program files\cisco systems\vpn client\ipsecdialer.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC} - f:\program files\java\jre1.5.0_16\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - f:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - f:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - f:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: klogon - f:\windows.0\system32\klogon.dll
Notify: tdwvuips - tdwvuips32.dll
AppInit_DLLs: f:\progra~1\kasper~1\kasper~1\mzvkbd.dll,f:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows.0\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - f:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - f:\docume~1\admini~1.hom\applic~1\mozilla\firefox\profiles\i8z24rx2.default\
FF - plugin: f:\program files\java\jre1.5.0_16\bin\NPJava11.dll
FF - plugin: f:\program files\java\jre1.5.0_16\bin\NPJava12.dll
FF - plugin: f:\program files\java\jre1.5.0_16\bin\NPJava13.dll
FF - plugin: f:\program files\java\jre1.5.0_16\bin\NPJava14.dll
FF - plugin: f:\program files\java\jre1.5.0_16\bin\NPJava32.dll
FF - plugin: f:\program files\java\jre1.5.0_16\bin\NPJPI150_16.dll
FF - plugin: f:\program files\java\jre1.5.0_16\bin\NPOJI610.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npicaN.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000

============= SERVICES / DRIVERS ===============

R1 FDCENT;FDCENT;f:\windows.0\system32\drivers\FDCENT.SYS [2009-5-20 47470]
R1 KLIF;Kaspersky Lab Driver;f:\windows.0\system32\drivers\klif.sys [2009-4-4 227344]
R2 CVPNDRV;Cisco Systems IPsec Driver;f:\windows.0\system32\drivers\CVPNDrv.sys [2009-5-29 263749]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;f:\windows.0\system32\TUProgSt.exe [2009-5-31 603904]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;f:\windows.0\system32\drivers\klim5.sys [2008-4-30 24592]
S0 kl1;Kl1;f:\windows.0\system32\drivers\kl1.sys [2008-7-21 121872]
S0 klbg;Kaspersky Lab Boot Guard Driver;f:\windows.0\system32\drivers\klbg.sys [2008-1-29 32784]
S1 2e89eb79;2e89eb79;f:\windows.0\system32\drivers\2e89eb79.sys --> f:\windows.0\system32\drivers\2e89eb79.sys [?]
S2 AVP;Kaspersky Anti-Virus;f:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 206088]
S2 WebClientProtectedStorage;WebClient WebClientProtectedStorage;f:\windows.0\system32\1037e.exe srv --> f:\windows.0\system32\1037e.exe srv [?]
S3 restore;restore;\??\f:\windows.0\system32\drivers\restore.sys --> f:\windows.0\system32\drivers\restore.sys [?]

=============== Created Last 30 ================

2009-04-04 10:25 <DIR> --d----- f:\program files\Kaspersky Lab
2009-04-04 10:25 <DIR> --d----- f:\docume~1\alluse~1.0\applic~1\Kaspersky Lab
2009-04-04 10:10 49,265 a------- f:\windows.0\system32\jpicpl32.cpl
2009-04-04 09:29 96,976 a------- f:\windows.0\system32\drivers\klin.dat
2009-04-04 09:29 87,855 a------- f:\windows.0\system32\drivers\klick.dat

==================== Find3M ====================

2009-03-27 08:14 453,152 a------- f:\windows.0\system32\nvuninst.exe
2009-02-09 07:37 7,808 a------- f:\windows.0\system32\drivers\usbser_lowerfltj.sys
2009-02-09 07:37 659,968 a------- f:\windows.0\system32\nmwcdcocls.dll
2009-02-09 07:37 7,808 a------- f:\windows.0\system32\drivers\usbser_lowerflt.sys
2009-02-09 07:37 22,016 a------- f:\windows.0\system32\drivers\ccdcmbo.sys
2009-02-09 07:37 17,664 a------- f:\windows.0\system32\drivers\ccdcmb.sys
2009-02-09 07:32 1,112,288 a------- f:\windows.0\system32\wdfcoinstaller01007.dll
2009-01-16 18:24 70,936 a------- f:\windows.0\system32\PhysXLoader.dll
2008-03-09 07:25 236 a------- f:\program files\common files\dx.reg
2009-05-31 20:41 51,712 ---shr-- f:\windows.0\system32\1037e.exe
2009-06-04 01:36 20,480 a--sh--- f:\windows.0\system32\acctress.dll

============= FINISH: 10:28:50.35 ===============

pavanbl · 06-06-2009, 10:38 AM

HI All,
Can anyone help me on this.

pavanbl · 06-06-2009, 10:39 AM

HI All,
Can anyone help me on this.

Ried · 06-08-2009, 09:48 PM

Hello pavanbl,

While we're working together on this, please do not try to do anything else on your end unless instructed by me.

It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT- Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

06-04-2009, 09:15 PM	#1 (permalink)
pavanbl Registered User Join Date: Apr 2009 Posts: 19 OS: WinXP	Kaspersky service not running This is thread is extension to the previous thread. Need help with Regedit My issue now is that when I install any anti virus Kaspersky or NOD32 the service does not start in services.msc . I get error 1053 with kaspersky. According to the previous thread I came to know that my PC is infected with Virus. My Registry editor file regedit.exe is now regedit.com . So now I need a best possible solution except PC format. Kindly find the logs from my system below: DDS.txt:- DDS (Ver_09-05-14.01) - NTFSx86 Run by Administrator at 10:28:35.03 on Sat 04/04/2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.5.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1283 [GMT 5.5:30] ============== Running Processes =============== F:\WINDOWS.0\system32\svchost -k DcomLaunch svchost.exe F:\WINDOWS.0\System32\svchost.exe -k netsvcs F:\WINDOWS.0\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe F:\WINDOWS.0\system32\svchost.exe F:\WINDOWS.0\Explorer.EXE F:\WINDOWS.0\system32\spoolsv.exe F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe F:\WINDOWS.0\system32\nvsvc32.exe F:\WINDOWS.0\system32\svchost.exe -k imgsvc F:\WINDOWS.0\System32\TUProgSt.exe svchost.exe "F:\WINDOWS.0\system32\1037e.exe" F:\Program Files\Java\jre1.5.0_16\bin\jusched.exe F:\WINDOWS.0\system32\ctfmon.exe F:\WINDOWS.0\System32\svchost.exe F:\WINDOWS.0\System32\svchost.exe F:\WINDOWS.0\System32\svchost.exe F:\WINDOWS.0\TEMP\BN4D.tmp F:\WINDOWS.0\System32\svchost.exe F:\WINDOWS.0\system32\svchost.exe F:\WINDOWS.0\System32\svchost.exe F:\WINDOWS.0\TEMP\BN4E.tmp F:\Program Files\Mozilla Firefox\firefox.exe F:\WINDOWS.0\System32\svchost.exe F:\WINDOWS.0\TEMP\BN53.tmp F:\WINDOWS.0\System32\svchost.exe F:\WINDOWS.0\TEMP\BN54.tmp F:\WINDOWS.0\System32\svchost.exe F:\WINDOWS.0\TEMP\BN5C.tmp F:\WINDOWS.0\system32\msiexec.exe F:\WINDOWS.0\System32\svchost.exe F:\WINDOWS.0\TEMP\BN71.tmp F:\WINDOWS.0\System32\svchost.exe F:\WINDOWS.0\TEMP\BNA7.tmp F:\WINDOWS.0\System32\svchost.exe F:\WINDOWS.0\System32\svchost.exe F:\WINDOWS.0\TEMP\BNA8.tmp F:\WINDOWS.0\System32\svchost.exe F:\Documents and Settings\Administrator.HOME\Desktop\Download\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uSearch Page = www.google.com uInternet Connection Wizard,ShellNext = hxxp://85.114.141.207/meds/ BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - f:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - f:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - f:\program files\java\jre1.5.0_16\bin\ssv.dll uRun: [ctfmon.exe] f:\windows.0\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE f:\windows.0\system32\NvCpl.dll,NvStartup mRun: [SunJavaUpdateSched] "f:\program files\java\jre1.5.0_16\bin\jusched.exe" mRun: [AVP] "f:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe" dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: f:\docume~1\alluse~1.0\startm~1\programs\startup\ciscos~1.lnk - f:\program files\cisco systems\vpn client\ipsecdialer.exe uPolicies-explorer: NoResolveTrack = 1 (0x1) uPolicies-explorer: NoInstrumentation = 1 (0x1) mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) dPolicies-explorer: NoResolveTrack = 1 (0x1) dPolicies-explorer: NoInstrumentation = 1 (0x1) IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC} - f:\program files\java\jre1.5.0_16\bin\ssv.dll IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - f:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - f:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - f:\progra~1\micros~2\office12\GR99D3~1.DLL Notify: klogon - f:\windows.0\system32\klogon.dll Notify: tdwvuips - tdwvuips32.dll AppInit_DLLs: f:\progra~1\kasper~1\kasper~1\mzvkbd.dll,f:\progra~1\kasper~1\kasper~1\mzvkbd3.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows.0\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - f:\progra~1\micros~2\office12\GRA8E1~1.DLL ================= FIREFOX =================== FF - ProfilePath - f:\docume~1\admini~1.hom\applic~1\mozilla\firefox\profiles\i8z24rx2.default\ FF - plugin: f:\program files\java\jre1.5.0_16\bin\NPJava11.dll FF - plugin: f:\program files\java\jre1.5.0_16\bin\NPJava12.dll FF - plugin: f:\program files\java\jre1.5.0_16\bin\NPJava13.dll FF - plugin: f:\program files\java\jre1.5.0_16\bin\NPJava14.dll FF - plugin: f:\program files\java\jre1.5.0_16\bin\NPJava32.dll FF - plugin: f:\program files\java\jre1.5.0_16\bin\NPJPI150_16.dll FF - plugin: f:\program files\java\jre1.5.0_16\bin\NPOJI610.dll FF - plugin: f:\program files\mozilla firefox\plugins\npicaN.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 6 FF - user.js: network.http.max-persistent-connections-per-server - 3 FF - user.js: nglayout.initialpaint.delay - 750 FF - user.js: content.notify.interval - 750000 FF - user.js: content.max.tokenizing.time - 2250000 ============= SERVICES / DRIVERS =============== R1 FDCENT;FDCENT;f:\windows.0\system32\drivers\FDCENT.SYS [2009-5-20 47470] R1 KLIF;Kaspersky Lab Driver;f:\windows.0\system32\drivers\klif.sys [2009-4-4 227344] R2 CVPNDRV;Cisco Systems IPsec Driver;f:\windows.0\system32\drivers\CVPNDrv.sys [2009-5-29 263749] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;f:\windows.0\system32\TUProgSt.exe [2009-5-31 603904] R3 klim5;Kaspersky Anti-Virus NDIS Filter;f:\windows.0\system32\drivers\klim5.sys [2008-4-30 24592] S0 kl1;Kl1;f:\windows.0\system32\drivers\kl1.sys [2008-7-21 121872] S0 klbg;Kaspersky Lab Boot Guard Driver;f:\windows.0\system32\drivers\klbg.sys [2008-1-29 32784] S1 2e89eb79;2e89eb79;f:\windows.0\system32\drivers\2e89eb79.sys --> f:\windows.0\system32\drivers\2e89eb79.sys [?] S2 AVP;Kaspersky Anti-Virus;f:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 206088] S2 WebClientProtectedStorage;WebClient WebClientProtectedStorage;f:\windows.0\system32\1037e.exe srv --> f:\windows.0\system32\1037e.exe srv [?] S3 restore;restore;\??\f:\windows.0\system32\drivers\restore.sys --> f:\windows.0\system32\drivers\restore.sys [?] =============== Created Last 30 ================ 2009-04-04 10:25 <DIR> --d----- f:\program files\Kaspersky Lab 2009-04-04 10:25 <DIR> --d----- f:\docume~1\alluse~1.0\applic~1\Kaspersky Lab 2009-04-04 10:10 49,265 a------- f:\windows.0\system32\jpicpl32.cpl 2009-04-04 09:29 96,976 a------- f:\windows.0\system32\drivers\klin.dat 2009-04-04 09:29 87,855 a------- f:\windows.0\system32\drivers\klick.dat ==================== Find3M ==================== 2009-03-27 08:14 453,152 a------- f:\windows.0\system32\nvuninst.exe 2009-02-09 07:37 7,808 a------- f:\windows.0\system32\drivers\usbser_lowerfltj.sys 2009-02-09 07:37 659,968 a------- f:\windows.0\system32\nmwcdcocls.dll 2009-02-09 07:37 7,808 a------- f:\windows.0\system32\drivers\usbser_lowerflt.sys 2009-02-09 07:37 22,016 a------- f:\windows.0\system32\drivers\ccdcmbo.sys 2009-02-09 07:37 17,664 a------- f:\windows.0\system32\drivers\ccdcmb.sys 2009-02-09 07:32 1,112,288 a------- f:\windows.0\system32\wdfcoinstaller01007.dll 2009-01-16 18:24 70,936 a------- f:\windows.0\system32\PhysXLoader.dll 2008-03-09 07:25 236 a------- f:\program files\common files\dx.reg 2009-05-31 20:41 51,712 ---shr-- f:\windows.0\system32\1037e.exe 2009-06-04 01:36 20,480 a--sh--- f:\windows.0\system32\acctress.dll ============= FINISH: 10:28:50.35 ===============

06-06-2009, 10:38 AM	#2 (permalink)
pavanbl Registered User Join Date: Apr 2009 Posts: 19 OS: WinXP	Re: Kaspersky service not running HI All, Can anyone help me on this.

06-06-2009, 10:39 AM	#3 (permalink)
pavanbl Registered User Join Date: Apr 2009 Posts: 19 OS: WinXP	Re: Kaspersky service not running HI All, Can anyone help me on this.

06-08-2009, 09:48 PM	#4 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,938 OS: WinXP and Vista	Re: Kaspersky service not running Hello pavanbl, While we're working together on this, please do not try to do anything else on your end unless instructed by me. It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. ************************************************* Download ComboFix from one of these locations: Link 1 Link 2 Link 3** * IMPORTANT- Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on combofix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt** in your next reply for further review. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."