|
| ||
| Taskbar changes color and internet disconnect Hi to everyone I'm new here!!!! Initially my problem started with no sound after reboot & internet disconnection after few minutes of reboot. Now since I turn windows audio service to automatic, sound related issue seems to be gone. I tried everything that I know from google searching like scanning with Malwarebyte's Ant-Malware, Trend-mico's HouseCall, Combofix etc. but the issue of taskbar color change due to which I loose my internet connection still exist:angry: Here are all log reports: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:44:30 AM, on 11/5/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe D:\My IMP. Program files\Capture\Capture.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Intel\IDU\awServ.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\fsproflt.exe E:\Program Files\UGS\Imageware Licensing\12.00.000\bin\lmgrd.exe E:\Program Files\UGS\Imageware Licensing\12.00.000\bin\iwlmd.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT1978305 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [Capture .NET] "D:\My IMP. Program files\Capture\Capture.exe" O4 - Startup: AutorunsDisabled O4 - Global Startup: AutorunsDisabled O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequireme...eqlab_srlx.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1249759713703 O17 - HKLM\System\CCS\Services\Tcpip\..\{EB49111A-80B5-405E-9E80-12F82DCD5FA6}: NameServer = 203.192.198.7,203.192.198.5 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\WINDOWS\system32\fsproflt.exe O23 - Service: Imageware 12 License Manager - GLOBEtrotter Software Inc. - E:\Program Files\UGS\Imageware Licensing\12.00.000\bin\lmgrd.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O23 - Service: ZL - Unknown owner - C:\DOCUME~1\NAVNATH\LOCALS~1\Temp\ZL.exe (file missing) -- End of file - 8835 bytes ComboFix 09-11-04.02 - NAVNATH 11/05/2009 0:13.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1543 [GMT 5.5:30] Running from: c:\documents and settings\NAVNATH\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1356 [VPS 091103-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents C:\Recycle c:\recycler\S-1-5-21-0306782404-0403296150-468932291-1673 c:\recycler\S-1-5-21-1690392628-9639070320-204829838-7964 c:\recycler\S-1-5-21-4340829974-8025113630-805332040-7178 c:\recycler\S-1-5-21-4404245323-2510926375-959924715-4889 c:\recycler\S-1-5-21-4526544003-9131078385-546885970-0446 c:\recycler\S-1-5-21-4642916222-7686821538-614090642-3753 c:\recycler\S-1-5-21-5504431452-5768450549-560062291-7959 c:\recycler\S-1-5-21-7762691254-4116871461-074637373-8948 c:\recycler\S-1-5-21-7804478225-5844174979-977742103-8620 c:\recycler\S-1-5-21-7872991201-0422058234-947134708-6514 c:\recycler\S-1-5-21-796845957-1614895754-682003330-500 c:\recycler\S-1-5-21-8752049922-5241934417-628490504-9581 c:\windows\system32\28463 c:\windows\system32\tmp1.tmp c:\windows\system32\tmp2.tmp c:\windows\system32\tmp3.tmp c:\windows\system32\tmp61.tmp c:\windows\system32\tmp62.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_OREANS32 -------\Service_oreans32 ((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 ))))))))))))))))))))))))))))))) . 2009-11-04 14:40 . 2009-11-04 14:40 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\Malwarebytes 2009-11-04 14:40 . 2009-09-10 09:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-04 14:39 . 2009-11-04 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-04 14:39 . 2009-09-10 09:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-02 20:43 . 2009-11-02 20:43 -------- d-----w- c:\windows\system32\wbem\Repository 2009-11-02 13:16 . 2009-11-02 13:16 319488 ----a-w- c:\windows\HideWin.exe 2009-11-01 13:56 . 2009-11-01 14:05 -------- d-----w- c:\program files\SystemRequirementsLab 2009-10-31 19:19 . 2009-10-31 19:45 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\GetRightToGo 2009-10-30 00:17 . 2009-10-30 00:11 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-10-30 00:17 . 2009-10-30 00:17 151392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\DownloadGuardBHO.dll 2009-10-30 00:17 . 2009-10-30 00:17 428936 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\DownloadGuard.exe 2009-10-30 00:17 . 2009-10-30 00:17 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-10-30 00:17 . 2009-10-30 00:17 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll 2009-10-30 00:17 . 2009-10-30 00:17 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-10-30 00:17 . 2009-10-30 00:17 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-10-30 00:17 . 2009-10-30 00:17 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-10-30 00:17 . 2009-10-30 00:17 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll 2009-10-30 00:17 . 2009-10-30 00:17 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll 2009-10-30 00:16 . 2009-10-30 00:17 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll 2009-10-30 00:16 . 2009-10-30 00:16 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-10-30 00:16 . 2009-10-30 00:16 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-10-30 00:16 . 2009-10-30 00:16 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll 2009-10-30 00:16 . 2009-10-30 00:16 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll 2009-10-30 00:16 . 2009-10-30 00:16 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll 2009-10-30 00:13 . 2009-10-30 00:14 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2009-10-30 00:13 . 2009-10-30 00:13 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-10-30 00:13 . 2009-10-30 00:13 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-10-30 00:13 . 2009-10-30 00:13 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-10-30 00:13 . 2009-10-30 00:13 640608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2009-10-30 00:11 . 2009-10-30 00:11 815760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-10-30 00:11 . 2009-10-30 00:11 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-10-30 00:11 . 2009-10-30 00:11 1638104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-10-30 00:11 . 2009-10-30 00:11 788368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-10-30 00:11 . 2009-10-30 00:11 1179232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-10-30 00:11 . 2009-10-30 00:11 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys 2009-10-30 00:08 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe 2009-10-27 08:52 . 2009-10-27 08:52 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\OpenWith.org Cache 2009-10-25 22:43 . 2009-10-30 00:08 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-15 10:20 . 2009-10-15 10:20 -------- d-----w- c:\documents and settings\NAVNATH\Local Settings\Application Data\Activision 2009-10-15 10:16 . 2009-10-21 16:12 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-10-15 10:16 . 2009-10-15 10:16 22328 ----a-w- c:\documents and settings\NAVNATH\Application Data\PnkBstrK.sys 2009-10-15 10:16 . 2009-10-21 16:12 111928 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-10-15 10:16 . 2009-11-03 07:43 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-10-15 10:16 . 2009-10-15 10:16 682280 ----a-w- c:\windows\system32\pbsvc.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-04 18:48 . 2008-12-12 08:51 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-11-01 18:23 . 2008-07-10 17:03 -------- d-----w- c:\program files\Intel 2009-11-01 11:22 . 2009-09-19 19:17 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\Azureus 2009-10-31 19:54 . 2008-07-10 17:11 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-31 19:53 . 2009-08-11 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2009-10-31 18:34 . 2009-09-19 19:16 -------- d-----w- c:\program files\Vuze 2009-10-30 00:17 . 2009-02-08 09:47 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-10-30 00:08 . 2009-02-06 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-10-21 16:59 . 2009-09-10 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater 2009-10-02 10:14 . 2009-10-02 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite 2009-10-02 10:14 . 2009-10-02 10:14 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\PC Suite 2009-10-02 10:09 . 2009-10-02 10:09 -------- d-----w- c:\program files\Samsung 2009-10-02 10:08 . 2009-10-02 10:08 -------- d-----w- c:\program files\PC Connectivity Solution 2009-10-02 10:08 . 2009-10-02 10:08 -------- d-----w- c:\program files\DIFX 2009-10-02 10:08 . 2009-10-02 10:08 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\Samsung 2009-10-02 10:08 . 2009-10-02 10:08 -------- d-----w- c:\program files\MarkAny 2009-09-24 06:25 . 2009-09-24 06:25 184320 ----a-w- c:\windows\system32\Ncs2Setp.dll 2009-09-24 06:13 . 2009-09-24 06:13 768632 ----a-w- c:\windows\system32\ncs2dmix.dll 2009-09-24 06:12 . 2009-09-24 06:12 539256 ----a-w- c:\windows\system32\accesor.dll 2009-09-24 05:50 . 2009-09-24 05:50 141944 ----a-w- c:\windows\system32\ncs2instutility.dll 2009-09-24 05:39 . 2009-09-24 05:39 1677944 ----a-w- c:\windows\system32\ncscolib.dll 2009-09-23 12:55 . 2009-02-08 08:49 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-09-21 08:50 . 2009-09-21 08:50 28632 ----a-w- c:\windows\system32\drivers\iqvw32.sys 2009-09-19 19:17 . 2009-09-19 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2009-09-19 19:16 . 2009-09-19 19:16 -------- d-----w- c:\program files\Common Files\i4j_jres 2009-09-19 18:38 . 2009-08-27 18:32 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\uTorrent 2009-09-15 10:59 . 2009-08-03 10:29 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-15 10:56 . 2009-08-03 10:29 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-15 10:56 . 2009-08-03 10:29 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-15 10:55 . 2009-08-03 10:29 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-15 10:55 . 2009-08-03 10:29 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-15 10:54 . 2009-08-03 10:29 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-15 10:54 . 2009-08-03 10:29 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-15 10:53 . 2009-08-03 10:29 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-15 10:53 . 2009-08-03 10:29 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-10 01:15 . 2009-09-10 01:15 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\Thinstall 2009-09-10 00:31 . 2009-09-10 00:31 -------- d-----w- c:\program files\Autorun Eater 2009-09-09 00:16 . 2009-09-09 00:16 -------- d-----w- c:\program files\Common Files\xing shared 2009-09-09 00:16 . 2009-09-09 00:15 -------- d-----w- c:\program files\Common Files\Real 2009-09-09 00:15 . 2006-07-11 13:05 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-09-09 00:15 . 2009-09-09 00:15 -------- d-----w- c:\program files\Real 2009-09-06 20:39 . 2009-09-06 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-09-06 20:37 . 2009-09-06 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-09-06 20:34 . 2009-09-06 20:31 -------- d-----w- c:\program files\Yahoo! 2009-09-06 20:34 . 2009-09-06 20:34 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\Yahoo! 2009-09-06 04:33 . 2009-06-01 18:29 -------- d-----w- c:\program files\Google 2009-08-18 11:46 . 2008-07-14 16:13 831488 ----a-w- c:\windows\RtlExUpd.dll 2009-08-14 11:14 . 2009-08-14 11:14 6379936 ----a-w- c:\windows\screensaver_radiance.exe 2009-08-14 11:14 . 2009-08-14 11:14 28672 ----a-w- c:\windows\gscr.dll 2009-08-14 11:14 . 2009-08-14 11:14 127904 ----a-w- c:\windows\screensaver_radiance.scr 2009-08-13 14:13 . 2009-08-11 18:57 54 ----a-w- c:\windows\system32\rp_stats.dat 2009-08-13 14:13 . 2009-08-11 18:57 39 ----a-w- c:\windows\system32\rp_rules.dat 2009-08-08 19:50 . 2009-08-08 19:50 3317272 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA3_DapSo.exe 2009-08-08 19:46 . 2009-08-08 19:46 50688 ----a-w- c:\windows\system32\wbhelp2.dll 2008-07-10 18:08 . 2008-07-10 18:08 23 --sha-w- c:\windows\system32\adbfbea2_d.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920] "Capture .NET"="d:\my imp. program files\Capture\Capture.exe" [2009-03-24 790528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488] "TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2007-05-09 106904] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016] "avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-09-15 81000] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2008-06-19 2808832] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376] c:\documents and settings\NAVNATH\Start Menu\Programs\Startup\AutorunsDisabled SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2007-9-9 488728] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 01000000 "NoStrCmpLogical"= 01000000 "NoSMMyPictures"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Application Data^Microsoft^Shortcuts^icwsetup.exe] path=c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe backup=c:\windows\pss\icwsetup.exeCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PLFlash DeviceIoControl Service"=2 (0x2) "wuauserv"=2 (0x2) "gusvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"= "c:\\Program Files\\Autodesk\\backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\backburner\\server.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "e:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "e:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "e:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [3/19/2009 5:52 PM 43792] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/8/2009 2:19 PM 64288] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/3/2009 3:59 PM 114768] R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [4/24/2007 10:22 PM 16688] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/3/2009 3:59 PM 20560] R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [3/19/2009 5:52 PM 73392] R2 Imageware 12 License Manager;Imageware 12 License Manager;e:\program files\UGS\Imageware Licensing\12.00.000\bin\lmgrd.exe [9/25/2002 2:40 AM 597504] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 4:47 PM 1179232] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10/2/2009 3:38 PM 36608] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/7/2007 1:52 AM 34064] S3 ZL;ZL;c:\docume~1\NAVNATH\LOCALS~1\Temp\ZL.exe --> c:\docume~1\NAVNATH\LOCALS~1\Temp\ZL.exe [?] S4 BBDemon;Backbone Service;"e:\program files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service --> e:\program files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [?] S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [10/2/2009 3:38 PM 233472] S4 gupdate1ca20fd77090518;Google Update Service (gupdate1ca20fd77090518);c:\program files\Google\Update\GoogleUpdate.exe [8/20/2009 12:17 AM 133104] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-19 18:47] 2009-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-19 18:47] 2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1614895754-682003330-1003Core.job - c:\documents and settings\NAVNATH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:56] 2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1614895754-682003330-1003UA.job - c:\documents and settings\NAVNATH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1978305 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Clean Traces IE: &Download with &DAP IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Download &all with DAP IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {EB49111A-80B5-405E-9E80-12F82DCD5FA6} = 203.192.198.7,203.192.198.5 DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab . - - - - ORPHANS REMOVED - - - - HKLM-Run-Internet Connection Wizard Setup Tool - c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe HKLM-Run-NPSStartup - (no file) Notify-WgaLogon - (no file) AddRemove-{B52F8C4B-FE88-4B59-9B80-1C93669D7DEB}_is1 - c:\program files\OpenWith.org ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-05 00:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89E3F1E8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x89e3f1e8 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection ! ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3476) c:\windows\system32\nview.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files\Intel\IDU\awServ.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe c:\program files\NVIDIA Corporation\nTune\nTuneService.exe c:\windows\system32\locator.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\rundll32.exe e:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Completion time: 2009-11-04 0:20 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-04 18:50 Pre-Run: 17,365,811,200 bytes free Post-Run: 17,272,356,864 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Malwarebytes' Anti-Malware 1.41 Database version: 3099 Windows 5.1.2600 Service Pack 2 11/4/2009 8:59:07 PM mbam-log-2009-11-04 (20-59-07).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|) Objects scanned: 333445 Time elapsed: 44 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-21cx1c987224} (Generic.Bot.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgMgr (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Recycle\P-1-3-64-8794238531-8742492-9897532 (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\NAVNATH\restorer64_a.exe (SpamTool.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D480C6E8-D1B9-432F-BEE0-48857CFACC20}\RP448\A0145821.exe (SpamTool.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\restorer64_a.exe (SpamTool.Agent) -> Quarantined and deleted successfully. F:\System Volume Information\_restore{D480C6E8-D1B9-432F-BEE0-48857CFACC20}\RP442\A0143716.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Recycle\P-1-3-64-8794238531-8742492-9897532\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\NAVNATH\Start Menu\Programs\Startup\zavupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\NAVNATH\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully. Hope expert here take some time to analyze these logs. Thank you. |
| All times are GMT -4. The time now is 7:58 am. |
Forum system based on vBulletin Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
©2003 - 2010 DaniWeb® LLC