Hardware and Software
>
Microsoft Windows
>
Viruses, Spyware and other Nasties
>
Virus is changing taskbar color to gray and disables my sound
Have something to say? Contribute New Article Reply to this Article Virus is changing taskbar color to gray and disables my sound
Hi All,
I know that this question has been asked earlier but my hijackthis log did not contained the entries mentioned by previous members.
I am facing the same problem, my taskbar changes color after around 15 min and sound gets disabled, I ran Malwarebytes Anti-Malware but there were no problems reported by it, my Hijack this log is posted below, please help. Sorry if I am breaking any forum rules is this is my first post.
------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:55:58 PM, on 5/9/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\PUNIT\My Documents\Downloads\Programs\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com/avcenter/expanded_threats/virus_worm_trojan_horse.html
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {04992EB8-B0FB-4D1B-8316-E5C043CB2A58} - C:\WINDOWS\system32\tuvVMdDT.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Logitech Internet Handset.lnk = C:\Program Files\Logitech\Logitech Internet Handset\LOGI_HDS.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E45C540D-144A-49EB-B4D9-234EC70B05E3}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 8071 bytes
Thanks for your response jyoticse804, I can only afford free versions of the software right now.
Till now the free version of Antimalware worked great and had saved me from lots of infections, but this time it is not detecting any issues.
First of all your log shows two Security Suites on the computer, COMODO Internet Security and Norton. If both of these contain a firewall and anti-virus program this is a big no-no. Rule is ONE of each on a computer.
Malwarebytes'Ant-Malware should NOT be booting up with the computer, real time protection with MBA-M is only available on the paid version. However the Free version is all you need for scanning and removals as long as you keep it updated before each scan. They offer multiple updates DAILY so updating prior to scanning is an absolute must.
The computer itself is way out of date, you only have XP SP2 on there, SP3 has been available for install since 2008. Your computer is no longer supported by Microsoft because of this. If you had SP3 on there full support would be available until April 2014.
HiJackThis is generally considered a scanner program, not a fixer and really isn't used as much today because it definitely doesn't show everything that is needed to clean the computer.
Follow all the steps given in our Read Me First Sticky and post back here with all the resulting logs and we can go from there.
Here is the link for the Read Me First sticky which is actually found at the top of the list here on the forum.
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865
jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
Hi jholland1964, Sorry for not following the proper procedure for asking help. I have created all the logs and I am posting below, sorry again as this was my first post.
I am pasting Malwarebytes report, but please allow me to attach other files as they are big and the forum is giving me "too many characters" error.
I am sorry again as I am attaching logs without request.
MalwareBytes’ Anti-Malware log
-------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6539
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
5/9/2011 9:42:23 PM
mbam-log-2011-05-09 (21-42-23).txt
Scan type: Full scan (C:\|)
Objects scanned: 214533
Time elapsed: 41 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
since you have also posted this question and logs at another website I suggest that you continue there. It is never a good idea to have threads running at two different forums at the same time as instructions and tools may conflict.
Good luck.
jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
Dear jholland1964, I am sorry if I offended any one but, I am really in lot of trauma because of the issue and I was looking for a quick resolution, so I also posted on the other forum.
If there is an issue I will close the thread in the other forum, but please help me as no one has answered on the other forum yet.
Thanks
Punit
Taking offense has nothing to do with it. As I said, by posting and following steps at more than one forum instructions given at one may interfere or cause problems with steps given at another and therefore cause greater difficulty than you were having originally.Forums such as this one and the other one where you have posted your problems are operated by volunteers, our time and their time is limited. We work as quickly as we can. You also have to take into consideration, time zones. The internet is international, so while it may be day time where I am, it may very well be night time where you are, and vice/versa. As long as you are willing to continue only here then we will.
Your logs show the presence of a rootkit, please do the following:
Please read carefully and follow these steps.
* Download TDSSKiller and save it to your Desktop.
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
* Extract its contents to your desktop.
* Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
* If an infected file is detected, the default action will be Cure, click on Continue.
* If a suspicious file is detected, the default action will be Skip, click on Continue.
* It may ask you to reboot the computer to complete the process. Click on Reboot Now.
* If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
* If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
Dear jholland1964, I performed the scan and TDSSkiller cured one file. I am pasting the log below, please let me know if any other steps are required.
Thanks
Punit
-------------------------------------------------------------------------------------
2011/05/10 22:04:17.0765 3356 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/10 22:04:19.0031 3356 ================================================================================
2011/05/10 22:04:19.0031 3356 SystemInfo:
2011/05/10 22:04:19.0031 3356
2011/05/10 22:04:19.0031 3356 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/10 22:04:19.0031 3356 Product type: Workstation
2011/05/10 22:04:19.0031 3356 ComputerName: PUNIT-FY9TVQQW2
2011/05/10 22:04:19.0031 3356 UserName: PUNIT
2011/05/10 22:04:19.0031 3356 Windows directory: C:\WINDOWS
2011/05/10 22:04:19.0031 3356 System windows directory: C:\WINDOWS
2011/05/10 22:04:19.0031 3356 Processor architecture: Intel x86
2011/05/10 22:04:19.0031 3356 Number of processors: 2
2011/05/10 22:04:19.0031 3356 Page size: 0x1000
2011/05/10 22:04:19.0031 3356 Boot type: Normal boot
2011/05/10 22:04:19.0031 3356 ================================================================================
2011/05/10 22:04:19.0390 3356 Initialize success
2011/05/10 22:04:39.0437 3904 ================================================================================
2011/05/10 22:04:39.0437 3904 Scan started
2011/05/10 22:04:39.0437 3904 Mode: Manual;
2011/05/10 22:04:39.0437 3904 ================================================================================
2011/05/10 22:04:39.0984 3904 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/10 22:04:40.0046 3904 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/10 22:04:40.0156 3904 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/10 22:04:40.0250 3904 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/10 22:04:40.0656 3904 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/10 22:04:40.0718 3904 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/10 22:04:40.0796 3904 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/10 22:04:40.0875 3904 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/10 22:04:40.0984 3904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/10 22:04:41.0109 3904 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
2011/05/10 22:04:41.0171 3904 Btcsrusb (fb2abc6d08d9f8d5ed8e02cbd18b39bb) C:\WINDOWS\system32\Drivers\btcusb.sys
2011/05/10 22:04:41.0218 3904 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\WINDOWS\system32\Drivers\vbtenum.sys
2011/05/10 22:04:41.0265 3904 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
2011/05/10 22:04:41.0359 3904 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
2011/05/10 22:04:41.0484 3904 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/10 22:04:41.0531 3904 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/10 22:04:41.0640 3904 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/10 22:04:41.0687 3904 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/10 22:04:41.0765 3904 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/10 22:04:41.0921 3904 cmdGuard (cc56fa45ba18904cb04382ae9f52b1a5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
2011/05/10 22:04:41.0968 3904 cmdHlp (3a70948ab6e966bdaef2baec1f8ef9d1) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
2011/05/10 22:04:42.0062 3904 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/10 22:04:42.0187 3904 cpuidlep (3a1dc7c08ae1af450ffd753a0fd82f9d) C:\WINDOWS\system32\drivers\cpuidlep.sys
2011/05/10 22:04:42.0265 3904 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2011/05/10 22:04:42.0390 3904 dfmirage (d8cd6a2a94f545858eec6117f0d5dff4) C:\WINDOWS\system32\DRIVERS\dfmirage.sys
2011/05/10 22:04:42.0468 3904 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/10 22:04:42.0546 3904 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/10 22:04:42.0625 3904 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/10 22:04:42.0687 3904 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/10 22:04:42.0750 3904 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/10 22:04:42.0828 3904 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/10 22:04:42.0890 3904 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/10 22:04:42.0953 3904 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/10 22:04:43.0062 3904 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/10 22:04:43.0109 3904 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/10 22:04:43.0203 3904 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/10 22:04:43.0265 3904 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/10 22:04:43.0312 3904 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/10 22:04:43.0437 3904 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/05/10 22:04:43.0484 3904 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/10 22:04:43.0578 3904 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/10 22:04:43.0640 3904 HidBatt (13c0d55da4b7148ef980e130b85d9f2c) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/05/10 22:04:43.0687 3904 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/10 22:04:43.0828 3904 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/10 22:04:43.0984 3904 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/10 22:04:44.0046 3904 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/10 22:04:44.0281 3904 Inspect (28c95218d0c19db3a86bb4e53d6586e9) C:\WINDOWS\system32\DRIVERS\inspect.sys
2011/05/10 22:04:44.0500 3904 IntcAzAudAddService (90e1b42e49d9e91e5accaaaaefa10ce8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/10 22:04:44.0640 3904 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/10 22:04:44.0687 3904 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/10 22:04:44.0765 3904 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/10 22:04:44.0812 3904 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/10 22:04:44.0890 3904 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/10 22:04:44.0921 3904 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/10 22:04:44.0984 3904 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/10 22:04:45.0078 3904 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/10 22:04:45.0125 3904 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/10 22:04:45.0187 3904 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/10 22:04:45.0265 3904 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/10 22:04:45.0406 3904 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
2011/05/10 22:04:45.0515 3904 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/10 22:04:45.0578 3904 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/10 22:04:45.0625 3904 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/10 22:04:45.0656 3904 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/10 22:04:45.0750 3904 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/10 22:04:45.0875 3904 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/10 22:04:45.0984 3904 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/10 22:04:46.0046 3904 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/10 22:04:46.0093 3904 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/10 22:04:46.0140 3904 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/10 22:04:46.0218 3904 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/10 22:04:46.0265 3904 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/10 22:04:46.0296 3904 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/10 22:04:46.0375 3904 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/10 22:04:46.0515 3904 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110508.003\NAVENG.Sys
2011/05/10 22:04:46.0593 3904 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110508.003\NavEx15.Sys
2011/05/10 22:04:46.0687 3904 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/10 22:04:46.0734 3904 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/10 22:04:46.0828 3904 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/10 22:04:46.0890 3904 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/10 22:04:46.0937 3904 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/10 22:04:47.0000 3904 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/10 22:04:47.0046 3904 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/10 22:04:47.0093 3904 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/10 22:04:47.0234 3904 nmwcd (9a908a9bb857c2cceb2907eb9dcaeb8b) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/05/10 22:04:47.0296 3904 nmwcdc (68ec3ee2348e475ea62c66e6aafcfc9b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/05/10 22:04:47.0359 3904 NPDriver (410ab482d8a1e1655a7158a7b5c72ce7) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
2011/05/10 22:04:47.0421 3904 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/10 22:04:47.0500 3904 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/10 22:04:47.0593 3904 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/10 22:04:47.0828 3904 nv (f8be83f0c686533170f7537e94bf411a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/10 22:04:48.0109 3904 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/10 22:04:48.0156 3904 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/10 22:04:48.0203 3904 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/10 22:04:48.0265 3904 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/10 22:04:48.0328 3904 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/10 22:04:48.0390 3904 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2011/05/10 22:04:48.0437 3904 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/10 22:04:48.0531 3904 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/10 22:04:48.0625 3904 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/10 22:04:48.0921 3904 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/10 22:04:48.0968 3904 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/10 22:04:49.0031 3904 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/10 22:04:49.0078 3904 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/10 22:04:49.0140 3904 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/10 22:04:49.0359 3904 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/10 22:04:49.0406 3904 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/10 22:04:49.0484 3904 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/10 22:04:49.0531 3904 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/10 22:04:49.0593 3904 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/10 22:04:49.0671 3904 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/10 22:04:49.0750 3904 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/10 22:04:49.0828 3904 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/10 22:04:49.0937 3904 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/10 22:04:50.0000 3904 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/10 22:04:50.0109 3904 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/05/10 22:04:50.0171 3904 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/05/10 22:04:50.0265 3904 SAVRT (ac9d162f3dd155e6023aa5ac89f59780) C:\Program Files\Norton AntiVirus\SAVRT.SYS
2011/05/10 22:04:50.0312 3904 SAVRTPEL (7bd636b57b7fd56c2c2ac9515f6b57d7) C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
2011/05/10 22:04:50.0453 3904 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/10 22:04:50.0546 3904 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/10 22:04:50.0578 3904 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/10 22:04:50.0656 3904 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/10 22:04:50.0765 3904 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/10 22:04:50.0828 3904 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys
2011/05/10 22:04:50.0984 3904 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2011/05/10 22:04:51.0109 3904 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/10 22:04:51.0171 3904 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/10 22:04:51.0234 3904 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/10 22:04:51.0312 3904 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/10 22:04:51.0359 3904 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/10 22:04:51.0421 3904 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/10 22:04:51.0625 3904 SymEvent (05d9613efe7809e384c10da26958dfa4) C:\Program Files\Symantec\SYMEVENT.SYS
2011/05/10 22:04:51.0718 3904 symlcbrd (993c0cb4bedddebf7254191ec8a3f67e) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/05/10 22:04:51.0781 3904 SYMREDRV (f26e71125da173d57caba3457c5e48cf) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/05/10 22:04:51.0843 3904 SYMTDI (23b6adbaa7026c53b5ef102e56750b13) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/05/10 22:04:51.0984 3904 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/10 22:04:52.0062 3904 Tcpip (3adce4790f591bf160a94f6f08039577) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/10 22:04:52.0140 3904 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/10 22:04:52.0218 3904 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/10 22:04:52.0281 3904 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/10 22:04:52.0437 3904 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/10 22:04:52.0562 3904 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/10 22:04:52.0625 3904 upperdev (a34560a5d516a2f5240180370866b99d) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/05/10 22:04:52.0750 3904 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/10 22:04:52.0796 3904 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/10 22:04:52.0875 3904 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/10 22:04:52.0953 3904 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/10 22:04:53.0000 3904 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/10 22:04:53.0062 3904 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\drivers\usbser.sys
2011/05/10 22:04:53.0125 3904 UsbserFilt (6410eebd6e0427466812858ee84c8467) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/05/10 22:04:53.0203 3904 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/10 22:04:53.0281 3904 VComm (51750b0539986186c6931fc40d171521) C:\WINDOWS\system32\DRIVERS\VComm.sys
2011/05/10 22:04:53.0343 3904 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\WINDOWS\system32\Drivers\VcommMgr.sys
2011/05/10 22:04:53.0406 3904 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/10 22:04:53.0531 3904 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/10 22:04:53.0609 3904 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/10 22:04:53.0734 3904 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/10 22:04:53.0906 3904 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/10 22:04:54.0046 3904 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/10 22:04:54.0093 3904 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/10 22:04:54.0203 3904 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/10 22:04:54.0265 3904 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/10 22:04:54.0343 3904 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/10 22:04:54.0343 3904 ================================================================================
2011/05/10 22:04:54.0343 3904 Scan finished
2011/05/10 22:04:54.0343 3904 ================================================================================
2011/05/10 22:04:54.0359 3384 Detected object count: 1
2011/05/10 22:05:04.0937 3384 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/10 22:05:04.0937 3384 \HardDisk0 - ok
2011/05/10 22:05:04.0937 3384 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/10 22:05:30.0296 2304 Deinitialize success
I hope that you rebooted after running the tool.If you did not, please do so before following the next instruction.
Next you need to do this:
Please download ComboFix by sUBs from
http://www.bleepingcomputer.com/download/anti-virus/combofix
Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.
• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Combofix ONCE only!!
jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
Dear jholland1964, I ran combofix and I am pasting the log below, I had also restarted earlier after running TDSSkiller. Please let me know the next step, I did not had windows recovery console installed and so I got that error while running combofix.
Thanks
Punit
-------------------------------------------------------------------------------------
ComboFix 11-05-09.03 - PUNIT 05/10/2011 22:38:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1417 [GMT 5.5:30]
Running from: c:\documents and settings\PUNIT\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\PUNIT\Application Data\NGH150_AllWin_EnglishTryBuy30.exe
c:\documents and settings\PUNIT\g2mdlhlpx.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
.
.
((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))
.
.
2011-05-03 07:20 . 2011-04-18 03:45 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DF65F233-9C87-4B17-A3D6-14DBA0F6806A}\mpengine.dll
2011-04-19 16:54 . 2011-04-19 16:55 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-15 08:41 . 2011-04-15 08:41 -------- d-----w- c:\program files\COMODO
2011-04-12 14:13 . 2011-05-05 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-04-12 14:12 . 2011-04-12 14:12 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 07:22 . 2011-01-06 12:07 97504 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-05-05 06:55 . 2010-12-28 20:12 284744 ----a-w- c:\windows\system32\guard32.dll
2011-05-05 06:54 . 2011-01-06 12:07 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-05-05 06:54 . 2011-01-06 12:07 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-05-05 06:54 . 2011-01-06 12:07 242472 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-04-14 11:00 . 2008-09-28 19:21 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-29 17:10 . 2011-03-23 19:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2009-04-02 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-04-02 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-03 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-28 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 71328]
"NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 124096]
"Advanced Tools Check"="c:\progra~1\NORTON~1\AdvTools\ADVCHK.EXE" [2003-08-17 74920]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-06-18 95960]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-06-20 258134]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-10 2552648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PictureMover.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PictureMover.lnk
backup=c:\windows\pss\PictureMover.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 07:19 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 12:38 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 05:20 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-21 22:55 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-03 17:39 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Documents and Settings\\PUNIT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\PUNIT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/2/2008 12:37 AM 28552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 29400]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/25/2010 2:05 PM 20952]
S1 bgneofxh;bgneofxh;\??\c:\windows\system32\drivers\bgneofxh.sys --> c:\windows\system32\drivers\bgneofxh.sys [?]
S1 tuhmadet;tuhmadet;\??\c:\windows\system32\drivers\tuhmadet.sys --> c:\windows\system32\drivers\tuhmadet.sys [?]
S2 ecpdquan;Terminal Server Device Redirector Support;c:\windows\System32\svchost.exe -k netsvcs [10/5/2001 12:46 AM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:21 AM 135664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/25/2010 2:05 PM 363344]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:21 AM 135664]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S4 NProtectService;Norton Unerase Protection;c:\program files\Norton AntiVirus\AdvTools\NPROTECT.EXE [6/19/2008 4:07 AM 135168]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ecpdquan
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-19 10:09]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 19:51]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 19:51]
.
2011-05-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 12:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://securityresponse.symantec.com/avcenter/expanded_threats/virus_worm_trojan_horse.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\windows\system32\idmmbc.dll
TCP: {E45C540D-144A-49EB-B4D9-234EC70B05E3} = 8.8.8.8,8.8.4.4
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PUNIT\Application Data\Mozilla\Firefox\Profiles\obb7duic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{04992EB8-B0FB-4D1B-8316-E5C043CB2A58} - c:\windows\system32\tuvVMdDT.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-f4642a98 - c:\windows\system32\xrqroqnv.dll
MSConfigStartUp-Google Update - c:\documents and settings\PUNIT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-10 22:45
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):12,1a,d8,76,c8,59,76,69,2c,4b,75,b6,1d,55,00,21,a6,18,67,fa,3f,
cd,38,f1,6b,30,8c,34,50,9d,f8,58,b8,5f,86,84,4a,e1,eb,2e,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{93dadb04-4f7c-4a3a-81dc-3b2339c8f636}]
@Denied: (Full) (Everyone)
"Model"=dword:00000085
"Therad"=dword:0000001d
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,0d,fd,76,55,9d,bc,e2,6f,2f,da,e5,81,47,0c,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:õwjY*]
"DisplayName"="?\10\09"
"DeviceDesc"="?\10\09"
"ProviderName"="?z?\10?\16?\10??"
"MFG"="???"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=multi:"h:\\software\\drivers\\chipset_inf\\smdrv\\smbus\\smbusati.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\guard32.dll
c:\windows\system32\idmmbc.dll
.
- - - - - - - > 'explorer.exe'(3716)
c:\windows\system32\guard32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\program files\Norton AntiVirus\SAVScan.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Logitech\Logitech Internet Handset\LOGI_HDS.exe
.
**************************************************************************
.
Completion time: 2011-05-10 22:55:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-10 17:25
.
Pre-Run: 39,023,046,656 bytes free
Post-Run: 38,847,045,632 bytes free
.
- - End Of File - - 7068D61BA16E16A58CF561A0FAFCE9F4
It will take me awhile to go through this log. In the meantime, please Update Malwarebytes'Anti-Malware and run a Full Scan with it. Have it remove everything found. Reboot the computer, this is very important.
Post back here with that log.
jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
Dear jholland1964, I updated and ran Malwarebytes Anti-Malware, I also rebooted the computer after running a full scan, it removed two objects which were not in the system drive (C)
Please see the log below, please also let me know the next step. Should I delete all the quarantined objects in the Quarantine section of Malwarebytes Anti-Malware?
Thanks
Punit
-------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6547
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
5/11/2011 1:28:30 AM
mbam-log-2011-05-11 (01-28-30).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 223742
Time elapsed: 46 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
f:\my documents\SETUP\ccproxysetup.exe (PUP.CCProxy) -> Quarantined and deleted successfully.
f:\my documents\downloads\Programs\snowboardchamp2004_setup.exe (Adware.TryMedia) -> Quarantined and deleted successfully.
Now run the ESET Online Scanner and have it remove anything it finds.
http://www.eset.com/us/online-scanner?i_agree=14
you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.
jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
o If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected )
KillAll::
File::
c:\windows\system32\drivers\bgneofxh.sys
c:\windows\system32\drivers\tuhmadet.sys
Driver::
bgneofxh
tuhmadet· Save the above asCFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
· At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
· You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
· Now use your mouse to drag CFscript.txt on top of ComboFix.exe
· Follow the prompts.
· When it finishes, a log will be produced named c:\combofix.txt
Post back here with that new log.
jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
Dear jholland1964, here is the log for Eset Online Scanner, please let me know the next step, sorry for delay in response.
Thanks
Punit
-------------------------------------------------------------------------------------
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=72c5dcfaef6d264bbc44f84e2215c4b4
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-11 08:33:19
# local_time=2011-05-11 02:03:19 (+0530, India Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777213 80 75 77771 5662662 0 0
# compatibility_mode=3586 16768997 100 100 32912890 729518308 0 91261708
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 2891 2891 0 0
# compatibility_mode=9217 16777214 0 9 46971336 73399650 0 0
# scanned=78285
# found=11
# cleaned=11
# scan_time=5694
C:\Documents and Settings\PUNIT\My Documents\Downloads\Programs\frooglesetup.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\LeechFTP\WND Pens\images\product_image\28Aug2008120858BF5W14-P.php PHP/JackShell.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\My Documents\frooglesetup.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\My Documents\CRACKS\IBP-Keygen.exe probably a variant of Win32/Autorun.LKXMVID worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\My Documents\SETUP\frooglesetup.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\My Documents\SETUP2\frooglesetup.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\System Volume Information\_restore{886F45BC-4FAA-474C-8053-EA557FE6679E}\RP27\A0011850.exe a variant of Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\System Volume Information\_restore{886F45BC-4FAA-474C-8053-EA557FE6679E}\RP27\A0011878.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\System Volume Information\_restore{886F45BC-4FAA-474C-8053-EA557FE6679E}\RP27\A0011879.exe probably a variant of Win32/Autorun.LKXMVID worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\System Volume Information\_restore{886F45BC-4FAA-474C-8053-EA557FE6679E}\RP27\A0011880.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\System Volume Information\_restore{886F45BC-4FAA-474C-8053-EA557FE6679E}\RP27\A0011881.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
Dear jholland1964, here is the new log from Combofix. I had added the script as instructed by you, please let me know the next step.
Thanks
Punit
-------------------------------------------------------------------------------------
ComboFix 11-05-09.03 - PUNIT 05/11/2011 14:27:51.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1280 [GMT 5.5:30]
Running from: c:\documents and settings\PUNIT\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PUNIT\Desktop\CFscript.txt
AV: Norton AntiVirus *Disabled/Updated* {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
FILE ::
"c:\windows\system32\drivers\bgneofxh.sys"
"c:\windows\system32\drivers\tuhmadet.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bgneofxh
-------\Service_tuhmadet
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-11 06:40 . 2011-05-11 06:40 -------- d-----w- c:\program files\ESET
2011-05-03 07:20 . 2011-04-18 03:45 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DF65F233-9C87-4B17-A3D6-14DBA0F6806A}\mpengine.dll
2011-04-19 16:54 . 2011-04-19 16:55 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-15 08:41 . 2011-04-15 08:41 -------- d-----w- c:\program files\COMODO
2011-04-12 14:13 . 2011-05-05 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-04-12 14:12 . 2011-04-12 14:12 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 07:22 . 2011-01-06 12:07 97504 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-05-05 06:55 . 2010-12-28 20:12 284744 ----a-w- c:\windows\system32\guard32.dll
2011-05-05 06:54 . 2011-01-06 12:07 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-05-05 06:54 . 2011-01-06 12:07 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-05-05 06:54 . 2011-01-06 12:07 242472 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-04-14 11:00 . 2008-09-28 19:21 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-29 17:10 . 2011-03-23 19:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2009-04-02 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-04-02 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-03 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-28 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 71328]
"NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 124096]
"Advanced Tools Check"="c:\progra~1\NORTON~1\AdvTools\ADVCHK.EXE" [2003-08-17 74920]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-06-18 95960]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-06-20 258134]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-10 2552648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Internet Handset.lnk - c:\program files\Logitech\Logitech Internet Handset\LOGI_HDS.exe [2006-10-17 773656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PictureMover.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PictureMover.lnk
backup=c:\windows\pss\PictureMover.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 07:19 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 12:38 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 05:20 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-21 22:55 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-03 17:39 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Documents and Settings\\PUNIT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\PUNIT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/2/2008 12:37 AM 28552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 29400]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/25/2010 2:05 PM 20952]
S2 ecpdquan;Terminal Server Device Redirector Support;c:\windows\System32\svchost.exe -k netsvcs [10/5/2001 12:46 AM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:21 AM 135664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/25/2010 2:05 PM 363344]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:21 AM 135664]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S4 NProtectService;Norton Unerase Protection;c:\program files\Norton AntiVirus\AdvTools\NPROTECT.EXE [6/19/2008 4:07 AM 135168]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ecpdquan
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-19 10:09]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 19:51]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 19:51]
.
2011-05-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 12:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://securityresponse.symantec.com/avcenter/expanded_threats/virus_worm_trojan_horse.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\windows\system32\idmmbc.dll
TCP: {E45C540D-144A-49EB-B4D9-234EC70B05E3} = 8.8.8.8,8.8.4.4
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PUNIT\Application Data\Mozilla\Firefox\Profiles\obb7duic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-11 14:35
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):12,1a,d8,76,c8,59,76,69,2c,4b,75,b6,1d,55,00,21,a6,18,67,fa,3f,
cd,38,f1,6b,30,8c,34,50,9d,f8,58,b8,5f,86,84,4a,e1,eb,2e,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{93dadb04-4f7c-4a3a-81dc-3b2339c8f636}]
@Denied: (Full) (Everyone)
"Model"=dword:00000085
"Therad"=dword:0000001d
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,0d,fd,76,55,9d,bc,e2,6f,2f,da,e5,81,47,0c,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:õwjY*]
"DisplayName"="?\10\09"
"DeviceDesc"="?\10\09"
"ProviderName"="?z?\10?\16?\10??"
"MFG"="???"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=multi:"h:\\software\\drivers\\chipset_inf\\smdrv\\smbus\\smbusati.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1220)
c:\windows\system32\guard32.dll
c:\windows\system32\idmmbc.dll
.
- - - - - - - > 'explorer.exe'(1360)
c:\windows\system32\guard32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\System32\nvsvc32.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Norton AntiVirus\SAVScan.exe
.
**************************************************************************
.
Completion time: 2011-05-11 14:38:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-11 09:08
ComboFix2.txt 2011-05-10 17:25
.
Pre-Run: 38,475,579,392 bytes free
Post-Run: 38,458,101,760 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 2C041F8069CAAE77871EA5BE67864BCD
Now, you need to uninstall these two programs:
LimeWire PRO 4.18.8
uTorrent
P2P file sharing is one of the easiest ways to infect a computer. These are likely one of the causes of your infections, and as you see, there were many.
Have things improved with the running of the computer?
jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
Dear jholland1964, I have uninstaled both the programs, The taskbar is no longer changing color and the programs are also working. Please let me know if there is any other step or scanning required.
I wanted to ask you one more question and I hope you will oblige me with an answer, is my current firewall (Comodo) antivirus (Norton) and other spyware removal tools installed in my system (spybot search & destroy, Malwarebytes Anti-Malware) sufficient or should I go for some other resident shield or scanner. Can I still install Windows XP Service Pack 3?
Thanks
Punit
This question has already been solved
You
© 2012 DaniWeb® LLC
