0

Hi All,
I know that this question has been asked earlier but my hijackthis log did not contained the entries mentioned by previous members.

I am facing the same problem, my taskbar changes color after around 15 min and sound gets disabled, I ran Malwarebytes Anti-Malware but there were no problems reported by it, my Hijack this log is posted below, please help. Sorry if I am breaking any forum rules is this is my first post.

------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:55:58 PM, on 5/9/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\PUNIT\My Documents\Downloads\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com/avcenter/expanded_threats/virus_worm_trojan_horse.html
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {04992EB8-B0FB-4D1B-8316-E5C043CB2A58} - C:\WINDOWS\system32\tuvVMdDT.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Logitech Internet Handset.lnk = C:\Program Files\Logitech\Logitech Internet Handset\LOGI_HDS.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E45C540D-144A-49EB-B4D9-234EC70B05E3}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8071 bytes

3
Contributors
22
Replies
23
Views
6 Years
Discussion Span
Last Post by jholland1964
0

Have you used register version of Anti-Malware or the trail version? I can suggest you to use the version to get good result.

0

Thanks for your response jyoticse804, I can only afford free versions of the software right now.

Till now the free version of Antimalware worked great and had saved me from lots of infections, but this time it is not detecting any issues.

0

First of all your log shows two Security Suites on the computer, COMODO Internet Security and Norton. If both of these contain a firewall and anti-virus program this is a big no-no. Rule is ONE of each on a computer.
Malwarebytes'Ant-Malware should NOT be booting up with the computer, real time protection with MBA-M is only available on the paid version. However the Free version is all you need for scanning and removals as long as you keep it updated before each scan. They offer multiple updates DAILY so updating prior to scanning is an absolute must.

The computer itself is way out of date, you only have XP SP2 on there, SP3 has been available for install since 2008. Your computer is no longer supported by Microsoft because of this. If you had SP3 on there full support would be available until April 2014.

HiJackThis is generally considered a scanner program, not a fixer and really isn't used as much today because it definitely doesn't show everything that is needed to clean the computer.

Follow all the steps given in our Read Me First Sticky and post back here with all the resulting logs and we can go from there.

Here is the link for the Read Me First sticky which is actually found at the top of the list here on the forum.
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

0

Hi jholland1964, Sorry for not following the proper procedure for asking help. I have created all the logs and I am posting below, sorry again as this was my first post.

I am pasting Malwarebytes report, but please allow me to attach other files as they are big and the forum is giving me "too many characters" error.

I am sorry again as I am attaching logs without request.

MalwareBytes’ Anti-Malware log
-------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6539

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/9/2011 9:42:23 PM
mbam-log-2011-05-09 (21-42-23).txt

Scan type: Full scan (C:\|)
Objects scanned: 214533
Time elapsed: 41 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attachments
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/19/2008 3:26:05 AM
System Uptime: 5/10/2011 1:13:08 AM (0 hours ago)
.
Motherboard: Intel Corporation |  | D102GGC2
Processor:               Intel(R) Pentium(R) 4 CPU 3.06GHz |  | 3066/133mhz
Processor:               Intel(R) Pentium(R) 4 CPU 3.06GHz |  | 3066/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 59 GiB total, 36.54 GiB free.
D: is FIXED (NTFS) - 59 GiB total, 31.2 GiB free.
E: is FIXED (NTFS) - 59 GiB total, 55.382 GiB free.
F: is FIXED (NTFS) - 57 GiB total, 51.993 GiB free.
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET\0000
Service: BT
.
==== System Restore Points ===================
.
RP2: 4/11/2011 1:05:25 AM - System Checkpoint
RP3: 4/12/2011 1:54:37 PM - System Checkpoint
RP4: 4/13/2011 5:16:23 PM - System Checkpoint
RP5: 4/14/2011 5:25:21 PM - System Checkpoint
RP6: 4/15/2011 2:11:56 PM - Installed COMODO Internet Security
RP7: 4/16/2011 8:49:35 PM - System Checkpoint
RP8: 4/18/2011 1:15:46 AM - System Checkpoint
RP9: 4/19/2011 1:33:34 AM - System Checkpoint
RP10: 4/19/2011 10:24:12 PM - Removed Adobe Reader 9.4.3.
RP11: 4/19/2011 10:24:49 PM - Installed Adobe Reader X (10.0.1).
RP12: 4/20/2011 10:47:32 PM - System Checkpoint
RP13: 4/21/2011 10:51:33 PM - System Checkpoint
RP14: 4/22/2011 11:23:49 PM - System Checkpoint
RP15: 4/23/2011 11:50:28 PM - System Checkpoint
RP16: 4/27/2011 1:44:54 PM - System Checkpoint
RP17: 4/28/2011 4:19:32 PM - System Checkpoint
RP18: 4/29/2011 4:38:22 PM - System Checkpoint
RP19: 5/1/2011 12:16:25 AM - System Checkpoint
RP20: 5/2/2011 12:18:00 AM - System Checkpoint
RP21: 5/3/2011 3:23:38 PM - System Checkpoint
RP22: 5/4/2011 5:33:15 PM - System Checkpoint
RP23: 5/5/2011 6:32:03 PM - System Checkpoint
RP24: 5/6/2011 9:20:54 PM - System Checkpoint
RP25: 5/7/2011 11:54:00 PM - System Checkpoint
RP26: 5/9/2011 10:16:38 PM - Restore Operation
.
==== Installed Programs ======================
.
Torrent
A1 Sitemap Generator
AAC Decoder
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Advanced Tools
APC PowerChute Personal Edition
AutoUpdate
Bluesoleil 5.0.5.178
CamStudio
CC_ccStart
ccCommon
CCleaner
COMODO Internet Security
Convert
CPUID HWMonitor 1.15
Critical Update for Windows Media Player 11 (KB959772)
Disk Checker
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Easy Video Joiner 5.21
FileZilla Client 3.3.2.1
Google AdWords Editor
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMeeting 4.5.0.457
H.264 Decoder
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
IBP 8.1
ImgBurn
Internet Download Manager
IsoBuster 2.4
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LeechFTP 
LimeWire PRO 4.18.8
LiveReg (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Logitech Internet Handset
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mirage Driver 1.1
MKV Splitter
Mozilla Firefox 4.0.1 (x86 en-US)
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
MyConnection PC Lite Edition
Nero 7 Demo
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia themes for your device
Norton AntiVirus 2004 Professional
Norton AntiVirus 2004 Professional (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
NVIDIA Drivers
OpenAL
OpenOffice.org 3.1
Panda ActiveScan 2.0
Picasa 3
PIXresizer 2.0.4
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Skype 5.3
SpeedFan (remove only)
SpeedyFox
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.4
SWF Opener
Symantec
.
DDS (Ver_11-03-05.01) - NTFSx86  
Run by PUNIT at  1:19:00.10 on Tue 05/10/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2046.1305 [GMT 5.5:30]
.
AV: Norton AntiVirus *Enabled/Updated* {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: COMODO Firewall *Enabled* 
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Defender\MsMpEng.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Logitech Internet Handset\LOGI_HDS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Documents and Settings\PUNIT\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://securityresponse.symantec.com/avcenter/expanded_threats/virus_worm_trojan_horse.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: {04992eb8-b0fb-4d1b-8316-e5c043cb2a58} - c:\windows\system32\tuvVMdDT.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NAV CfgWiz] c:\program files\common files\symantec shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
mRun: [Advanced Tools Check] c:\progra~1\norton~1\advtools\ADVCHK.EXE
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech internet handset\LOGI_HDS.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\idmmbc.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
TCP: {E45C540D-144A-49EB-B4D9-234EC70B05E3} = 8.8.8.8,8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs:  c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {1F5FDA83-4379-4C6A-94AD-CC7BC688505A} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvVMdDT
Hosts: 127.0.0.1	www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\punit\applic~1\mozilla\firefox\profiles\obb7duic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\punit\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\punit\application data\mozilla\firefox\profiles\obb7duic.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\punit\application data\mozilla\firefox\profiles\obb7duic.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\punit\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\punit\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-2 28552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 29400]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\savrtpel.sys [2008-6-19 37000]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-8-15 255648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-8-15 235168]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-1-17 1779280]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-10-27 12672]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2003-8-18 158848]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-6-19 585728]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-25 20952]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110508.003\NAVENG.Sys [2011-5-9 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110508.003\NavEx15.Sys [2011-5-9 1393144]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2008-6-19 305288]
R3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVSCAN.EXE [2003-8-10 194272]
S1 bgneofxh;bgneofxh;\??\c:\windows\system32\drivers\bgneofxh.sys --> c:\windows\system32\drivers\bgneofxh.sys [?]
S1 tuhmadet;tuhmadet;\??\c:\windows\system32\drivers\tuhmadet.sys --> c:\windows\system32\drivers\tuhmadet.sys [?]
S2 ecpdquan;Terminal Server Device Redirector Support;c:\windows\system32\svchost.exe -k netsvcs [2001-10-5 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-10 01:56:26
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST3250310AS rev.3.AAF
Running: gmer.exe; Driver: C:\DOCUME~1\PUNIT\LOCALS~1\Temp\agwdrpod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwAdjustPrivilegesToken [0xAB2518B2]
SSDT            E1E790E8                                                                                                                                                       ZwConnectPort
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwCreateFile [0xAB251518]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwCreateKey [0xAB252126]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwCreatePort [0xAB250D28]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwCreateSection [0xAB2541E0]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwCreateSymbolicLinkObject [0xAB254568]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwCreateThread [0xAB250714]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwDeleteKey [0xAB251A9E]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwDeleteValueKey [0xAB251C9E]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwDuplicateObject [0xAB25051A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwEnumerateKey [0xAB252864]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwEnumerateValueKey [0xAB252ABA]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwLoadDriver [0xAB253BF0]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwMakeTemporaryObject [0xAB251110]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwOpenFile [0xAB2516F4]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwOpenKey [0xAB252116]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwOpenProcess [0xAB250148]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwOpenSection [0xAB2513B4]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwOpenThread [0xAB25034C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwQueryKey [0xAB252CC8]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwQueryMultipleValueKey [0xAB25311C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwQueryValueKey [0xAB252EDA]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwRenameKey [0xAB25267C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwRequestWaitReplyPort [0xAB25368C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwSecureConnectPort [0xAB253940]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwSetSecurityObject [0xAB251EEE]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwSetSystemInformation [0xAB253EE8]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwSetValueKey [0xAB2523F4]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwShutdownSystem [0xAB25107A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwSystemDebugControl [0xAB2512A0]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwTerminateProcess [0xAB250B2A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwTerminateThread [0xAB250918]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2C08                                                                                                                           805039DC 4 Bytes  [E8, 90, E7, E1]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2F4C                                                                                                                           80503D20 4 Bytes  CALL A6FB6263 
.text           C:\WINDOWS\System32\DRIVERS\nv4_mini.sys                                                                                                                       section is writeable [0xB96A6380, 0x2FF527, 0xE8000020]
?               C:\DOCUME~1\PUNIT\LOCALS~1\Temp\mbr.sys                                                                                                                        The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[236] ntdll.dll!NtAllocateVirtualMemory                                                              7C90CF6E 5 Bytes  JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[236] ntdll.dll!NtClose                                                                              7C90CFEE 5 Bytes  JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[236] ntdll.dll!NtCreateFile                                                                         7C90D0AE 5 Bytes  JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[236] ntdll.dll!NtCreateProcess                                                                      7C90D14E 5 Bytes  JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[236] ntdll.dll!NtCreateProcessEx                                                                    7C90D15E 5 Bytes  JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[236] ntdll.dll!NtDeleteFile                                                                         7C90D23E 5 Bytes  JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[236] ntdll.dll!NtFreeVirtualMemory                                                                  7C90D38E 5 Bytes  JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[236] ntdll.dll!NtLoadDriver                                                                         7C90D46E 5 Bytes  JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program File
0

since you have also posted this question and logs at another website I suggest that you continue there. It is never a good idea to have threads running at two different forums at the same time as instructions and tools may conflict.
Good luck.

0

Dear jholland1964, I am sorry if I offended any one but, I am really in lot of trauma because of the issue and I was looking for a quick resolution, so I also posted on the other forum.

If there is an issue I will close the thread in the other forum, but please help me as no one has answered on the other forum yet.

Thanks

Punit

0

Taking offense has nothing to do with it. As I said, by posting and following steps at more than one forum instructions given at one may interfere or cause problems with steps given at another and therefore cause greater difficulty than you were having originally.Forums such as this one and the other one where you have posted your problems are operated by volunteers, our time and their time is limited. We work as quickly as we can. You also have to take into consideration, time zones. The internet is international, so while it may be day time where I am, it may very well be night time where you are, and vice/versa. As long as you are willing to continue only here then we will.
Your logs show the presence of a rootkit, please do the following:

Please read carefully and follow these steps.

* Download TDSSKiller and save it to your Desktop.
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
* Extract its contents to your desktop.
* Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

* If an infected file is detected, the default action will be Cure, click on Continue.

* If a suspicious file is detected, the default action will be Skip, click on Continue.

* It may ask you to reboot the computer to complete the process. Click on Reboot Now.

* If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
* If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

0

Dear jholland1964, I performed the scan and TDSSkiller cured one file. I am pasting the log below, please let me know if any other steps are required.

Thanks

Punit

-------------------------------------------------------------------------------------

2011/05/10 22:04:17.0765 3356 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/10 22:04:19.0031 3356 ================================================================================
2011/05/10 22:04:19.0031 3356 SystemInfo:
2011/05/10 22:04:19.0031 3356
2011/05/10 22:04:19.0031 3356 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/10 22:04:19.0031 3356 Product type: Workstation
2011/05/10 22:04:19.0031 3356 ComputerName: PUNIT-FY9TVQQW2
2011/05/10 22:04:19.0031 3356 UserName: PUNIT
2011/05/10 22:04:19.0031 3356 Windows directory: C:\WINDOWS
2011/05/10 22:04:19.0031 3356 System windows directory: C:\WINDOWS
2011/05/10 22:04:19.0031 3356 Processor architecture: Intel x86
2011/05/10 22:04:19.0031 3356 Number of processors: 2
2011/05/10 22:04:19.0031 3356 Page size: 0x1000
2011/05/10 22:04:19.0031 3356 Boot type: Normal boot
2011/05/10 22:04:19.0031 3356 ================================================================================
2011/05/10 22:04:19.0390 3356 Initialize success
2011/05/10 22:04:39.0437 3904 ================================================================================
2011/05/10 22:04:39.0437 3904 Scan started
2011/05/10 22:04:39.0437 3904 Mode: Manual;
2011/05/10 22:04:39.0437 3904 ================================================================================
2011/05/10 22:04:39.0984 3904 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/10 22:04:40.0046 3904 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/10 22:04:40.0156 3904 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/10 22:04:40.0250 3904 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/10 22:04:40.0656 3904 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/10 22:04:40.0718 3904 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/10 22:04:40.0796 3904 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/10 22:04:40.0875 3904 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/10 22:04:40.0984 3904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/10 22:04:41.0109 3904 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
2011/05/10 22:04:41.0171 3904 Btcsrusb (fb2abc6d08d9f8d5ed8e02cbd18b39bb) C:\WINDOWS\system32\Drivers\btcusb.sys
2011/05/10 22:04:41.0218 3904 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\WINDOWS\system32\Drivers\vbtenum.sys
2011/05/10 22:04:41.0265 3904 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
2011/05/10 22:04:41.0359 3904 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
2011/05/10 22:04:41.0484 3904 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/10 22:04:41.0531 3904 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/10 22:04:41.0640 3904 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/10 22:04:41.0687 3904 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/10 22:04:41.0765 3904 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/10 22:04:41.0921 3904 cmdGuard (cc56fa45ba18904cb04382ae9f52b1a5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
2011/05/10 22:04:41.0968 3904 cmdHlp (3a70948ab6e966bdaef2baec1f8ef9d1) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
2011/05/10 22:04:42.0062 3904 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/10 22:04:42.0187 3904 cpuidlep (3a1dc7c08ae1af450ffd753a0fd82f9d) C:\WINDOWS\system32\drivers\cpuidlep.sys
2011/05/10 22:04:42.0265 3904 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2011/05/10 22:04:42.0390 3904 dfmirage (d8cd6a2a94f545858eec6117f0d5dff4) C:\WINDOWS\system32\DRIVERS\dfmirage.sys
2011/05/10 22:04:42.0468 3904 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/10 22:04:42.0546 3904 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/10 22:04:42.0625 3904 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/10 22:04:42.0687 3904 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/10 22:04:42.0750 3904 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/10 22:04:42.0828 3904 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/10 22:04:42.0890 3904 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/10 22:04:42.0953 3904 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/10 22:04:43.0062 3904 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/10 22:04:43.0109 3904 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/10 22:04:43.0203 3904 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/10 22:04:43.0265 3904 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/10 22:04:43.0312 3904 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/10 22:04:43.0437 3904 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/05/10 22:04:43.0484 3904 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/10 22:04:43.0578 3904 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/10 22:04:43.0640 3904 HidBatt (13c0d55da4b7148ef980e130b85d9f2c) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/05/10 22:04:43.0687 3904 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/10 22:04:43.0828 3904 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/10 22:04:43.0984 3904 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/10 22:04:44.0046 3904 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/10 22:04:44.0281 3904 Inspect (28c95218d0c19db3a86bb4e53d6586e9) C:\WINDOWS\system32\DRIVERS\inspect.sys
2011/05/10 22:04:44.0500 3904 IntcAzAudAddService (90e1b42e49d9e91e5accaaaaefa10ce8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/10 22:04:44.0640 3904 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/10 22:04:44.0687 3904 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/10 22:04:44.0765 3904 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/10 22:04:44.0812 3904 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/10 22:04:44.0890 3904 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/10 22:04:44.0921 3904 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/10 22:04:44.0984 3904 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/10 22:04:45.0078 3904 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/10 22:04:45.0125 3904 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/10 22:04:45.0187 3904 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/10 22:04:45.0265 3904 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/10 22:04:45.0406 3904 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
2011/05/10 22:04:45.0515 3904 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/10 22:04:45.0578 3904 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/10 22:04:45.0625 3904 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/10 22:04:45.0656 3904 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/10 22:04:45.0750 3904 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/10 22:04:45.0875 3904 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/10 22:04:45.0984 3904 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/10 22:04:46.0046 3904 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/10 22:04:46.0093 3904 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/10 22:04:46.0140 3904 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/10 22:04:46.0218 3904 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/10 22:04:46.0265 3904 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/10 22:04:46.0296 3904 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/10 22:04:46.0375 3904 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/10 22:04:46.0515 3904 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110508.003\NAVENG.Sys
2011/05/10 22:04:46.0593 3904 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110508.003\NavEx15.Sys
2011/05/10 22:04:46.0687 3904 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/10 22:04:46.0734 3904 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/10 22:04:46.0828 3904 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/10 22:04:46.0890 3904 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/10 22:04:46.0937 3904 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/10 22:04:47.0000 3904 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/10 22:04:47.0046 3904 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/10 22:04:47.0093 3904 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/10 22:04:47.0234 3904 nmwcd (9a908a9bb857c2cceb2907eb9dcaeb8b) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/05/10 22:04:47.0296 3904 nmwcdc (68ec3ee2348e475ea62c66e6aafcfc9b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/05/10 22:04:47.0359 3904 NPDriver (410ab482d8a1e1655a7158a7b5c72ce7) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
2011/05/10 22:04:47.0421 3904 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/10 22:04:47.0500 3904 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/10 22:04:47.0593 3904 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/10 22:04:47.0828 3904 nv (f8be83f0c686533170f7537e94bf411a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/10 22:04:48.0109 3904 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/10 22:04:48.0156 3904 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/10 22:04:48.0203 3904 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/10 22:04:48.0265 3904 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/10 22:04:48.0328 3904 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/10 22:04:48.0390 3904 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2011/05/10 22:04:48.0437 3904 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/10 22:04:48.0531 3904 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/10 22:04:48.0625 3904 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/10 22:04:48.0921 3904 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/10 22:04:48.0968 3904 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/10 22:04:49.0031 3904 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/10 22:04:49.0078 3904 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/10 22:04:49.0140 3904 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/10 22:04:49.0359 3904 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/10 22:04:49.0406 3904 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/10 22:04:49.0484 3904 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/10 22:04:49.0531 3904 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/10 22:04:49.0593 3904 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/10 22:04:49.0671 3904 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/10 22:04:49.0750 3904 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/10 22:04:49.0828 3904 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/10 22:04:49.0937 3904 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/10 22:04:50.0000 3904 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/10 22:04:50.0109 3904 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/05/10 22:04:50.0171 3904 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/05/10 22:04:50.0265 3904 SAVRT (ac9d162f3dd155e6023aa5ac89f59780) C:\Program Files\Norton AntiVirus\SAVRT.SYS
2011/05/10 22:04:50.0312 3904 SAVRTPEL (7bd636b57b7fd56c2c2ac9515f6b57d7) C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
2011/05/10 22:04:50.0453 3904 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/10 22:04:50.0546 3904 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/10 22:04:50.0578 3904 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/10 22:04:50.0656 3904 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/10 22:04:50.0765 3904 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/10 22:04:50.0828 3904 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys
2011/05/10 22:04:50.0984 3904 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2011/05/10 22:04:51.0109 3904 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/10 22:04:51.0171 3904 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/10 22:04:51.0234 3904 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/10 22:04:51.0312 3904 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/10 22:04:51.0359 3904 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/10 22:04:51.0421 3904 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/10 22:04:51.0625 3904 SymEvent (05d9613efe7809e384c10da26958dfa4) C:\Program Files\Symantec\SYMEVENT.SYS
2011/05/10 22:04:51.0718 3904 symlcbrd (993c0cb4bedddebf7254191ec8a3f67e) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/05/10 22:04:51.0781 3904 SYMREDRV (f26e71125da173d57caba3457c5e48cf) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/05/10 22:04:51.0843 3904 SYMTDI (23b6adbaa7026c53b5ef102e56750b13) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/05/10 22:04:51.0984 3904 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/10 22:04:52.0062 3904 Tcpip (3adce4790f591bf160a94f6f08039577) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/10 22:04:52.0140 3904 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/10 22:04:52.0218 3904 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/10 22:04:52.0281 3904 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/10 22:04:52.0437 3904 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/10 22:04:52.0562 3904 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/10 22:04:52.0625 3904 upperdev (a34560a5d516a2f5240180370866b99d) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/05/10 22:04:52.0750 3904 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/10 22:04:52.0796 3904 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/10 22:04:52.0875 3904 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/10 22:04:52.0953 3904 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/10 22:04:53.0000 3904 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/10 22:04:53.0062 3904 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\drivers\usbser.sys
2011/05/10 22:04:53.0125 3904 UsbserFilt (6410eebd6e0427466812858ee84c8467) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/05/10 22:04:53.0203 3904 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/10 22:04:53.0281 3904 VComm (51750b0539986186c6931fc40d171521) C:\WINDOWS\system32\DRIVERS\VComm.sys
2011/05/10 22:04:53.0343 3904 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\WINDOWS\system32\Drivers\VcommMgr.sys
2011/05/10 22:04:53.0406 3904 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/10 22:04:53.0531 3904 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/10 22:04:53.0609 3904 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/10 22:04:53.0734 3904 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/10 22:04:53.0906 3904 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/10 22:04:54.0046 3904 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/10 22:04:54.0093 3904 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/10 22:04:54.0203 3904 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/10 22:04:54.0265 3904 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/10 22:04:54.0343 3904 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/10 22:04:54.0343 3904 ================================================================================
2011/05/10 22:04:54.0343 3904 Scan finished
2011/05/10 22:04:54.0343 3904 ================================================================================
2011/05/10 22:04:54.0359 3384 Detected object count: 1
2011/05/10 22:05:04.0937 3384 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/10 22:05:04.0937 3384 \HardDisk0 - ok
2011/05/10 22:05:04.0937 3384 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/10 22:05:30.0296 2304 Deinitialize success

0

I hope that you rebooted after running the tool.If you did not, please do so before following the next instruction.
Next you need to do this:

Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Edited by jholland1964: n/a

0

Dear jholland1964, I ran combofix and I am pasting the log below, I had also restarted earlier after running TDSSkiller. Please let me know the next step, I did not had windows recovery console installed and so I got that error while running combofix.

Thanks

Punit

-------------------------------------------------------------------------------------

ComboFix 11-05-09.03 - PUNIT 05/10/2011 22:38:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1417 [GMT 5.5:30]
Running from: c:\documents and settings\PUNIT\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\PUNIT\Application Data\NGH150_AllWin_EnglishTryBuy30.exe
c:\documents and settings\PUNIT\g2mdlhlpx.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
.
.
((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))
.
.
2011-05-03 07:20 . 2011-04-18 03:45 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DF65F233-9C87-4B17-A3D6-14DBA0F6806A}\mpengine.dll
2011-04-19 16:54 . 2011-04-19 16:55 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-15 08:41 . 2011-04-15 08:41 -------- d-----w- c:\program files\COMODO
2011-04-12 14:13 . 2011-05-05 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-04-12 14:12 . 2011-04-12 14:12 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 07:22 . 2011-01-06 12:07 97504 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-05-05 06:55 . 2010-12-28 20:12 284744 ----a-w- c:\windows\system32\guard32.dll
2011-05-05 06:54 . 2011-01-06 12:07 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-05-05 06:54 . 2011-01-06 12:07 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-05-05 06:54 . 2011-01-06 12:07 242472 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-04-14 11:00 . 2008-09-28 19:21 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-29 17:10 . 2011-03-23 19:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2009-04-02 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-04-02 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-03 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-28 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 71328]
"NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 124096]
"Advanced Tools Check"="c:\progra~1\NORTON~1\AdvTools\ADVCHK.EXE" [2003-08-17 74920]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-06-18 95960]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-06-20 258134]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-10 2552648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PictureMover.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PictureMover.lnk
backup=c:\windows\pss\PictureMover.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 07:19 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 12:38 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 05:20 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-21 22:55 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-03 17:39 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Documents and Settings\\PUNIT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\PUNIT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/2/2008 12:37 AM 28552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 29400]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/25/2010 2:05 PM 20952]
S1 bgneofxh;bgneofxh;\??\c:\windows\system32\drivers\bgneofxh.sys --> c:\windows\system32\drivers\bgneofxh.sys [?]
S1 tuhmadet;tuhmadet;\??\c:\windows\system32\drivers\tuhmadet.sys --> c:\windows\system32\drivers\tuhmadet.sys [?]
S2 ecpdquan;Terminal Server Device Redirector Support;c:\windows\System32\svchost.exe -k netsvcs [10/5/2001 12:46 AM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:21 AM 135664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/25/2010 2:05 PM 363344]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:21 AM 135664]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S4 NProtectService;Norton Unerase Protection;c:\program files\Norton AntiVirus\AdvTools\NPROTECT.EXE [6/19/2008 4:07 AM 135168]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ecpdquan
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-19 10:09]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 19:51]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 19:51]
.
2011-05-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 12:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://securityresponse.symantec.com/avcenter/expanded_threats/virus_worm_trojan_horse.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\windows\system32\idmmbc.dll
TCP: {E45C540D-144A-49EB-B4D9-234EC70B05E3} = 8.8.8.8,8.8.4.4
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PUNIT\Application Data\Mozilla\Firefox\Profiles\obb7duic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{04992EB8-B0FB-4D1B-8316-E5C043CB2A58} - c:\windows\system32\tuvVMdDT.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-f4642a98 - c:\windows\system32\xrqroqnv.dll
MSConfigStartUp-Google Update - c:\documents and settings\PUNIT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-10 22:45
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):12,1a,d8,76,c8,59,76,69,2c,4b,75,b6,1d,55,00,21,a6,18,67,fa,3f,
cd,38,f1,6b,30,8c,34,50,9d,f8,58,b8,5f,86,84,4a,e1,eb,2e,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{93dadb04-4f7c-4a3a-81dc-3b2339c8f636}]
@Denied: (Full) (Everyone)
"Model"=dword:00000085
"Therad"=dword:0000001d
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,0d,fd,76,55,9d,bc,e2,6f,2f,da,e5,81,47,0c,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:õwjY*]
"DisplayName"="?\10\09"
"DeviceDesc"="?\10\09"
"ProviderName"="?z?\10?\16?\10??"
"MFG"="???"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=multi:"h:\\software\\drivers\\chipset_inf\\smdrv\\smbus\\smbusati.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\guard32.dll
c:\windows\system32\idmmbc.dll
.
- - - - - - - > 'explorer.exe'(3716)
c:\windows\system32\guard32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\program files\Norton AntiVirus\SAVScan.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Logitech\Logitech Internet Handset\LOGI_HDS.exe
.
**************************************************************************
.
Completion time: 2011-05-10 22:55:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-10 17:25
.
Pre-Run: 39,023,046,656 bytes free
Post-Run: 38,847,045,632 bytes free
.
- - End Of File - - 7068D61BA16E16A58CF561A0FAFCE9F4

0

It will take me awhile to go through this log. In the meantime, please Update Malwarebytes'Anti-Malware and run a Full Scan with it. Have it remove everything found. Reboot the computer, this is very important.
Post back here with that log.

0

Dear jholland1964, I updated and ran Malwarebytes Anti-Malware, I also rebooted the computer after running a full scan, it removed two objects which were not in the system drive (C)

Please see the log below, please also let me know the next step. Should I delete all the quarantined objects in the Quarantine section of Malwarebytes Anti-Malware?

Thanks

Punit

-------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6547

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/11/2011 1:28:30 AM
mbam-log-2011-05-11 (01-28-30).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 223742
Time elapsed: 46 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
f:\my documents\SETUP\ccproxysetup.exe (PUP.CCProxy) -> Quarantined and deleted successfully.
f:\my documents\downloads\Programs\snowboardchamp2004_setup.exe (Adware.TryMedia) -> Quarantined and deleted successfully.

Edited by punitmanik: spelling mistake

0

Now run the ESET Online Scanner and have it remove anything it finds.
http://www.eset.com/us/online-scanner?i_agree=14

you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

0

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
o If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected )

KillAll::

File::

c:\windows\system32\drivers\bgneofxh.sys
c:\windows\system32\drivers\tuhmadet.sys 

Driver::

bgneofxh
tuhmadet

· Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
· At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
· You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
· Now use your mouse to drag CFscript.txt on top of ComboFix.exe
· Follow the prompts.
· When it finishes, a log will be produced named c:\combofix.txt
Post back here with that new log.

0

Dear jholland1964, here is the log for Eset Online Scanner, please let me know the next step, sorry for delay in response.

Thanks

Punit
-------------------------------------------------------------------------------------

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=72c5dcfaef6d264bbc44f84e2215c4b4
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-11 08:33:19
# local_time=2011-05-11 02:03:19 (+0530, India Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777213 80 75 77771 5662662 0 0
# compatibility_mode=3586 16768997 100 100 32912890 729518308 0 91261708
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 2891 2891 0 0
# compatibility_mode=9217 16777214 0 9 46971336 73399650 0 0
# scanned=78285
# found=11
# cleaned=11
# scan_time=5694
C:\Documents and Settings\PUNIT\My Documents\Downloads\Programs\frooglesetup.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\LeechFTP\WND Pens\images\product_image\28Aug2008120858BF5W14-P.php PHP/JackShell.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\My Documents\frooglesetup.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\My Documents\CRACKS\IBP-Keygen.exe probably a variant of Win32/Autorun.LKXMVID worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\My Documents\SETUP\frooglesetup.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\My Documents\SETUP2\frooglesetup.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\System Volume Information\_restore{886F45BC-4FAA-474C-8053-EA557FE6679E}\RP27\A0011850.exe a variant of Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\System Volume Information\_restore{886F45BC-4FAA-474C-8053-EA557FE6679E}\RP27\A0011878.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\System Volume Information\_restore{886F45BC-4FAA-474C-8053-EA557FE6679E}\RP27\A0011879.exe probably a variant of Win32/Autorun.LKXMVID worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\System Volume Information\_restore{886F45BC-4FAA-474C-8053-EA557FE6679E}\RP27\A0011880.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\System Volume Information\_restore{886F45BC-4FAA-474C-8053-EA557FE6679E}\RP27\A0011881.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C

0

Dear jholland1964, here is the new log from Combofix. I had added the script as instructed by you, please let me know the next step.

Thanks

Punit
-------------------------------------------------------------------------------------

ComboFix 11-05-09.03 - PUNIT 05/11/2011 14:27:51.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1280 [GMT 5.5:30]
Running from: c:\documents and settings\PUNIT\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PUNIT\Desktop\CFscript.txt
AV: Norton AntiVirus *Disabled/Updated* {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
FILE ::
"c:\windows\system32\drivers\bgneofxh.sys"
"c:\windows\system32\drivers\tuhmadet.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bgneofxh
-------\Service_tuhmadet
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-11 06:40 . 2011-05-11 06:40 -------- d-----w- c:\program files\ESET
2011-05-03 07:20 . 2011-04-18 03:45 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DF65F233-9C87-4B17-A3D6-14DBA0F6806A}\mpengine.dll
2011-04-19 16:54 . 2011-04-19 16:55 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-15 08:41 . 2011-04-15 08:41 -------- d-----w- c:\program files\COMODO
2011-04-12 14:13 . 2011-05-05 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-04-12 14:12 . 2011-04-12 14:12 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 07:22 . 2011-01-06 12:07 97504 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-05-05 06:55 . 2010-12-28 20:12 284744 ----a-w- c:\windows\system32\guard32.dll
2011-05-05 06:54 . 2011-01-06 12:07 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-05-05 06:54 . 2011-01-06 12:07 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-05-05 06:54 . 2011-01-06 12:07 242472 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-04-14 11:00 . 2008-09-28 19:21 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-29 17:10 . 2011-03-23 19:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2009-04-02 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-04-02 . 3ADCE4790F591BF160A94F6F08039577 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-03 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-28 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 71328]
"NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 124096]
"Advanced Tools Check"="c:\progra~1\NORTON~1\AdvTools\ADVCHK.EXE" [2003-08-17 74920]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-06-18 95960]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-06-20 258134]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-10 2552648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Internet Handset.lnk - c:\program files\Logitech\Logitech Internet Handset\LOGI_HDS.exe [2006-10-17 773656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PictureMover.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PictureMover.lnk
backup=c:\windows\pss\PictureMover.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 07:19 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 12:38 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 05:20 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-21 22:55 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-03 17:39 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Documents and Settings\\PUNIT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\PUNIT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/2/2008 12:37 AM 28552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 29400]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/25/2010 2:05 PM 20952]
S2 ecpdquan;Terminal Server Device Redirector Support;c:\windows\System32\svchost.exe -k netsvcs [10/5/2001 12:46 AM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:21 AM 135664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/25/2010 2:05 PM 363344]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:21 AM 135664]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S4 NProtectService;Norton Unerase Protection;c:\program files\Norton AntiVirus\AdvTools\NPROTECT.EXE [6/19/2008 4:07 AM 135168]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ecpdquan
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-19 10:09]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 19:51]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 19:51]
.
2011-05-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 12:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://securityresponse.symantec.com/avcenter/expanded_threats/virus_worm_trojan_horse.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\windows\system32\idmmbc.dll
TCP: {E45C540D-144A-49EB-B4D9-234EC70B05E3} = 8.8.8.8,8.8.4.4
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PUNIT\Application Data\Mozilla\Firefox\Profiles\obb7duic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-11 14:35
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):12,1a,d8,76,c8,59,76,69,2c,4b,75,b6,1d,55,00,21,a6,18,67,fa,3f,
cd,38,f1,6b,30,8c,34,50,9d,f8,58,b8,5f,86,84,4a,e1,eb,2e,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{93dadb04-4f7c-4a3a-81dc-3b2339c8f636}]
@Denied: (Full) (Everyone)
"Model"=dword:00000085
"Therad"=dword:0000001d
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,0d,fd,76,55,9d,bc,e2,6f,2f,da,e5,81,47,0c,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:õwjY*]
"DisplayName"="?\10\09"
"DeviceDesc"="?\10\09"
"ProviderName"="?z?\10?\16?\10??"
"MFG"="???"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=multi:"h:\\software\\drivers\\chipset_inf\\smdrv\\smbus\\smbusati.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1220)
c:\windows\system32\guard32.dll
c:\windows\system32\idmmbc.dll
.
- - - - - - - > 'explorer.exe'(1360)
c:\windows\system32\guard32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\System32\nvsvc32.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Norton AntiVirus\SAVScan.exe
.
**************************************************************************
.
Completion time: 2011-05-11 14:38:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-11 09:08
ComboFix2.txt 2011-05-10 17:25
.
Pre-Run: 38,475,579,392 bytes free
Post-Run: 38,458,101,760 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 2C041F8069CAAE77871EA5BE67864BCD

0

Now, you need to uninstall these two programs:
LimeWire PRO 4.18.8
uTorrent

P2P file sharing is one of the easiest ways to infect a computer. These are likely one of the causes of your infections, and as you see, there were many.

Have things improved with the running of the computer?

0

Dear jholland1964, I have uninstaled both the programs, The taskbar is no longer changing color and the programs are also working. Please let me know if there is any other step or scanning required.

I wanted to ask you one more question and I hope you will oblige me with an answer, is my current firewall (Comodo) antivirus (Norton) and other spyware removal tools installed in my system (spybot search & destroy, Malwarebytes Anti-Malware) sufficient or should I go for some other resident shield or scanner. Can I still install Windows XP Service Pack 3?

Thanks

Punit

0

Both the firewall and antivirus programs are sufficient as long as they are current versions and kept up to date. Norton is a paid program so you must always continue to pay for and renew it immediately each year when the renewal comes due, otherwise it will stop updating as it should and will not offer protection for the latest infections. Norton does NOT offer a free version

If Comodo is the paid version then that same holds true for it. If it is the free version then of course payment would not be required.

Malwarebytes' and SpyBot are both excellent and weekly scans, updating first of course should be done.

I would recommend that you add one more program, SpywareBlaster from Javacool. I wouldn't run a computer without it.
You can get it from this link. http://www.majorgeeks.com/downloadget.php?id=2859&file=9&evp=61b0e8ad41924a03c37615f4682b4cef
This link will give you the setup file. Save it on your computer, double click to install it. Update the program and then enable all protection and close the program. Manually check for updates every couple weeks.
From Javacool Software:

SpywareBlaster doesn't scan for and clean spyware--it prevents it from being installed in the first place. SpywareBlaster prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites.

You can remove all the programs necessary for this clean up, TDSSKiller, DDS Scanner, Uninstall HiJackThis via Add/Rmove.
Uninstall combofix following these instructions exactly:
Uninstall Combofix:
Go Start > Run
Type in:

Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.


You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.

Yes you certainly CAN and SHOULD install SP3. Go to Windows Update in your programs and go to the Windows Update page and have it scan your computer for all available updates and install them.
So that you don't have problems with the installs, turn off Norton and Comodo completely while downloading and installing the Windows Updates. Once the updates are complete then turn these programs back on. Don't do anything else on the computer while installing the updates.

If you feel all your problems are solved you can mark this thread closed.
Judy

Edited by jholland1964: n/a

0

Dear Judy,
Thanks for your help and guidance, I have uninstalled all the scanners used earlier including combofix according to the instructions you have provided.

I had forgot to mention in my earlier post that I have already installed Spywareblaster with all protections enabled. I have enabled system restore as per your instructions.

I will definitely install SP3 and I am also marking this thread as solved.

I would again like to thank you for your support and guidance that you have provided while solving my issue, in future I will make sure that I post my problems only in one forum and will give it time before posting in another forum.

Thanks for your help and time

Punit

0

Thanks so much for your kind words. You did a GREAT job following the instructions, wish everyone would be so thorough and careful. That's one reason why we got this all cleared up in just two days!

Edited by jholland1964: n/a

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.