Posts by punitmanik

punitmanik 0 Newbie Poster

14 Years Ago

Re: Virus is changing taskbar color to gray and disables my sound

Dear Judy,
Thanks for your help and guidance, I have uninstalled all the scanners used earlier including combofix according to the instructions you have provided.

I had forgot to mention in my earlier post that I have already installed Spywareblaster with all protections enabled. I have enabled system restore as per your instructions.

I will definitely install SP3 and I am also marking this thread as solved.

I would again like to thank you for your support and guidance that you have provided while solving my issue, in future I will make sure that I post my problems only in one forum and will give it time before posting in another forum.

Thanks for your help and time

Punit

Information Security windows-virus

punitmanik 0 Newbie Poster

14 Years Ago

Re: Virus is changing taskbar color to gray and disables my sound

Dear jholland1964, I have uninstaled both the programs, The taskbar is no longer changing color and the programs are also working. Please let me know if there is any other step or scanning required.

I wanted to ask you one more question and I hope you will oblige me with an answer, is my current firewall (Comodo) antivirus (Norton) and other spyware removal tools installed in my system (spybot search & destroy, Malwarebytes Anti-Malware) sufficient or should I go for some other resident shield or scanner. Can I still install Windows XP Service Pack 3?

Thanks

Punit

Information Security windows-virus

punitmanik 0 Newbie Poster

14 Years Ago

Re: Virus is changing taskbar color to gray and disables my sound

Dear jholland1964, here is the new log from Combofix. I had added the script as instructed by you, please let me know the next step.

Thanks

Punit
-------------------------------------------------------------------------------------

ComboFix 11-05-09.03 - PUNIT 05/11/2011 14:27:51.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1280 [GMT 5.5:30]
Running from: c:\documents and settings\PUNIT\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PUNIT\Desktop\CFscript.txt
AV: Norton AntiVirus *Disabled/Updated* {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
FILE ::
"c:\windows\system32\drivers\bgneofxh.sys"
"c:\windows\system32\drivers\tuhmadet.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bgneofxh
-------\Service_tuhmadet
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-11 06:40 . 2011-05-11 06:40 -------- d-----w- c:\program files\ESET
2011-05-03 07:20 . 2011-04-18 03:45 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DF65F233-9C87-4B17-A3D6-14DBA0F6806A}\mpengine.dll
2011-04-19 16:54 . 2011-04-19 16:55 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-15 08:41 . 2011-04-15 08:41 -------- d-----w- c:\program files\COMODO
2011-04-12 14:13 . 2011-05-05 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-04-12 14:12 . 2011-04-12 14:12 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 07:22 . 2011-01-06 12:07 97504 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-05-05 06:55 . 2010-12-28 20:12 284744 ----a-w- c:\windows\system32\guard32.dll
2011-05-05 06:54 . 2011-01-06 12:07 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-05-05 06:54 . 2011-01-06 12:07 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-05-05 06:54 …

Information Security windows-virus

punitmanik 0 Newbie Poster

14 Years Ago

Re: Virus is changing taskbar color to gray and disables my sound

Dear jholland1964, here is the log for Eset Online Scanner, please let me know the next step, sorry for delay in response.

Thanks

Punit
-------------------------------------------------------------------------------------

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=72c5dcfaef6d264bbc44f84e2215c4b4
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-11 08:33:19
# local_time=2011-05-11 02:03:19 (+0530, India Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777213 80 75 77771 5662662 0 0
# compatibility_mode=3586 16768997 100 100 32912890 729518308 0 91261708
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 2891 2891 0 0
# compatibility_mode=9217 16777214 0 9 46971336 73399650 0 0
# scanned=78285
# found=11
# cleaned=11
# scan_time=5694
C:\Documents and Settings\PUNIT\My Documents\Downloads\Programs\frooglesetup.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\LeechFTP\WND Pens\images\product_image\28Aug2008120858BF5W14-P.php PHP/JackShell.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\My Documents\frooglesetup.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\My Documents\CRACKS\IBP-Keygen.exe probably a variant of Win32/Autorun.LKXMVID worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\My Documents\SETUP\frooglesetup.exe a variant of Win32/Induc.A virus (deleted - quarantined) 00000000000000000000000000000000 C
F:\My Documents\SETUP2\frooglesetup.exe a variant of Win32/Induc.A virus (deleted - quarantined) …

Information Security windows-virus

punitmanik 0 Newbie Poster

14 Years Ago

Re: Virus is changing taskbar color to gray and disables my sound

Dear jholland1964, I updated and ran Malwarebytes Anti-Malware, I also rebooted the computer after running a full scan, it removed two objects which were not in the system drive (C)

Please see the log below, please also let me know the next step. Should I delete all the quarantined objects in the Quarantine section of Malwarebytes Anti-Malware?

Thanks

Punit

-------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6547

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/11/2011 1:28:30 AM
mbam-log-2011-05-11 (01-28-30).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 223742
Time elapsed: 46 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
f:\my documents\SETUP\ccproxysetup.exe (PUP.CCProxy) -> Quarantined and deleted successfully.
f:\my documents\downloads\Programs\snowboardchamp2004_setup.exe (Adware.TryMedia) -> Quarantined and deleted successfully.

Information Security windows-virus

punitmanik 0 Newbie Poster

14 Years Ago

Re: Virus is changing taskbar color to gray and disables my sound

Sorry

Information Security windows-virus

punitmanik 0 Newbie Poster

14 Years Ago

Re: Virus is changing taskbar color to gray and disables my sound

Dear jholland1964, I ran combofix and I am pasting the log below, I had also restarted earlier after running TDSSkiller. Please let me know the next step, I did not had windows recovery console installed and so I got that error while running combofix.

Thanks

Punit

-------------------------------------------------------------------------------------

ComboFix 11-05-09.03 - PUNIT 05/10/2011 22:38:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1417 [GMT 5.5:30]
Running from: c:\documents and settings\PUNIT\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\PUNIT\Application Data\NGH150_AllWin_EnglishTryBuy30.exe
c:\documents and settings\PUNIT\g2mdlhlpx.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
.
.
((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))
.
.
2011-05-03 07:20 . 2011-04-18 03:45 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DF65F233-9C87-4B17-A3D6-14DBA0F6806A}\mpengine.dll
2011-04-19 16:54 . 2011-04-19 16:55 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-15 08:41 . 2011-04-15 08:41 -------- d-----w- c:\program files\COMODO
2011-04-12 14:13 . 2011-05-05 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-04-12 14:12 . 2011-04-12 14:12 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 07:22 . 2011-01-06 12:07 97504 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-05-05 06:55 . 2010-12-28 20:12 284744 ----a-w- c:\windows\system32\guard32.dll
2011-05-05 06:54 . 2011-01-06 12:07 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-05-05 06:54 . 2011-01-06 …

Information Security windows-virus

punitmanik 0 Newbie Poster

14 Years Ago

Re: Virus is changing taskbar color to gray and disables my sound

Dear jholland1964, I performed the scan and TDSSkiller cured one file. I am pasting the log below, please let me know if any other steps are required.

Thanks

Punit

-------------------------------------------------------------------------------------

2011/05/10 22:04:17.0765 3356 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/10 22:04:19.0031 3356 ================================================================================
2011/05/10 22:04:19.0031 3356 SystemInfo:
2011/05/10 22:04:19.0031 3356
2011/05/10 22:04:19.0031 3356 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/10 22:04:19.0031 3356 Product type: Workstation
2011/05/10 22:04:19.0031 3356 ComputerName: PUNIT-FY9TVQQW2
2011/05/10 22:04:19.0031 3356 UserName: PUNIT
2011/05/10 22:04:19.0031 3356 Windows directory: C:\WINDOWS
2011/05/10 22:04:19.0031 3356 System windows directory: C:\WINDOWS
2011/05/10 22:04:19.0031 3356 Processor architecture: Intel x86
2011/05/10 22:04:19.0031 3356 Number of processors: 2
2011/05/10 22:04:19.0031 3356 Page size: 0x1000
2011/05/10 22:04:19.0031 3356 Boot type: Normal boot
2011/05/10 22:04:19.0031 3356 ================================================================================
2011/05/10 22:04:19.0390 3356 Initialize success
2011/05/10 22:04:39.0437 3904 ================================================================================
2011/05/10 22:04:39.0437 3904 Scan started
2011/05/10 22:04:39.0437 3904 Mode: Manual;
2011/05/10 22:04:39.0437 3904 ================================================================================
2011/05/10 22:04:39.0984 3904 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/10 22:04:40.0046 3904 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/10 22:04:40.0156 3904 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/10 22:04:40.0250 3904 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/10 22:04:40.0656 3904 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/10 22:04:40.0718 3904 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/10 22:04:40.0796 3904 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/10 22:04:40.0875 3904 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/10 22:04:40.0984 3904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/10 22:04:41.0109 3904 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
2011/05/10 22:04:41.0171 3904 Btcsrusb (fb2abc6d08d9f8d5ed8e02cbd18b39bb) C:\WINDOWS\system32\Drivers\btcusb.sys
2011/05/10 22:04:41.0218 3904 …

Information Security windows-virus

punitmanik 0 Newbie Poster

14 Years Ago

Re: Virus is changing taskbar color to gray and disables my sound

Dear jholland1964, I am sorry if I offended any one but, I am really in lot of trauma because of the issue and I was looking for a quick resolution, so I also posted on the other forum.

If there is an issue I will close the thread in the other forum, but please help me as no one has answered on the other forum yet.

Thanks

Punit

Information Security windows-virus

punitmanik 0 Newbie Poster

14 Years Ago

Re: Virus is changing taskbar color to gray and disables my sound

Hi jholland1964, Sorry for not following the proper procedure for asking help. I have created all the logs and I am posting below, sorry again as this was my first post.

I am pasting Malwarebytes report, but please allow me to attach other files as they are big and the forum is giving me "too many characters" error.

I am sorry again as I am attaching logs without request.

MalwareBytes’ Anti-Malware log
-------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6539

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/9/2011 9:42:23 PM
mbam-log-2011-05-09 (21-42-23).txt

Scan type: Full scan (C:\|)
Objects scanned: 214533
Time elapsed: 41 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attach.txt (15.03 KB)

The attachment preview is chopped off after the first 10 KB. Please download the entire file.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/19/2008 3:26:05 AM
System Uptime: 5/10/2011 1:13:08 AM (0 hours ago)
.
Motherboard: Intel Corporation |  | D102GGC2
Processor:               Intel(R) Pentium(R) 4 CPU 3.06GHz |  | 3066/133mhz
Processor:               Intel(R) Pentium(R) 4 CPU 3.06GHz |  | 3066/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 59 GiB total, 36.54 GiB free.
D: is FIXED (NTFS) - 59 GiB total, 31.2 GiB free.
E: is FIXED (NTFS) - 59 GiB total, 55.382 GiB free.
F: is FIXED (NTFS) - 57 GiB total, 51.993 GiB free.
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET\0000
Service: BT
.
==== System Restore Points ===================
.
RP2: 4/11/2011 1:05:25 AM - System Checkpoint
RP3: 4/12/2011 1:54:37 PM - System Checkpoint
RP4: 4/13/2011 5:16:23 PM - System Checkpoint
RP5: 4/14/2011 5:25:21 PM - System Checkpoint
RP6: 4/15/2011 2:11:56 PM - Installed COMODO Internet Security
RP7: 4/16/2011 8:49:35 PM - System Checkpoint
RP8: 4/18/2011 1:15:46 AM - System Checkpoint
RP9: 4/19/2011 1:33:34 AM - System Checkpoint
RP10: 4/19/2011 10:24:12 PM - Removed Adobe Reader 9.4.3.
RP11: 4/19/2011 10:24:49 PM - Installed Adobe Reader X (10.0.1).
RP12: 4/20/2011 10:47:32 PM - System Checkpoint
RP13: 4/21/2011 10:51:33 PM - System Checkpoint
RP14: 4/22/2011 11:23:49 PM - System Checkpoint
RP15: 4/23/2011 11:50:28 PM - System Checkpoint
RP16: 4/27/2011 1:44:54 PM - System Checkpoint
RP17: 4/28/2011 4:19:32 PM - System Checkpoint
RP18: 4/29/2011 4:38:22 PM - System Checkpoint
RP19: 5/1/2011 12:16:25 AM - System Checkpoint
RP20: 5/2/2011 12:18:00 AM - System Checkpoint
RP21: 5/3/2011 3:23:38 PM - System Checkpoint
RP22: 5/4/2011 5:33:15 PM - System Checkpoint
RP23: 5/5/2011 6:32:03 PM - System Checkpoint
RP24: 5/6/2011 9:20:54 PM - System Checkpoint
RP25: 5/7/2011 11:54:00 PM - System Checkpoint
RP26: 5/9/2011 10:16:38 PM - Restore Operation
.
==== Installed Programs ======================
.
Torrent
A1 Sitemap Generator
AAC Decoder
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Advanced Tools
APC PowerChute Personal Edition
AutoUpdate
Bluesoleil 5.0.5.178
CamStudio
CC_ccStart
ccCommon
CCleaner
COMODO Internet Security
Convert
CPUID HWMonitor 1.15
Critical Update for Windows Media Player 11 (KB959772)
Disk Checker
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Easy Video Joiner 5.21
FileZilla Client 3.3.2.1
Google AdWords Editor
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMeeting 4.5.0.457
H.264 Decoder
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
IBP 8.1
ImgBurn
Internet Download Manager
IsoBuster 2.4
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LeechFTP 
LimeWire PRO 4.18.8
LiveReg (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Logitech Internet Handset
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mirage Driver 1.1
MKV Splitter
Mozilla Firefox 4.0.1 (x86 en-US)
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
MyConnection PC Lite Edition
Nero 7 Demo
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia themes for your device
Norton AntiVirus 2004 Professional
Norton AntiVirus 2004 Professional (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
NVIDIA Drivers
OpenAL
OpenOffice.org 3.1
Panda ActiveScan 2.0
Picasa 3
PIXresizer 2.0.4
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Skype 5.3
SpeedFan (remove only)
SpeedyFox
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.4
SWF Opener
Symantec

DDS.txt (12.76 KB)

The attachment preview is chopped off after the first 10 KB. Please download the entire file.

.
DDS (Ver_11-03-05.01) - NTFSx86  
Run by PUNIT at  1:19:00.10 on Tue 05/10/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2046.1305 [GMT 5.5:30]
.
AV: Norton AntiVirus *Enabled/Updated* {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: COMODO Firewall *Enabled* 
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Defender\MsMpEng.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Logitech Internet Handset\LOGI_HDS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Documents and Settings\PUNIT\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://securityresponse.symantec.com/avcenter/expanded_threats/virus_worm_trojan_horse.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: {04992eb8-b0fb-4d1b-8316-e5c043cb2a58} - c:\windows\system32\tuvVMdDT.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NAV CfgWiz] c:\program files\common files\symantec shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
mRun: [Advanced Tools Check] c:\progra~1\norton~1\advtools\ADVCHK.EXE
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech internet handset\LOGI_HDS.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\idmmbc.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
TCP: {E45C540D-144A-49EB-B4D9-234EC70B05E3} = 8.8.8.8,8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs:  c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {1F5FDA83-4379-4C6A-94AD-CC7BC688505A} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvVMdDT
Hosts: 127.0.0.1	www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\punit\applic~1\mozilla\firefox\profiles\obb7duic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\punit\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\punit\application data\mozilla\firefox\profiles\obb7duic.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\punit\application data\mozilla\firefox\profiles\obb7duic.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\punit\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\punit\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-2 28552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 29400]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\savrtpel.sys [2008-6-19 37000]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-8-15 255648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-8-15 235168]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-1-17 1779280]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-10-27 12672]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2003-8-18 158848]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-6-19 585728]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-25 20952]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110508.003\NAVENG.Sys [2011-5-9 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110508.003\NavEx15.Sys [2011-5-9 1393144]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2008-6-19 305288]
R3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVSCAN.EXE [2003-8-10 194272]
S1 bgneofxh;bgneofxh;\??\c:\windows\system32\drivers\bgneofxh.sys --> c:\windows\system32\drivers\bgneofxh.sys [?]
S1 tuhmadet;tuhmadet;\??\c:\windows\system32\drivers\tuhmadet.sys --> c:\windows\system32\drivers\tuhmadet.sys [?]
S2 ecpdquan;Terminal Server Device Redirector Support;c:\windows\system32\svchost.exe -k netsvcs [2001-10-5 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664

Gmer_Log.txt (512.33 KB)

The attachment preview is chopped off after the first 10 KB. Please download the entire file.

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-10 01:56:26
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST3250310AS rev.3.AAF
Running: gmer.exe; Driver: C:\DOCUME~1\PUNIT\LOCALS~1\Temp\agwdrpod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwAdjustPrivilegesToken [0xAB2518B2]
SSDT            E1E790E8                                                                                                                                                       ZwConnectPort
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwCreateFile [0xAB251518]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwCreateKey [0xAB252126]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwCreatePort [0xAB250D28]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwCreateSection [0xAB2541E0]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwCreateSymbolicLinkObject [0xAB254568]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwCreateThread [0xAB250714]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwDeleteKey [0xAB251A9E]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwDeleteValueKey [0xAB251C9E]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwDuplicateObject [0xAB25051A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwEnumerateKey [0xAB252864]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwEnumerateValueKey [0xAB252ABA]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwLoadDriver [0xAB253BF0]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwMakeTemporaryObject [0xAB251110]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwOpenFile [0xAB2516F4]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwOpenKey [0xAB252116]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwOpenProcess [0xAB250148]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwOpenSection [0xAB2513B4]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwOpenThread [0xAB25034C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwQueryKey [0xAB252CC8]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwQueryMultipleValueKey [0xAB25311C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwQueryValueKey [0xAB252EDA]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwRenameKey [0xAB25267C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwRequestWaitReplyPort [0xAB25368C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwSecureConnectPort [0xAB253940]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwSetSecurityObject [0xAB251EEE]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwSetSystemInformation [0xAB253EE8]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwSetValueKey [0xAB2523F4]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwShutdownSystem [0xAB25107A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwSystemDebugControl [0xAB2512A0]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwTerminateProcess [0xAB250B2A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                                                     ZwTerminateThread [0xAB250918]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2C08                                                                                                                           805039DC 4 Bytes  [E8, 90, E7, E1]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2F4C                                                                                                                           80503D20 4 Bytes  CALL A6FB6263 
.text           C:\WINDOWS\System32\DRIVERS\nv4_mini.sys                                                                                                                       section is writeable [0xB96A6380, 0x2FF527, 0xE8000020]
?               C:\DOCUME~1\PUNIT\LOCALS~1\Temp\mbr.sys                                                                                                                        The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[236] ntdll.dll!NtAllocateVirtualMemory                                                              7C90CF6E 5 Bytes  JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[236] ntdll.dll!NtClose                                                                              7C90CFEE 5 Bytes  JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[236] ntdll.dll!NtCreateFile                                                                         7C90D0AE 5 Bytes  JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[236] ntdll.dll!NtCreateProcess                                                                      7C90D14E 5 Bytes  JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[236] ntdll.dll!NtCreateProcessEx                                                                    7C90D15E 5 Bytes  JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[236] ntdll.dll!NtDeleteFile                                                                         7C90D23E 5 Bytes  JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[236] ntdll.dll!NtFreeVirtualMemory                                                                  7C90D38E 5 Bytes  JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[236] ntdll.dll!NtLoadDriver                                                                         7C90D46E 5 Bytes  JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Program File

Information Security windows-virus

punitmanik 0 Newbie Poster

14 Years Ago

Re: Virus is changing taskbar color to gray and disables my sound

Thanks for your response jyoticse804, I can only afford free versions of the software right now.

Till now the free version of Antimalware worked great and had saved me from lots of infections, but this time it is not detecting any issues.

Information Security windows-virus

punitmanik 0 Newbie Poster

14 Years Ago

Virus is changing taskbar color to gray and disables my sound

Hi All,
I know that this question has been asked earlier but my hijackthis log did not contained the entries mentioned by previous members.

I am facing the same problem, my taskbar changes color after around 15 min and sound gets disabled, I ran Malwarebytes Anti-Malware but there were no problems reported by it, my Hijack this log is posted below, please help. Sorry if I am breaking any forum rules is this is my first post.

------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:55:58 PM, on 5/9/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\PUNIT\My Documents\Downloads\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com/avcenter/expanded_threats/virus_worm_trojan_horse.html
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {04992EB8-B0FB-4D1B-8316-E5C043CB2A58} - C:\WINDOWS\system32\tuvVMdDT.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - …

Information Security windows-virus