Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search results are redirected (DDS and Attch provied)


  • This topic is locked This topic is locked
10 replies to this topic

#1 mikekumar

mikekumar

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 02 July 2009 - 10:52 AM

HI all thanks in advance

everytime i do a search on google and then when i click on the results they get redirected to myspace or some ad site

i need to close that link, go to google search result page and click again

Please i have been redirected from manyplace to here i hope to get some expert advice pls

I have followed the inhouse tutorial (thanks who wrote it, brill to follow).

I am safe mode and running firfox

as per req my logs files are

DDS


DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Mayank360degreesIT at 16:41:57.53 on 02/07/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.2037.1540 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Users\Mayank360degreesIT\Desktop\help\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: MSN helper: {10c0b0c0-fc01-473b-8ebb-4376353f96e4} - bekbn.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [O2Start] c:\program files\o2cm-ce\o2 connection manager\tscui.exe /s
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: NameServer = 85.255.112.82,85.255.112.152
TCP: {1B19490C-4AD7-4F81-BB64-3E6FCD883E47} = 85.255.112.82,85.255.112.152
TCP: {626EB13C-11BD-4E38-9194-5B7D37AF32EC} = 85.255.112.82,85.255.112.152
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mayank~1\appdata\roaming\mozilla\firefox\profiles\cpecyevi.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-26 108552]
R3 NETw2v32;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2009-5-27 2595840]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-26 327688]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-26 906520]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-26 298776]
S2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-5-18 185640]

=============== Created Last 30 ================

2009-07-02 15:17 <DIR> --d----- c:\program files\Trend Micro
2009-07-01 18:04 184,240 a------- C:\PC-POP.001
2009-07-01 18:04 184,240 a------- C:\PC-POP.000
2009-06-29 14:10 621,056 a------- c:\windows\system32\drivers\mod7700.sys
2009-06-29 14:10 103,680 a------- c:\windows\system32\drivers\ewusbfake.sys
2009-06-29 14:10 101,504 a------- c:\windows\system32\drivers\ewusbmdm.sys
2009-06-29 14:10 100,864 a------- c:\windows\system32\drivers\ewusbnet.sys
2009-06-29 14:10 23,424 a------- c:\windows\system32\drivers\ewdcsc.sys
2009-06-29 12:07 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-06-29 12:07 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-06-26 18:49 <DIR> --d----- c:\program files\Passware
2009-06-26 18:48 <DIR> --d----- c:\program files\1a MS Access Password Recovery
2009-06-26 15:26 696 a------- c:\windows\system32\jetodbc.rsp
2009-06-26 15:25 <DIR> --d----- c:\program files\Landlords Property Manager Regular
2009-06-25 18:35 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-06-25 18:34 <DIR> --d----- c:\users\mayank360degreesit\.housecall6.6
2009-06-25 02:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-23 21:30 108 a------- C:\index.ini
2009-06-23 20:40 190,639,079 a------- c:\windows\MEMORY.DMP
2009-06-23 17:09 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-06-22 15:46 <DIR> a-d----- c:\programdata\TEMP
2009-06-22 15:46 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-22 13:18 45 a------- c:\windows\system32\initdebug.nfo
2009-06-22 13:18 <DIR> --d----- c:\program files\SpeedFan
2009-06-18 15:04 30,039 a------- c:\windows\FontData.fdb
2009-06-16 17:51 <DIR> --d----- c:\program files\PowerDataRecovery
2009-06-16 17:35 <DIR> --d----- c:\program files\uTorrent
2009-06-16 17:35 <DIR> --d----- c:\users\mayank~1\appdata\roaming\uTorrent
2009-06-16 17:09 <DIR> --d----- C:\hello
2009-06-16 16:19 8 ---shr-- c:\programdata\B4BD7BC3E6.sys
2009-06-16 16:19 8 ---shr-- c:\progra~2\B4BD7BC3E6.sys
2009-06-16 16:19 2,828 a--sh--- c:\programdata\KGyGaAvL.sys
2009-06-16 16:19 2,828 a--sh--- c:\progra~2\KGyGaAvL.sys
2009-06-16 16:06 <DIR> --d----- c:\program files\common files\Protexis
2009-06-16 16:06 <DIR> --d----- c:\programdata\Corel
2009-06-16 16:06 <DIR> --d----- c:\progra~2\Corel
2009-06-16 16:02 <DIR> --d----- c:\program files\common files\Corel
2009-06-16 16:01 <DIR> --d----- c:\program files\Corel
2009-06-16 13:35 <DIR> --d----- c:\programdata\Adobe
2009-06-16 13:32 <DIR> --d----- c:\programdata\NOS
2009-06-10 12:20 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-10 09:48 70,144 a------- c:\windows\system32\inform.dat
2009-06-10 09:48 16,164 a------- c:\windows\system32\fkas
2009-06-09 20:24 <DIR> --d----- C:\PerfLogs
2009-06-09 20:00 152,576 a------- c:\windows\system32\SPWizUI.dll
2009-06-09 20:00 47,560 a------- c:\windows\system32\SPReview.exe
2009-06-09 19:28 193,024 a------- c:\windows\system32\recdisc.exe
2009-06-09 19:28 6,656 a------- c:\windows\system32\sdspres.dll
2009-06-09 19:26 154,624 a------- c:\windows\system32\nlmgp.dll
2009-06-09 19:25 597,504 a------- c:\windows\system32\cscui.dll
2009-06-09 19:24 473,088 a------- c:\windows\system32\FXSCOMEX.dll
2009-06-09 19:17 6,656 a------- c:\windows\system32\kbd106n.dll
2009-06-09 19:17 44,032 a------- c:\windows\system32\cbsra.exe
2009-06-09 19:15 131,072 a------- c:\windows\SPInstall.etl
2009-06-09 18:00 <DIR> --d----- c:\windows\system32\appmgmt
2009-06-07 14:49 <DIR> --d----- c:\users\mayank~1\appdata\roaming\Vodafone
2009-06-07 14:49 <DIR> --d----- c:\programdata\InstallShield
2009-06-07 14:49 <DIR> --d----- c:\programdata\Vodafone
2009-06-07 14:49 <DIR> --d----- c:\progra~2\Vodafone
2009-06-03 16:45 376 a------- c:\windows\ODBC.INI
2009-06-03 16:44 17,920 a------- c:\windows\system32\mdimon.dll
2009-06-03 16:41 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-06-03 16:31 <DIR> --d----- c:\users\mayank~1\appdata\roaming\Tatara Systems
2009-06-03 16:23 <DIR> --d----- c:\programdata\O2CM-CE
2009-06-03 16:23 <DIR> --d----- c:\programdata\Novatel Wireless
2009-06-03 16:23 <DIR> --d----- c:\program files\O2CM-CE
2009-06-03 16:23 <DIR> --d----- c:\progra~2\O2CM-CE
2009-06-03 16:23 <DIR> --d----- c:\progra~2\Novatel Wireless

==================== Find3M ====================

2009-06-29 14:10 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-29 14:10 51,200 a------- c:\windows\inf\infpub.dat
2009-06-29 14:10 86,016 a------- c:\windows\inf\infstor.dat
2009-06-29 12:06 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 12:06 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-09 20:55 174 a--sh--- c:\program files\desktop.ini
2009-06-09 20:24 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-09 20:12 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-06-09 20:12 82,432 a------- c:\windows\system32\axaltocm.dll
2009-05-27 04:34 2,772,992 a------- c:\windows\system32\NETw4r32.dll
2009-05-27 04:34 684,032 a------- c:\windows\system32\NETw4c32.dll
2009-05-27 04:34 2,595,840 a------- c:\windows\system32\drivers\NETw2v32.sys
2009-05-26 15:10 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-26 01:50 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-05-26 01:50 272,896 a------- c:\windows\system32\polstore.dll
2009-05-26 01:50 61,440 a------- c:\windows\system32\winipsec.dll
2009-05-26 01:50 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-05-26 01:48 376,832 a------- c:\windows\system32\winhttp.dll
2009-05-26 01:47 296,960 a------- c:\windows\system32\gdi32.dll
2009-05-26 01:46 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-26 01:45 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-05-26 01:45 38,912 a------- c:\windows\system32\xolehlp.dll
2009-05-26 01:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-05-26 01:44 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-05-26 01:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-05-26 01:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-05-26 01:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-05-26 01:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-05-26 01:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-05-26 01:44 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-26 01:44 1,695,744 a------- c:\windows\system32\gameux.dll
2009-05-26 01:43 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-05-26 01:43 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-05-26 01:43 2,048 a------- c:\windows\system32\msxml3r.dll
2009-05-26 01:41 2,048 a------- c:\windows\system32\tzres.dll
2009-05-26 01:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-05-26 01:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-05-26 01:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-05-26 01:37 2,927,104 a------- c:\windows\explorer.exe
2009-05-26 01:33 6,237,696 a------- c:\windows\system32\NlsLexicons000c.dll
2009-05-26 01:31 4,152,184 a------- c:\windows\system32\wgaer_m.exe
2009-05-26 01:29 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-05-26 01:29 441,400 a------- c:\windows\system32\drivers\ksecdd.sys
2009-05-26 01:29 72,704 a------- c:\windows\system32\secur32.dll
2009-05-26 01:29 9,728 a------- c:\windows\system32\lsass.exe
2009-05-26 01:29 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-05-26 01:29 24,064 a------- c:\windows\system32\amxread.dll
2009-05-26 01:29 13,824 a------- c:\windows\system32\apilogen.dll
2009-05-26 01:29 443,392 a------- c:\windows\system32\win32spl.dll
2009-05-26 01:29 37,888 a------- c:\windows\system32\printcom.dll
2009-05-26 01:28 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-05-26 01:28 14,848 a------- c:\windows\system32\wshrm.dll
2009-05-26 01:27 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-05-26 01:26 268,288 a------- c:\windows\system32\schannel.dll
2009-05-26 01:25 2,868,736 a------- c:\windows\system32\mf.dll
2009-05-26 01:25 98,816 a------- c:\windows\system32\mfps.dll
2009-05-26 01:25 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-05-26 01:25 24,576 a------- c:\windows\system32\mfpmp.exe
2009-05-26 01:25 2,048 a------- c:\windows\system32\mferror.dll
2009-05-26 01:25 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-05-26 01:25 94,720 a------- c:\windows\system32\logagent.exe
2009-05-26 01:25 738,304 a------- c:\windows\system32\inetcomm.dll
2009-05-26 01:25 84,480 a------- c:\windows\system32\INETRES.dll
2009-05-26 01:24 1,314,816 a------- c:\windows\system32\quartz.dll
2009-05-26 01:24 2,033,152 a------- c:\windows\system32\win32k.sys
2009-05-26 01:21 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-05-26 01:21 2,048 a------- c:\windows\system32\msxml6r.dll
2009-05-26 01:18 72,704 a------- c:\windows\system32\admparse.dll
2009-05-26 01:18 827,392 a------- c:\windows\system32\wininet.dll
2009-05-26 01:18 78,336 a------- c:\windows\system32\ieencode.dll
2009-05-26 01:18 48,128 a------- c:\windows\system32\mshtmler.dll
2009-05-26 01:18 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-05-25 23:41 319,456 a------- c:\windows\DIFxAPI.dll
2009-05-25 23:32 540,672 a------- c:\windows\RtlExUpd.dll
2009-05-25 22:52 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-05-25 22:51 83,456 a------- c:\windows\system32\wudriver.dll
2009-05-25 22:50 162,064 a------- c:\windows\system32\wuwebv.dll
2009-05-25 22:50 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 13:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-07-11 16:27 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:42:25.47 ===============

Attach LOG


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/16/2009 1:42:57 AM
System Uptime: 7/2/2009 4:15:25 PM (0 hours ago)

Motherboard: CLEVO Co. | | M5X0G
Processor: Intel® Pentium® M processor 1.73GHz | U1 | 1729/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 16.183 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel

Class GUID:
Description: PCI FLASH Memory
Device ID: PCI\VEN_1524&DEV_0530&SUBSYS_54011558&REV_01\4&15FA4845&0&39F0
Manufacturer:
Name: PCI FLASH Memory
PNP Device ID: PCI\VEN_1524&DEV_0530&SUBSYS_54011558&REV_01\4&15FA4845&0&39F0
Service:

Class GUID:
Description: PCI FLASH Memory
Device ID: PCI\VEN_1524&DEV_0551&SUBSYS_54011558&REV_01\4&15FA4845&0&3CF0
Manufacturer:
Name: PCI FLASH Memory
PNP Device ID: PCI\VEN_1524&DEV_0551&SUBSYS_54011558&REV_01\4&15FA4845&0&3CF0
Service:

==== System Restore Points ===================


==== Installed Programs ======================

1a MS Access Password Recovery 6.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AFD Postcode
µTorrent
AVG Free 8.5
Choice Guard
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
EVEREST Home Edition v2.20
HijackThis 2.0.2
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 14
Landlords PMR 2008
Microsoft Application Error Reporting
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (SQLEXPRESS)
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.11)
MSVCRT
O2 Connection Manager
Optifocus 9 (Beta)
Passware Kit 6.5 Demo
Power Data Recovery 4.1.2
Realtek High Definition Audio Driver
SpeedFan (remove only)
SpywareBlaster 4.2
TeamViewer 4
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver

==== End Of File ===========================


please i await any reply egerly

MANY MANY THANKS for this brill site and service

Edited by mikekumar, 02 July 2009 - 11:58 AM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:52 AM

Posted 03 July 2009 - 09:05 PM

Hello mikekumar,

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

****************

Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

If MBAM will not install, please rename the installer mbam-setup.exe. Example: newtool.exe
Proceed installing the renamed installer of MBAM.

If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtool.exe, double click newtool.exe to proceed in running a full scan.


* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh DDS log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 mikekumar

mikekumar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 07 July 2009 - 01:28 PM

hi there sifumike
thanks for getting back to me and helping me

I did as you adviced

checkup log

Results of screen317's Security Check version 0.98.4
Windows Vista Service Pack 1
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
AVGFree8.5
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

SpywareBlaster 4.2
HijackThis 2.0.2
Java™ 6 Update 14
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Windows Defender MSASCui.exe
Windows Defender MsMpEng.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 29 seconds.
`````````End of Log```````````


Then i downloaded malware and tried to run it and it didnt run so as adviced i renamed it to newtool and then run it. I have tired this on 4 occasions and it hangs after about 40 mins (NOT Responding)

1 time it froze and windows defender started for some reason -----> comp went too slow --->forced restart
2 time same as above
3 time disabled windows defender and then tired and malware freezes again
4. time i tired perform quick scan instead of Full scan. -----> freezes about 40 mins again

pls advice me what to do then i still have the same problem everytime i click on google search results i get re-directed to some other pages

once again thanks for you help

i shall await you reply

regards
mike kumar

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:52 AM

Posted 07 July 2009 - 02:46 PM

Hi Mike,

Try this random renamer for MBAM http://kixhelp.com/wr/files/mb/randmbam.exe


We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

If the random renamer works then post the MBAM log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 mikekumar

mikekumar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 09 July 2009 - 08:56 AM

hi sifumike

sorry my friend no luck.

I did manage to run the scan using Random renamer 3 times and all the time it freezes 40 mins later and i cant close the applicaiton i have to force reset.

Anything else you can think off to help me sort this..


thanks a lot

regards
mikekumar

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:52 AM

Posted 09 July 2009 - 11:33 AM

Hi mike,

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your AVG Antivirus and Windows Defender before running ComboFix, as they will prevent it from running.

To disable AVG antivirus:  
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: Posted Image) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, ( I’ll let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.

To disable Windows Defender:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.



Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..
Post the log from ComboFix in your next reply,

A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 mikekumar

mikekumar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 12 July 2009 - 05:24 PM

hi sifumike

sorry for the delay.

I cant run combofix. everytime i dbl click it will ask to click on RUN and then nothing happens

I rebooted laptop and opened safe mode.

ran randmbam which ran smoothly and found 11 errors. i fixed it and restarted as adviced (u and software)

It seems i dont get redirected to other website from google search anymore but comp is a bit slow on the interent as it its doing somthing in the background

i have run the DDS and here its the logs pls check and advice many thanks

DDS log


DDS (Ver_09-06-26.01) - NTFSx86
Run by Mayank360degreesIT at 23:14:09.18 on 12/07/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.2037.1136 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Mayank360degreesIT\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [O2Start] c:\program files\o2cm-ce\o2 connection manager\tscui.exe /s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mayank~1\appdata\roaming\mozilla\firefox\profiles\cpecyevi.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-26 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-26 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-26 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-26 298776]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-5-18 185640]
R3 NETw2v32;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2009-5-27 2595840]

=============== Created Last 30 ================

2009-07-12 13:17 <DIR> --d----- c:\users\mayank360degreesit\VirtueMart
2009-07-11 13:32 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-07-11 13:21 <DIR> --d----- c:\program files\Windows Mobile Device Handbook
2009-07-08 14:46 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-07-08 12:52 <DIR> --d--r-- c:\program files\Skype
2009-07-08 12:52 <DIR> --d----- c:\programdata\Skype
2009-07-07 13:12 <DIR> --d----- c:\users\mayank~1\appdata\roaming\Malwarebytes
2009-07-07 13:09 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-07 13:09 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-07 13:09 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-07 13:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-07 13:09 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-02 15:17 <DIR> --d----- c:\program files\Trend Micro
2009-07-01 18:04 184,240 a------- C:\PC-POP.001
2009-07-01 18:04 184,240 a------- C:\PC-POP.000
2009-06-29 14:10 621,056 a------- c:\windows\system32\drivers\mod7700.sys
2009-06-29 14:10 103,680 a------- c:\windows\system32\drivers\ewusbfake.sys
2009-06-29 14:10 101,504 a------- c:\windows\system32\drivers\ewusbmdm.sys
2009-06-29 14:10 100,864 a------- c:\windows\system32\drivers\ewusbnet.sys
2009-06-29 14:10 23,424 a------- c:\windows\system32\drivers\ewdcsc.sys
2009-06-29 12:07 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-06-29 12:07 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-06-26 18:49 <DIR> --d----- c:\program files\Passware
2009-06-26 18:48 <DIR> --d----- c:\program files\1a MS Access Password Recovery
2009-06-26 15:26 696 a------- c:\windows\system32\jetodbc.rsp
2009-06-26 15:25 <DIR> --d----- c:\program files\Landlords Property Manager Regular
2009-06-25 18:35 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-06-25 18:34 <DIR> --d----- c:\users\mayank360degreesit\.housecall6.6
2009-06-25 02:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-23 21:30 108 a------- C:\index.ini
2009-06-23 20:40 190,639,079 a------- c:\windows\MEMORY.DMP
2009-06-23 17:09 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-06-22 15:46 <DIR> a-d----- c:\programdata\TEMP
2009-06-22 15:46 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-22 13:18 45 a------- c:\windows\system32\initdebug.nfo
2009-06-22 13:18 <DIR> --d----- c:\program files\SpeedFan
2009-06-18 15:04 30,039 a------- c:\windows\FontData.fdb
2009-06-16 17:51 <DIR> --d----- c:\program files\PowerDataRecovery
2009-06-16 17:35 <DIR> --d----- c:\program files\uTorrent
2009-06-16 17:35 <DIR> --d----- c:\users\mayank~1\appdata\roaming\uTorrent
2009-06-16 17:09 <DIR> --d----- C:\hello
2009-06-16 16:19 8 ---shr-- c:\programdata\B4BD7BC3E6.sys
2009-06-16 16:19 8 ---shr-- c:\progra~2\B4BD7BC3E6.sys
2009-06-16 16:19 2,828 a--sh--- c:\programdata\KGyGaAvL.sys
2009-06-16 16:19 2,828 a--sh--- c:\progra~2\KGyGaAvL.sys
2009-06-16 16:06 <DIR> --d----- c:\program files\common files\Protexis
2009-06-16 16:06 <DIR> --d----- c:\programdata\Corel
2009-06-16 16:06 <DIR> --d----- c:\progra~2\Corel
2009-06-16 16:02 <DIR> --d----- c:\program files\common files\Corel
2009-06-16 16:01 <DIR> --d----- c:\program files\Corel
2009-06-16 13:35 <DIR> --d----- c:\programdata\Adobe
2009-06-16 13:32 <DIR> --d----- c:\programdata\NOS

==================== Find3M ====================

2009-07-11 13:24 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-11 13:24 86,016 a------- c:\windows\inf\infstor.dat
2009-07-11 13:24 51,200 a------- c:\windows\inf\infpub.dat
2009-06-29 12:06 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 12:06 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-10 12:20 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-10 09:53 70,144 a------- c:\windows\system32\inform.dat
2009-06-09 20:55 174 a--sh--- c:\program files\desktop.ini
2009-06-09 20:24 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-09 20:12 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-06-09 20:12 82,432 a------- c:\windows\system32\axaltocm.dll
2009-06-09 19:15 152,576 a------- c:\windows\system32\SPWizUI.dll
2009-06-09 19:15 47,560 a------- c:\windows\system32\SPReview.exe
2009-05-27 04:34 2,772,992 a------- c:\windows\system32\NETw4r32.dll
2009-05-27 04:34 684,032 a------- c:\windows\system32\NETw4c32.dll
2009-05-27 04:34 2,595,840 a------- c:\windows\system32\drivers\NETw2v32.sys
2009-05-26 15:10 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-26 01:50 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-05-26 01:50 272,896 a------- c:\windows\system32\polstore.dll
2009-05-26 01:50 61,440 a------- c:\windows\system32\winipsec.dll
2009-05-26 01:50 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-05-26 01:48 376,832 a------- c:\windows\system32\winhttp.dll
2009-05-26 01:47 296,960 a------- c:\windows\system32\gdi32.dll
2009-05-26 01:46 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-26 01:45 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-05-26 01:45 38,912 a------- c:\windows\system32\xolehlp.dll
2009-05-26 01:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-05-26 01:44 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-05-26 01:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-05-26 01:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-05-26 01:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-05-26 01:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-05-26 01:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-05-26 01:44 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-26 01:44 1,695,744 a------- c:\windows\system32\gameux.dll
2009-05-26 01:43 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-05-26 01:43 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-05-26 01:43 2,048 a------- c:\windows\system32\msxml3r.dll
2009-05-26 01:41 2,048 a------- c:\windows\system32\tzres.dll
2009-05-26 01:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-05-26 01:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-05-26 01:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-05-26 01:37 2,927,104 a------- c:\windows\explorer.exe
2009-05-26 01:33 6,237,696 a------- c:\windows\system32\NlsLexicons000c.dll
2009-05-26 01:31 4,152,184 a------- c:\windows\system32\wgaer_m.exe
2009-05-26 01:29 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-05-26 01:29 441,400 a------- c:\windows\system32\drivers\ksecdd.sys
2009-05-26 01:29 72,704 a------- c:\windows\system32\secur32.dll
2009-05-26 01:29 9,728 a------- c:\windows\system32\lsass.exe
2009-05-26 01:29 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-05-26 01:29 24,064 a------- c:\windows\system32\amxread.dll
2009-05-26 01:29 13,824 a------- c:\windows\system32\apilogen.dll
2009-05-26 01:29 443,392 a------- c:\windows\system32\win32spl.dll
2009-05-26 01:29 37,888 a------- c:\windows\system32\printcom.dll
2009-05-26 01:28 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-05-26 01:28 14,848 a------- c:\windows\system32\wshrm.dll
2009-05-26 01:27 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-05-26 01:26 268,288 a------- c:\windows\system32\schannel.dll
2009-05-26 01:25 2,868,736 a------- c:\windows\system32\mf.dll
2009-05-26 01:25 98,816 a------- c:\windows\system32\mfps.dll
2009-05-26 01:25 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-05-26 01:25 24,576 a------- c:\windows\system32\mfpmp.exe
2009-05-26 01:25 2,048 a------- c:\windows\system32\mferror.dll
2009-05-26 01:25 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-05-26 01:25 94,720 a------- c:\windows\system32\logagent.exe
2009-05-26 01:25 738,304 a------- c:\windows\system32\inetcomm.dll
2009-05-26 01:25 84,480 a------- c:\windows\system32\INETRES.dll
2009-05-26 01:24 1,314,816 a------- c:\windows\system32\quartz.dll
2009-05-26 01:24 2,033,152 a------- c:\windows\system32\win32k.sys
2009-05-26 01:21 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-05-26 01:21 2,048 a------- c:\windows\system32\msxml6r.dll
2009-05-26 01:18 72,704 a------- c:\windows\system32\admparse.dll
2009-05-26 01:18 827,392 a------- c:\windows\system32\wininet.dll
2009-05-26 01:18 78,336 a------- c:\windows\system32\ieencode.dll
2009-05-26 01:18 48,128 a------- c:\windows\system32\mshtmler.dll
2009-05-26 01:18 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-05-25 23:41 319,456 a------- c:\windows\DIFxAPI.dll
2009-05-25 23:32 540,672 a------- c:\windows\RtlExUpd.dll
2009-05-25 22:52 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-05-25 22:51 83,456 a------- c:\windows\system32\wudriver.dll
2009-05-25 22:50 162,064 a------- c:\windows\system32\wuwebv.dll
2009-05-25 22:50 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 13:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-07-11 16:27 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:17:18.69 ===============


Attach LOG


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/16/2009 1:42:57 AM
System Uptime: 7/12/2009 4:48:04 PM (7 hours ago)

Motherboard: CLEVO Co. | | M5X0G
Processor: Intel® Pentium® M processor 1.73GHz | U1 | 1733/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 15.454 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel

Class GUID:
Description: PCI FLASH Memory
Device ID: PCI\VEN_1524&DEV_0530&SUBSYS_54011558&REV_01\4&15FA4845&0&39F0
Manufacturer:
Name: PCI FLASH Memory
PNP Device ID: PCI\VEN_1524&DEV_0530&SUBSYS_54011558&REV_01\4&15FA4845&0&39F0
Service:

Class GUID:
Description: PCI FLASH Memory
Device ID: PCI\VEN_1524&DEV_0551&SUBSYS_54011558&REV_01\4&15FA4845&0&3CF0
Manufacturer:
Name: PCI FLASH Memory
PNP Device ID: PCI\VEN_1524&DEV_0551&SUBSYS_54011558&REV_01\4&15FA4845&0&3CF0
Service:

==== System Restore Points ===================


==== Installed Programs ======================

1a MS Access Password Recovery 6.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AFD Postcode
µTorrent
AVG Free 8.5
Choice Guard
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
EVEREST Home Edition v2.20
HijackThis 2.0.2
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 14
Landlords PMR 2008
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (SQLEXPRESS)
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.11)
MSVCRT
O2 Connection Manager
Optifocus 9 (Beta)
Passware Kit 6.5 Demo
Power Data Recovery 4.1.2
Realtek High Definition Audio Driver
Skype web features
Skype™ 4.1
SpeedFan (remove only)
SpywareBlaster 4.2
TeamViewer 4
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Mobile® Device Handbook
WinRAR archiver

==== End Of File ===========================

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:52 AM

Posted 12 July 2009 - 05:34 PM

Hi,

rebooted laptop and opened safe mode

Malwarebytes works best in the Normal Mode, not the safe mode.


Where is the Malwarebytes log? I asked that you post it.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire MBAM report (even if it does not find anything)


Please do this:
1. Download HijackThis here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.
Please post it.

Edited by SifuMike, 12 July 2009 - 05:40 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 mikekumar

mikekumar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 14 July 2009 - 09:18 AM

hi sifumike sorry for the delay

i have managed to get rid of it by using RootRepeal----> then Combofix

here is my DDS log please see if i am free from this horrible thing


DDS (Ver_09-06-26.01) - NTFSx86
Run by Mayank360degreesIT at 15:12:28.20 on 14/07/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.2037.1162 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Users\Mayank360degreesIT\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [O2Start] c:\program files\o2cm-ce\o2 connection manager\tscui.exe /s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mayank~1\appdata\roaming\mozilla\firefox\profiles\cpecyevi.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-26 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-26 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-26 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-26 298776]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-5-18 185640]
R3 NETw2v32;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2009-5-27 2595840]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-7-7 38160]

=============== Created Last 30 ================

2009-07-13 18:24 <DIR> --d----- c:\users\mayank360degreesit\WEBSITE
2009-07-13 02:09 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-12 13:17 <DIR> --d----- c:\users\mayank360degreesit\VirtueMart
2009-07-11 13:32 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-07-11 13:21 <DIR> --d----- c:\program files\Windows Mobile Device Handbook
2009-07-08 14:46 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-07-08 12:52 <DIR> --d--r-- c:\program files\Skype
2009-07-08 12:52 <DIR> --d----- c:\programdata\Skype
2009-07-07 13:12 <DIR> --d----- c:\users\mayank~1\appdata\roaming\Malwarebytes
2009-07-07 13:09 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-07 13:09 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-07 13:09 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-07 13:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-07 13:09 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-02 15:17 <DIR> --d----- c:\program files\Trend Micro
2009-07-01 18:04 184,240 a------- C:\PC-POP.001
2009-07-01 18:04 184,240 a------- C:\PC-POP.000
2009-06-29 14:10 621,056 a------- c:\windows\system32\drivers\mod7700.sys
2009-06-29 14:10 103,680 a------- c:\windows\system32\drivers\ewusbfake.sys
2009-06-29 14:10 101,504 a------- c:\windows\system32\drivers\ewusbmdm.sys
2009-06-29 14:10 100,864 a------- c:\windows\system32\drivers\ewusbnet.sys
2009-06-29 14:10 23,424 a------- c:\windows\system32\drivers\ewdcsc.sys
2009-06-29 12:07 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-06-29 12:07 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-06-26 18:49 <DIR> --d----- c:\program files\Passware
2009-06-26 18:48 <DIR> --d----- c:\program files\1a MS Access Password Recovery
2009-06-26 15:26 696 a------- c:\windows\system32\jetodbc.rsp
2009-06-26 15:25 <DIR> --d----- c:\program files\Landlords Property Manager Regular
2009-06-25 18:35 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-06-25 18:34 <DIR> --d----- c:\users\mayank360degreesit\.housecall6.6
2009-06-25 02:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-23 21:30 108 a------- C:\index.ini
2009-06-23 20:40 190,639,079 a------- c:\windows\MEMORY.DMP
2009-06-23 17:09 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-06-22 15:46 <DIR> a-d----- c:\programdata\TEMP
2009-06-22 15:46 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-22 13:18 45 a------- c:\windows\system32\initdebug.nfo
2009-06-22 13:18 <DIR> --d----- c:\program files\SpeedFan
2009-06-18 15:04 30,039 a------- c:\windows\FontData.fdb
2009-06-16 17:51 <DIR> --d----- c:\program files\PowerDataRecovery
2009-06-16 17:35 <DIR> --d----- c:\program files\uTorrent
2009-06-16 17:35 <DIR> --d----- c:\users\mayank~1\appdata\roaming\uTorrent
2009-06-16 17:09 <DIR> --d----- C:\hello
2009-06-16 16:19 8 ---shr-- c:\programdata\B4BD7BC3E6.sys
2009-06-16 16:19 8 ---shr-- c:\progra~2\B4BD7BC3E6.sys
2009-06-16 16:19 2,828 a--sh--- c:\programdata\KGyGaAvL.sys
2009-06-16 16:19 2,828 a--sh--- c:\progra~2\KGyGaAvL.sys
2009-06-16 16:06 <DIR> --d----- c:\program files\common files\Protexis
2009-06-16 16:06 <DIR> --d----- c:\programdata\Corel
2009-06-16 16:06 <DIR> --d----- c:\progra~2\Corel
2009-06-16 16:02 <DIR> --d----- c:\program files\common files\Corel
2009-06-16 16:01 <DIR> --d----- c:\program files\Corel
2009-06-16 13:35 <DIR> --d----- c:\programdata\Adobe
2009-06-16 13:32 <DIR> --d----- c:\programdata\NOS

==================== Find3M ====================

2009-07-11 13:24 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-11 13:24 86,016 a------- c:\windows\inf\infstor.dat
2009-07-11 13:24 51,200 a------- c:\windows\inf\infpub.dat
2009-06-29 12:06 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 12:06 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-10 12:20 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-09 20:55 174 a--sh--- c:\program files\desktop.ini
2009-06-09 20:24 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-09 20:12 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-06-09 20:12 82,432 a------- c:\windows\system32\axaltocm.dll
2009-06-09 19:15 152,576 a------- c:\windows\system32\SPWizUI.dll
2009-06-09 19:15 47,560 a------- c:\windows\system32\SPReview.exe
2009-05-27 04:34 2,772,992 a------- c:\windows\system32\NETw4r32.dll
2009-05-27 04:34 684,032 a------- c:\windows\system32\NETw4c32.dll
2009-05-27 04:34 2,595,840 a------- c:\windows\system32\drivers\NETw2v32.sys
2009-05-26 15:10 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-26 01:50 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-05-26 01:50 272,896 a------- c:\windows\system32\polstore.dll
2009-05-26 01:50 61,440 a------- c:\windows\system32\winipsec.dll
2009-05-26 01:50 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-05-26 01:48 376,832 a------- c:\windows\system32\winhttp.dll
2009-05-26 01:47 296,960 a------- c:\windows\system32\gdi32.dll
2009-05-26 01:46 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-26 01:45 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-05-26 01:45 38,912 a------- c:\windows\system32\xolehlp.dll
2009-05-26 01:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-05-26 01:44 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-05-26 01:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-05-26 01:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-05-26 01:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-05-26 01:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-05-26 01:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-05-26 01:44 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-26 01:44 1,695,744 a------- c:\windows\system32\gameux.dll
2009-05-26 01:43 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-05-26 01:43 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-05-26 01:43 2,048 a------- c:\windows\system32\msxml3r.dll
2009-05-26 01:41 2,048 a------- c:\windows\system32\tzres.dll
2009-05-26 01:39 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-05-26 01:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-05-26 01:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-05-26 01:37 2,927,104 a------- c:\windows\explorer.exe
2009-05-26 01:33 6,237,696 a------- c:\windows\system32\NlsLexicons000c.dll
2009-05-26 01:31 4,152,184 a------- c:\windows\system32\wgaer_m.exe
2009-05-26 01:29 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-05-26 01:29 441,400 a------- c:\windows\system32\drivers\ksecdd.sys
2009-05-26 01:29 72,704 a------- c:\windows\system32\secur32.dll
2009-05-26 01:29 9,728 a------- c:\windows\system32\lsass.exe
2009-05-26 01:29 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-05-26 01:29 24,064 a------- c:\windows\system32\amxread.dll
2009-05-26 01:29 13,824 a------- c:\windows\system32\apilogen.dll
2009-05-26 01:29 443,392 a------- c:\windows\system32\win32spl.dll
2009-05-26 01:29 37,888 a------- c:\windows\system32\printcom.dll
2009-05-26 01:28 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-05-26 01:28 14,848 a------- c:\windows\system32\wshrm.dll
2009-05-26 01:27 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-05-26 01:26 268,288 a------- c:\windows\system32\schannel.dll
2009-05-26 01:25 2,868,736 a------- c:\windows\system32\mf.dll
2009-05-26 01:25 98,816 a------- c:\windows\system32\mfps.dll
2009-05-26 01:25 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-05-26 01:25 24,576 a------- c:\windows\system32\mfpmp.exe
2009-05-26 01:25 2,048 a------- c:\windows\system32\mferror.dll
2009-05-26 01:25 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-05-26 01:25 94,720 a------- c:\windows\system32\logagent.exe
2009-05-26 01:25 738,304 a------- c:\windows\system32\inetcomm.dll
2009-05-26 01:25 84,480 a------- c:\windows\system32\INETRES.dll
2009-05-26 01:24 1,314,816 a------- c:\windows\system32\quartz.dll
2009-05-26 01:24 2,033,152 a------- c:\windows\system32\win32k.sys
2009-05-26 01:21 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-05-26 01:21 2,048 a------- c:\windows\system32\msxml6r.dll
2009-05-26 01:18 72,704 a------- c:\windows\system32\admparse.dll
2009-05-26 01:18 827,392 a------- c:\windows\system32\wininet.dll
2009-05-26 01:18 78,336 a------- c:\windows\system32\ieencode.dll
2009-05-26 01:18 48,128 a------- c:\windows\system32\mshtmler.dll
2009-05-26 01:18 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-05-25 23:41 319,456 a------- c:\windows\DIFxAPI.dll
2009-05-25 23:32 540,672 a------- c:\windows\RtlExUpd.dll
2009-05-25 22:52 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-05-25 22:51 83,456 a------- c:\windows\system32\wudriver.dll
2009-05-25 22:50 162,064 a------- c:\windows\system32\wuwebv.dll
2009-05-25 22:50 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 13:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-07-11 16:27 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:13:13.61 ===============


Attach LOG*****************************************************************************************


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/16/2009 1:42:57 AM
System Uptime: 7/14/2009 9:35:23 AM (6 hours ago)

Motherboard: CLEVO Co. | | M5X0G
Processor: Intel® Pentium® M processor 1.73GHz | U1 | 1733/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 16.629 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel

Class GUID:
Description: PCI FLASH Memory
Device ID: PCI\VEN_1524&DEV_0530&SUBSYS_54011558&REV_01\4&15FA4845&0&39F0
Manufacturer:
Name: PCI FLASH Memory
PNP Device ID: PCI\VEN_1524&DEV_0530&SUBSYS_54011558&REV_01\4&15FA4845&0&39F0
Service:

Class GUID:
Description: PCI FLASH Memory
Device ID: PCI\VEN_1524&DEV_0551&SUBSYS_54011558&REV_01\4&15FA4845&0&3CF0
Manufacturer:
Name: PCI FLASH Memory
PNP Device ID: PCI\VEN_1524&DEV_0551&SUBSYS_54011558&REV_01\4&15FA4845&0&3CF0
Service:

==== System Restore Points ===================

RP246: 7/13/2009 10:50:05 AM - Scheduled Checkpoint
RP247: 7/14/2009 10:13:57 AM - Scheduled Checkpoint

==== Installed Programs ======================

1a MS Access Password Recovery 6.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AFD Postcode
µTorrent
AVG Free 8.5
Choice Guard
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
EVEREST Home Edition v2.20
HijackThis 2.0.2
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 14
Landlords PMR 2008
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (SQLEXPRESS)
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.11)
MSVCRT
O2 Connection Manager
Optifocus 9 (Beta)
Passware Kit 6.5 Demo
Power Data Recovery 4.1.2
Realtek High Definition Audio Driver
Skype web features
Skype™ 4.1
SpeedFan (remove only)
SpywareBlaster 4.2
TeamViewer 4
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Mobile® Device Handbook
WinRAR archiver

==== Event Viewer Messages From Past Week ========

7/9/2009 9:29:24 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.73 for the Network Card with network address 00166F758488 has been denied by the DHCP server 192.168.1.20 (The DHCP Server sent a DHCPNACK message).
7/9/2009 12:59:41 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 00166F758488 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
7/9/2009 12:55:22 PM, Error: EventLog [6008] - The previous system shutdown at 21:18:08 on 08/07/2009 was unexpected.
7/9/2009 11:25:29 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.55.9.197 for the Network Card with network address 00166F758488 has been denied by the DHCP server 192.168.1.20 (The DHCP Server sent a DHCPNACK message).
7/9/2009 11:06:19 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 00166F758488 has been denied by the DHCP server 10.55.9.193 (The DHCP Server sent a DHCPNACK message).
7/9/2009 10:28:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/9/2009 10:27:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX cdrom CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
7/9/2009 10:27:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2009 10:27:49 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2009 10:27:49 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2009 10:27:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2009 10:27:49 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2009 10:27:49 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2009 10:27:49 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2009 10:27:49 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2009 10:27:49 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2009 10:27:49 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2009 10:27:49 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2009 10:27:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2009 10:27:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/9/2009 10:27:49 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/9/2009 10:27:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/9/2009 10:27:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/9/2009 10:27:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/9/2009 10:27:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/9/2009 10:27:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/9/2009 1:02:25 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.25.67.114 for the Network Card with network address 00166F758488 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
7/8/2009 12:38:57 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.67 for the Network Card with network address 00166F758488 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
7/8/2009 1:23:26 PM, Error: netbt [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
7/7/2009 7:10:27 PM, Error: EventLog [6008] - The previous system shutdown at 19:05:30 on 07/07/2009 was unexpected.
7/7/2009 5:27:14 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.66 for the Network Card with network address 00166F758488 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
7/7/2009 5:25:08 PM, Error: EventLog [6008] - The previous system shutdown at 17:23:22 on 07/07/2009 was unexpected.
7/7/2009 4:52:32 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.48.227.187 for the Network Card with network address 00166F758488 has been denied by the DHCP server 10.0.0.138 (The DHCP Server sent a DHCPNACK message).
7/7/2009 4:41:00 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{626EB13C-11BD-4E38-9194-5B7D37AF32EC} because another computer on the network has the same name. The server could not start.
7/7/2009 4:40:30 PM, Error: EventLog [6008] - The previous system shutdown at 16:38:13 on 07/07/2009 was unexpected.
7/7/2009 2:02:04 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.98 for the Network Card with network address 00166F758488 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
7/7/2009 12:54:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
7/7/2009 1:59:53 PM, Error: EventLog [6008] - The previous system shutdown at 13:57:49 on 07/07/2009 was unexpected.
7/7/2009 1:12:50 PM, Error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find message text for message number 0xMBAMSwissArmy in the message file for The system cannot find message text for message number 0x%1 in the message file for %2..
7/13/2009 2:22:12 AM, Error: Service Control Manager [7034] - The TeamViewer 4 service terminated unexpectedly. It has done this 1 time(s).
7/13/2009 2:22:12 AM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
7/13/2009 2:22:12 AM, Error: Service Control Manager [7034] - The SQL Server (SQLEXPRESS) service terminated unexpectedly. It has done this 1 time(s).
7/13/2009 2:22:12 AM, Error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
7/13/2009 2:22:12 AM, Error: Service Control Manager [7034] - The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
7/13/2009 2:22:12 AM, Error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
7/13/2009 2:08:44 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
7/13/2009 1:55:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
7/13/2009 1:55:27 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/13/2009 1:43:16 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 00166F758488 has been denied by the DHCP server 10.55.9.193 (The DHCP Server sent a DHCPNACK message).
7/13/2009 1:42:21 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.55.9.194 for the Network Card with network address 00166F758488 has been denied by the DHCP server 192.168.1.20 (The DHCP Server sent a DHCPNACK message).
7/12/2009 11:58:39 PM, Error: EventLog [6008] - The previous system shutdown at 23:56:30 on 12/07/2009 was unexpected.
7/12/2009 10:45:59 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.55.9.198 for the Network Card with network address 00166F758488 has been denied by the DHCP server 192.168.1.20 (The DHCP Server sent a DHCPNACK message).
7/12/2009 10:29:32 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.66 for the Network Card with network address 00166F758488 has been denied by the DHCP server 10.55.9.193 (The DHCP Server sent a DHCPNACK message).
7/10/2009 11:28:49 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.73 for the Network Card with network address 00166F758488 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

*(*(*(*((*(*((*(*(*(*(*(*(*(***(*(*( COMBOFIX LOG *)*)*))*)*)**))*))*)*)*)*)*)*)*)*)*)*)*)*)*)*)*)*)*)*)*)*)*

ComboFix 09-07-09.03 - Mayank360degreesIT 13/07/2009 1:55.1.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.2037.1456 [GMT 1:00]
Running from: c:\users\Mayank360degreesIT\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
C:\RootRepeal.exe
c:\windows\system32\drivers\MSIVXccwktibyuuovixpfdexqrohdreefwfqm.sys
c:\windows\system32\inform.dat
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXgeisnrembuovcupcnfhgipxnxqtyokwm.dll
c:\windows\system32\MSIVXptcepyamsefujsxfmvmorrohytqmodih.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-13 01:00 . 2009-07-13 01:05 -------- d-----w- c:\users\Mayank360degreesIT\AppData\Local\temp
2009-07-12 12:17 . 2009-07-12 12:18 -------- d-----w- c:\users\Mayank360degreesIT\VirtueMart
2009-07-11 12:21 . 2009-07-11 12:21 -------- d-----w- c:\program files\Windows Mobile Device Handbook
2009-07-09 23:31 . 2009-07-13 00:26 0 ----a-w- c:\users\Mayank360degreesIT\AppData\Local\prvlcl.dat
2009-07-09 16:08 . 2009-06-14 15:07 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2009-07-08 13:46 . 2009-07-12 23:02 -------- d-----w- c:\users\Mayank360degreesIT\AppData\Roaming\skypePM
2009-07-08 13:46 . 2009-07-08 13:46 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-08 11:53 . 2009-07-13 01:04 -------- d-----w- c:\users\Mayank360degreesIT\AppData\Roaming\Skype
2009-07-08 11:52 . 2009-07-08 11:52 -------- d-----w- c:\program files\Common Files\Skype
2009-07-08 11:52 . 2009-07-08 11:53 -------- d-----r- c:\program files\Skype
2009-07-08 11:52 . 2009-07-08 11:52 -------- d-----w- c:\programdata\Skype
2009-07-07 12:12 . 2009-07-07 12:12 -------- d-----w- c:\users\Mayank360degreesIT\AppData\Roaming\Malwarebytes
2009-07-07 12:09 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-07 12:09 . 2009-07-12 22:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-07 12:09 . 2009-07-07 12:09 -------- d-----w- c:\programdata\Malwarebytes
2009-07-07 12:09 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-02 14:17 . 2009-07-02 14:17 -------- d-----w- c:\program files\Trend Micro
2009-06-29 13:10 . 2008-08-22 11:06 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2009-06-29 13:10 . 2008-08-22 11:06 100864 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2009-06-29 13:10 . 2008-08-22 11:06 101504 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-06-29 13:10 . 2008-08-22 11:06 103680 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2009-06-29 13:10 . 2008-08-22 11:05 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-06-29 11:21 . 2009-06-29 11:21 -------- d-----w- c:\users\Mayank360degreesIT\AppData\Local\AVG Security Toolbar
2009-06-29 11:07 . 2009-06-29 11:06 832144 ----a-w- c:\programdata\avg8\update\backup\AVGToolbarInstall.exe
2009-06-29 11:07 . 2009-07-09 16:08 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-26 17:49 . 2009-06-26 17:49 -------- d-----w- c:\program files\Passware
2009-06-26 17:48 . 2009-06-26 17:48 -------- d-----w- c:\program files\1a MS Access Password Recovery
2009-06-26 14:26 . 2009-06-26 14:26 -------- d-----w- c:\users\Mayank360degreesIT\AppData\Local\IsolatedStorage
2009-06-26 14:25 . 2009-06-29 17:54 -------- d-----w- c:\program files\Landlords Property Manager Regular
2009-06-26 10:40 . 2009-06-26 10:40 55752 ----a-w- c:\users\Mayank360degreesIT\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-26 10:40 . 2009-07-13 01:03 680 ----a-w- c:\users\Mayank360degreesIT\AppData\Local\d3d9caps.dat
2009-06-25 17:35 . 2009-06-25 17:34 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-25 17:34 . 2009-06-25 17:36 -------- d-----w- c:\users\Mayank360degreesIT\.housecall6.6
2009-06-25 01:13 . 2009-06-25 01:13 -------- d-----w- c:\windows\Sun
2009-06-25 01:05 . 2009-06-25 01:05 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-25 01:05 . 2009-06-25 01:05 -------- d-----w- c:\program files\Java
2009-06-22 14:46 . 2009-06-26 12:18 -------- d-----w- c:\program files\SpywareBlaster
2009-06-22 12:18 . 2009-07-12 15:29 -------- d-----w- c:\program files\SpeedFan
2009-06-20 19:40 . 2009-06-20 19:40 -------- d-----w- c:\users\Mayank360degreesIT\AppData\Local\Apps
2009-06-16 16:51 . 2009-06-16 16:51 -------- d-----w- c:\program files\PowerDataRecovery
2009-06-16 16:35 . 2009-06-16 16:35 -------- d-----w- c:\program files\uTorrent
2009-06-16 16:35 . 2009-07-13 01:04 -------- d-----w- c:\users\Mayank360degreesIT\AppData\Roaming\uTorrent
2009-06-16 16:09 . 2009-07-01 15:52 -------- d-----w- C:\hello
2009-06-16 15:19 . 2009-06-16 15:19 8 --sh--r- c:\programdata\B4BD7BC3E6.sys
2009-06-16 15:19 . 2009-07-10 11:29 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2009-06-16 15:19 . 2009-06-16 15:19 -------- d-----w- c:\users\Mayank360degreesIT\AppData\Roaming\Corel
2009-06-16 15:06 . 2009-06-16 15:06 -------- d-----w- c:\program files\Common Files\Protexis
2009-06-16 15:06 . 2009-06-16 15:06 -------- d-----w- c:\programdata\Corel
2009-06-16 15:02 . 2009-06-16 15:02 -------- d-----w- c:\program files\Common Files\Corel
2009-06-16 15:01 . 2009-06-16 15:01 -------- d-----w- c:\program files\Corel
2009-06-16 12:36 . 2009-06-16 12:36 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-16 12:35 . 2009-02-12 09:35 38208 ----a-w- c:\users\Mayank360degreesIT\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-16 12:35 . 2009-06-16 12:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-16 12:32 . 2009-06-16 16:10 -------- d-----w- c:\users\Mayank360degreesIT\AppData\Local\Adobe
2009-06-16 12:32 . 2009-06-16 12:32 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-06-16 12:32 . 2009-06-18 14:00 -------- d-----w- c:\programdata\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 12:32 . 2009-07-11 12:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-07-10 15:01 . 2009-05-29 14:46 -------- d-----w- c:\program files\Optifocus 9
2009-07-09 21:21 . 2009-05-26 14:10 -------- d-----w- c:\programdata\avg8
2009-06-29 11:06 . 2009-05-26 14:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-29 11:06 . 2009-05-26 14:10 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 11:06 . 2009-05-26 14:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-23 19:47 . 2009-05-26 14:03 -------- d-----w- c:\program files\Yahoo!
2009-06-23 16:09 . 2009-06-23 16:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-06-22 21:15 . 2009-05-26 14:04 -------- d-----w- c:\users\Mayank360degreesIT\AppData\Roaming\TeamViewer
2009-06-10 11:20 . 2009-06-10 11:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-09 19:41 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-06-09 19:41 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-06-09 19:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-09 19:40 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-06-09 19:40 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-06-09 19:40 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-09 19:40 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-06-09 19:24 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-09 19:12 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-06-09 19:12 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-06-09 18:15 . 2009-06-09 19:00 47560 ----a-w- c:\windows\system32\SPReview.exe
2009-06-09 18:15 . 2009-06-09 19:00 152576 ----a-w- c:\windows\system32\SPWizUI.dll
2009-06-07 13:49 . 2009-06-07 13:49 -------- d-----w- c:\users\Mayank360degreesIT\AppData\Roaming\Vodafone
2009-06-07 13:49 . 2009-06-07 13:49 -------- d-----w- c:\programdata\InstallShield
2009-06-07 13:49 . 2009-06-07 13:49 -------- d-----w- c:\programdata\Vodafone
2009-06-07 13:48 . 2009-05-25 22:16 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-03 15:41 . 2009-06-03 15:41 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-03 15:40 . 2009-05-29 14:38 -------- d-----w- c:\program files\Microsoft.NET
2009-06-03 15:32 . 2009-06-03 15:31 -------- d-----w- c:\users\Mayank360degreesIT\AppData\Roaming\Tatara Systems
2009-06-03 15:23 . 2009-06-03 15:23 -------- d-----w- c:\programdata\O2CM-CE
2009-06-03 15:23 . 2009-06-03 15:23 -------- d-----w- c:\programdata\Novatel Wireless
2009-06-03 15:23 . 2009-06-03 15:23 -------- d-----w- c:\program files\O2CM-CE
2009-05-30 19:38 . 2009-05-30 19:38 -------- d-----w- c:\program files\TeamViewer
2009-05-30 16:06 . 2009-05-30 16:06 -------- d-----w- c:\program files\Microsoft
2009-05-30 16:06 . 2009-05-30 16:05 -------- d-----w- c:\program files\Windows Live
2009-05-30 16:06 . 2009-05-30 16:06 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-30 16:02 . 2009-05-30 16:02 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-29 14:44 . 2009-05-29 14:04 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-29 14:43 . 2009-05-29 14:41 -------- d-----w- c:\programdata\Microsoft Help
2009-05-29 13:08 . 2009-05-29 13:08 -------- d-----w- c:\program files\QS
2009-05-27 12:01 . 2009-05-27 12:01 -------- d-----w- c:\programdata\Storm
2009-05-27 03:34 . 2009-05-27 03:34 2772992 ----a-w- c:\windows\system32\NETw4r32.dll
2009-05-27 03:34 . 2009-05-27 03:34 684032 ----a-w- c:\windows\system32\NETw4c32.dll
2009-05-27 03:34 . 2009-05-27 03:34 2595840 ----a-w- c:\windows\system32\drivers\NETw2v32.sys
2009-05-27 03:23 . 2009-05-27 03:23 -------- d-----w- c:\program files\Lavalys
2009-05-26 14:10 . 2009-05-26 14:10 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-26 14:10 . 2009-05-26 14:10 -------- d-----w- c:\program files\AVG
2009-05-26 14:04 . 2009-05-26 14:03 -------- d-----w- c:\programdata\Yahoo!
2009-05-26 14:04 . 2009-05-26 14:04 -------- d-----w- c:\users\Mayank360degreesIT\AppData\Roaming\Yahoo!
2009-05-26 00:50 . 2009-05-26 00:50 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-05-26 00:50 . 2009-05-26 00:50 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-05-26 00:50 . 2009-05-26 00:50 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-05-26 00:50 . 2009-05-26 00:50 272896 ----a-w- c:\windows\system32\polstore.dll
2009-05-26 00:48 . 2009-05-26 00:48 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-05-26 00:47 . 2009-05-26 00:47 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-05-26 00:46 . 2009-05-26 00:46 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-26 00:45 . 2009-05-26 00:45 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-05-26 00:45 . 2009-05-26 00:45 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-05-26 00:44 . 2009-05-26 00:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-05-26 00:44 . 2009-05-26 00:44 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-26 00:44 . 2009-05-26 00:44 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-05-26 00:43 . 2009-05-26 00:43 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-05-26 00:43 . 2009-05-26 00:43 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-05-26 00:43 . 2009-05-26 00:43 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-05-26 00:41 . 2009-05-26 00:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-26 00:39 . 2009-05-26 00:39 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-05-26 00:39 . 2009-05-26 00:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-05-26 00:39 . 2009-05-26 00:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-05-26 00:37 . 2009-05-26 00:37 2927104 ----a-w- c:\windows\explorer.exe
2009-05-26 00:33 . 2009-05-26 00:33 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll
2009-05-26 00:31 . 2009-05-26 07:34 4152184 ----a-w- c:\windows\system32\wgaer_m.exe
2009-05-26 00:29 . 2009-05-26 00:29 9728 ----a-w- c:\windows\system32\lsass.exe
2009-05-26 00:29 . 2009-05-26 00:29 72704 ----a-w- c:\windows\system32\secur32.dll
2009-05-26 00:29 . 2009-05-26 00:29 441400 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-05-26 00:29 . 2009-05-26 00:29 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-05-26 00:29 . 2009-05-26 00:29 24064 ----a-w- c:\windows\system32\amxread.dll
2009-05-26 00:29 . 2009-05-26 00:29 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-05-26 00:29 . 2009-05-26 00:29 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-05-26 00:29 . 2009-05-26 00:29 37888 ----a-w- c:\windows\system32\printcom.dll
2009-05-26 00:28 . 2009-05-26 00:28 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-05-26 00:28 . 2009-05-26 00:28 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-05-26 00:27 . 2009-05-26 00:27 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-05-26 00:26 . 2009-05-26 00:26 268288 ----a-w- c:\windows\system32\schannel.dll
2009-05-26 00:25 . 2009-05-26 00:25 2868736 ----a-w- c:\windows\system32\mf.dll
2009-05-26 00:25 . 2009-05-26 00:25 98816 ----a-w- c:\windows\system32\mfps.dll
2009-05-26 00:25 . 2009-05-26 00:25 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-05-26 00:25 . 2009-05-26 00:25 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-05-26 00:25 . 2009-05-26 00:25 2048 ----a-w- c:\windows\system32\mferror.dll
2009-05-26 00:25 . 2009-05-26 00:25 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-05-26 00:25 . 2009-05-26 00:25 94720 ----a-w- c:\windows\system32\logagent.exe
2009-05-26 00:25 . 2009-05-26 00:25 84480 ----a-w- c:\windows\system32\INETRES.dll
2009-05-26 00:25 . 2009-05-26 00:25 738304 ----a-w- c:\windows\system32\inetcomm.dll
2009-05-26 00:24 . 2009-05-26 00:24 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 00:24 . 2009-05-26 00:24 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-05-26 00:21 . 2009-05-26 00:21 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-05-26 00:21 . 2009-05-26 00:21 1334272 ----a-w- c:\windows\system32\msxml6.dll
2009-05-26 00:18 . 2009-05-26 00:18 72704 ----a-w- c:\windows\system32\admparse.dll
2009-05-26 00:18 . 2009-05-26 00:18 827392 ----a-w- c:\windows\system32\wininet.dll
2009-05-26 00:18 . 2009-05-26 00:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-05-26 00:18 . 2009-05-26 00:18 48128 ----a-w- c:\windows\system32\mshtmler.dll
2007-07-11 15:27 . 2006-11-22 14:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-06-16 287536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-25 7514656]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"O2Start"="c:\program files\O2CM-CE\O2 Connection Manager\tscui.exe" [2009-06-05 2973696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-25 148888]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2109681120-3538766472-2272629055-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{388CC9F5-DF06-4700-B0BA-3867B6FFFA7A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C39CECFC-A194-47B3-BB56-9F67EC81B642}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{25E8C3CE-8E8D-4EB4-8D7A-CA50A2946346}c:\\users\\mayank360degreesit\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\mayank360degreesit\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"UDP Query User{2DBB9D54-672A-42F0-B80D-3A4DCE15FA52}c:\\users\\mayank360degreesit\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\mayank360degreesit\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"{D440CE90-4D29-4E04-935F-85B07DC73AD5}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{E67072E6-2439-436A-AD42-A2FE8123B316}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{5F58057D-D3CE-4B41-B499-3C23CAAFA4C7}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{CE9A2963-DFC8-4841-BAE1-A3C20D419900}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BA393FBB-0631-4308-84A4-8E873F19826E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{86E351BB-D836-4C38-B835-6E4ED19622F2}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{3F9B626F-37F9-4204-80EB-82FAF79672FA}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{104C557C-E13F-4AC0-AB91-05798F3FD2AD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{9C5C7520-A9F4-4270-B681-A9DFDF423875}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D6228E71-6077-4C87-B2FE-ED05B3D7C63E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [5/26/2009 3:10 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [5/26/2009 3:10 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/26/2009 3:10 PM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/26/2009 3:10 PM 298776]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [5/18/2009 2:13 PM 185640]
R3 NETw2v32;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [5/27/2009 4:34 AM 2595840]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [7/7/2009 1:09 PM 38160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AC018590-FBBD-4789-A15B-FFBBBE6C8965}]
rundll32 bekbn.dll,InitO
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mayank360degreesIT\AppData\Roaming\Mozilla\Firefox\Profiles\cpecyevi.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 02:03
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-07-13 2:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-13 01:10

Pre-Run: 16,606,150,656 bytes free
Post-Run: 16,480,346,112 bytes free

296 --- E O F --- 2009-05-26 00:50

thanks for all ur help my friend

Edited by mikekumar, 14 July 2009 - 09:21 AM.


#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:52 AM

Posted 14 July 2009 - 06:15 PM

Hi mike,

So far, so good. :thumbup2:

Now we will look for stragglers.

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post even if it finds nothing.
You can refer to this animation by sundavis if needed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:52 AM

Posted 24 July 2009 - 09:56 PM

This thread will now be closed due to lack of feedback.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users