Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this log Analysis-Help


  • This topic is locked This topic is locked
25 replies to this topic

#1 Newbie1011

Newbie1011

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 12 January 2011 - 07:49 AM

Hi

I am suspecting that I have a virus in my system

I am posting the log file

Thanks for the trouble

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:01:14 PM, on 01/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Shravan\Desktop\Installer Files\Utilities\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://netbanking.hdfcbank.com/netbanking/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2E343AA-8D15-44B6-A2AE-3076852D3246}: NameServer = 202.144.95.4,202.144.66.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ast Service - Nalpeiron Ltd. - C:\WINDOWS\system32\\AstSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Relyon License Manager .Net (RLMDNService) - Unknown owner - C:\Program Files\Common Files\RelyonSoft\RLMDNService.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7766 bytes

Edited by Newbie1011, 12 January 2011 - 07:50 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 18 January 2011 - 12:27 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 18 January 2011 - 08:18 PM

DDS (Ver_10-12-12.02) - NTFSx86
Run by Shravan at 6:39:44.29 on 01/19/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1259 [GMT 5.5:30]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Shravan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shravan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shravan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shravan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://netbanking.hdfcbank.com/netbanking/
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [SifyBB] c:\program files\sify broadband\BBImpSec.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: {C2E343AA-8D15-44B6-A2AE-3076852D3246} = 202.144.95.4,202.144.66.6
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shravan\applic~1\mozilla\firefox\profiles\mt1apikf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13
FF - component: c:\documents and settings\shravan\application data\mozilla\firefox\profiles\mt1apikf.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\shravan\application data\mozilla\firefox\profiles\mt1apikf.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\shravan\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\nokia\nokia pc suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-14 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-8 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-8 27576]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-14 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-14 267944]
R2 Ast Service;Ast Service;c:\windows\system32\AstSrv.exe [2010-6-9 57344]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-14 61960]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-4-8 1771288]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-4-14 20968]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-7-26 20328]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-8-25 312152]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-26 136176]
S2 RLMDNService;Relyon License Manager .Net;"c:\program files\common files\relyonsoft\rlmdnservice.exe" --> c:\program files\common files\relyonsoft\RLMDNService.exe [?]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\shravan\locals~1\temp\alsysio.sys --> c:\docume~1\shravan\locals~1\temp\ALSysIO.sys [?]

=============== Created Last 30 ================

2011-01-13 03:39:52 -------- d-----w- c:\docume~1\shravan\locals~1\applic~1\Conduit
2010-12-26 00:48:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\cApBj08200
2010-12-21 02:49:13 -------- d-----w- c:\program files\WebSudokuDeluxe

==================== Find3M ====================

2011-01-12 04:14:09 285480 ----a-w- c:\windows\system32\guard32.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 6:41:39.62 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 04/14/2010 9:56:50 AM
System Uptime: 01/19/2011 6:37:02 AM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2N-E
Processor: AMD Athlon™ II X4 620 Processor | Socket AM2 | 2612/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 234 GiB total, 97.972 GiB free.
D: is FIXED (NTFS) - 231 GiB total, 215.844 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 39 GiB total, 10.248 GiB free.
G: is FIXED (NTFS) - 194 GiB total, 41.618 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 9300i
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 9300i
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP254: 10/21/2010 11:26:17 AM - System Checkpoint
RP255: 10/22/2010 11:32:25 AM - System Checkpoint
RP256: 10/25/2010 12:28:00 PM - System Checkpoint
RP257: 10/25/2010 3:34:47 PM - Removed PowerIndiabulls
RP258: 10/25/2010 3:35:07 PM - Installed PowerIndiabulls
RP259: 10/26/2010 4:58:21 PM - System Checkpoint
RP260: 10/27/2010 7:05:34 PM - System Checkpoint
RP261: 10/28/2010 6:25:20 PM - Removed Microsoft Office Professional Plus 2010
RP262: 10/28/2010 6:40:38 PM - Removed Microsoft Office XP Professional with FrontPage
RP263: 10/28/2010 6:42:03 PM - Software Distribution Service 3.0
RP264: 10/28/2010 6:47:01 PM - Installed Microsoft Office XP Professional with FrontPage
RP265: 10/29/2010 6:48:02 AM - Software Distribution Service 3.0
RP266: 10/29/2010 7:20:03 AM - Software Distribution Service 3.0
RP267: 10/29/2010 9:24:03 AM - Installed ODIN DIET 9.1.0.5
RP268: 10/29/2010 9:25:28 AM - Installed ODIN DIET 9.1.0.5
RP269: 10/30/2010 6:31:09 AM - Software Distribution Service 3.0
RP270: 11/01/2010 1:32:48 PM - System Checkpoint
RP271: 11/03/2010 8:41:40 AM - System Checkpoint
RP272: 11/04/2010 12:29:00 PM - System Checkpoint
RP273: 11/06/2010 10:33:24 AM - System Checkpoint
RP274: 11/08/2010 8:50:15 AM - System Checkpoint
RP275: 11/10/2010 8:39:18 AM - System Checkpoint
RP276: 11/11/2010 12:12:24 PM - Software Distribution Service 3.0
RP277: 11/12/2010 9:19:40 AM - Printer Driver PDF reDirect Pro Installed
RP278: 11/14/2010 1:25:45 PM - System Checkpoint
RP279: 11/17/2010 7:55:11 AM - System Checkpoint
RP280: 11/18/2010 10:18:19 AM - System Checkpoint
RP281: 11/20/2010 12:10:19 PM - System Checkpoint
RP282: 11/21/2010 4:31:30 PM - System Checkpoint
RP283: 11/23/2010 7:08:25 AM - System Checkpoint
RP284: 11/24/2010 8:13:12 AM - System Checkpoint
RP285: 11/25/2010 8:17:48 AM - System Checkpoint
RP286: 11/27/2010 7:29:20 AM - System Checkpoint
RP287: 11/29/2010 7:10:47 AM - System Checkpoint
RP288: 11/30/2010 7:30:27 AM - System Checkpoint
RP289: 12/01/2010 11:26:05 AM - System Checkpoint
RP290: 12/02/2010 12:45:52 PM - System Checkpoint
RP291: 12/03/2010 1:26:25 PM - System Checkpoint
RP292: 12/06/2010 11:29:07 AM - System Checkpoint
RP293: 12/06/2010 12:06:03 PM - System Checkpoint
RP294: 12/07/2010 12:14:32 PM - System Checkpoint
RP295: 12/08/2010 4:54:23 PM - System Checkpoint
RP296: 12/10/2010 7:15:09 AM - System Checkpoint
RP297: 12/11/2010 5:40:37 PM - System Checkpoint
RP298: 12/13/2010 8:18:00 AM - System Checkpoint
RP299: 12/14/2010 8:22:50 AM - System Checkpoint
RP300: 12/15/2010 8:24:28 AM - System Checkpoint
RP301: 12/16/2010 11:57:16 AM - System Checkpoint
RP302: 12/16/2010 3:34:33 PM - Software Distribution Service 3.0
RP303: 12/18/2010 7:33:41 AM - System Checkpoint
RP304: 12/20/2010 8:36:43 AM - System Checkpoint
RP305: 12/22/2010 7:14:08 AM - System Checkpoint
RP306: 12/23/2010 12:09:07 PM - System Checkpoint
RP307: 12/24/2010 12:12:45 PM - System Checkpoint
RP308: 12/25/2010 3:15:57 PM - System Checkpoint
RP309: 12/26/2010 6:51:19 AM - Removed System Requirements Lab
RP310: 12/27/2010 10:57:28 AM - System Checkpoint
RP311: 12/29/2010 8:33:07 AM - System Checkpoint
RP312: 12/31/2010 8:46:32 AM - System Checkpoint
RP313: 01/02/2011 7:24:47 AM - System Checkpoint
RP314: 01/03/2011 8:21:46 AM - System Checkpoint
RP315: 01/04/2011 8:41:11 AM - System Checkpoint
RP316: 01/04/2011 2:06:02 PM - Software Distribution Service 3.0
RP317: 01/06/2011 7:13:23 AM - System Checkpoint
RP318: 01/06/2011 10:10:52 AM - Software Distribution Service 3.0
RP319: 01/07/2011 10:54:24 AM - System Checkpoint
RP320: 01/10/2011 8:31:00 AM - System Checkpoint
RP321: 01/11/2011 10:42:22 AM - System Checkpoint
RP322: 01/12/2011 12:04:17 PM - System Checkpoint
RP323: 01/13/2011 5:50:27 AM - Software Distribution Service 3.0
RP324: 01/14/2011 6:51:42 AM - System Checkpoint
RP325: 01/16/2011 7:20:34 AM - System Checkpoint
RP326: 01/17/2011 10:56:23 AM - System Checkpoint
RP327: 01/18/2011 12:04:31 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Advanced SystemCare 3
Age of Empires III
AI Gear
ASUSUpdate
ATI Catalyst Install Manager
ATI Parental Control & Encoder
Avira AntiVir Personal - Free Antivirus
BitTorrent
Bullzip PDF Printer 6.0.0.865
Call of Duty Modern Warfare 2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner
ChartsData v1.1 Limited
COMODO Internet Security
Core Temp version 0.99.8
CPUID CPU-Z 1.55
Daniusoft DVD Creator(Build 1.2.0.4)
Europa Universalis III
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
GPL Ghostscript Lite 8.70
Grand Theft Auto IV
Grand Theft Auto Vice City
GTAIII
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IObit Security 360
Java 2 Runtime Environment, SE v1.4.1_06
Java Auto Updater
Java Web Start
Java™ 6 Update 18
Junk Mail filter update
Malwarebytes' Anti-Malware
MetaStock Professional 10.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Premium
neroxml
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
NVIDIA Drivers
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PC Probe II
PDF reDirect (remove only)
PowerIndiabulls
PunkBuster Services
QuickTime
Rainlendar2 (remove only)
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sid Meier's Civilization 4
Sify Broadband 3.22
SimCity 4 Deluxe
Skype™ 5.1
Smart Defrag
SoundMAX
SpeedFan (remove only)
Spybot - Search & Destroy
SpywareBlaster 4.4
Still Life 2
SUPERAntiSpyware
Tally 9
TeamViewer 5
TeamViewer 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Web Sudoku Deluxe 1.2.2
WebFldrs XP
Windows Driver Package - Nokia Modem (06/09/2010 4.5)
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

01/16/2011 7:35:50 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
01/13/2011 5:46:42 AM, error: Service Control Manager [7000] - The Relyon License Manager .Net service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
>Drivers
==============================================
0xF65D1000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 5017600 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF200000 C:\WINDOWS\System32\ati3duag.dll 3620864 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF574000 C:\WINDOWS\System32\ativvaxx.dll 2224128 bytes (Advanced Micro Devices, Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6A9A000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 1163264 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xBF0FC000 C:\WINDOWS\System32\atikvmag.dll 651264 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBF060000 C:\WINDOWS\System32\ati2cqag.dll 638976 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF71FD000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAE439000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF19B000 C:\WINDOWS\System32\atiok3x2.dll 413696 bytes (Advanced Micro Devices, Inc., Ring 0 x2 component)
0xAE653000 C:\WINDOWS\system32\drivers\Senfilt.sys 393216 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xF6507000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAE566000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAACFD000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xAE6CA000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 311296 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAAEBD000 C:\WINDOWS\system32\DRIVERS\atksgt.sys 274432 bytes
0xAA834000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAE61A000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 233472 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0xF6565000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7358000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF71BA000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAA4A0000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAE4A9000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6BB6000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAE518000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAE373000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF7302000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAE540000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF64C8000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6C01000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6BDE000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAE4F6000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAE4D4000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF72CA000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7328000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF64EC000 C:\WINDOWS\system32\drivers\AtiHdmi.sys 110592 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0xF71A0000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF72EA000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAE6B3000 C:\WINDOWS\system32\drivers\AEAudio.sys 94208 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit))
0xF72A1000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF65A6000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF728A000 WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xF71E7000 inspect.sys 90112 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xAB795000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xAB2F8000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6C25000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF65BD000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAE5BF000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF72B8000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7347000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6595000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF76A7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7547000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7517000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF75C7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7627000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 61440 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xF7557000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAB852000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7617000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF74C7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7527000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7577000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF74A7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7597000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7677000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7537000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7497000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7587000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7487000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF75D7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7567000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 40960 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xF75B7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xAB0F0000 C:\WINDOWS\system32\drivers\cpuz133_x32.sys 36864 bytes (Windows ® Win 7 DDK provider, CPUID Driver)
0xF74B7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7697000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF75A7000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7667000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAA430000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7507000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7657000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF778F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7867000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF784F000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF77AF000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF77E7000 C:\DOCUME~1\Shravan\LOCALS~1\Temp\mbr.sys 28672 bytes
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7797000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 24576 bytes (COMODO, COMODO Internet Security Helper Driver)
0xF7857000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF787F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77A7000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF779F000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7737000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7887000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF782F000 C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20480 bytes
0xF7787000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF786F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7877000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7717000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF785F000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF77B7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAB098000 C:\WINDOWS\system32\drivers\cpuz134_x32.sys 16384 bytes (Windows ® Win 7 DDK provider, CPUID Driver)
0xF7144000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAB73D000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7164000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7168000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7977000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF717C000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF715C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6C39000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79B5000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xF79CD000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF79C5000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF79C3000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79C7000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7A13000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79C9000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF798D000 speedfan.sys 8192 bytes
0xF79B7000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79BF000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7B53000 C:\WINDOWS\system32\drivers\AsIO.sys 4096 bytes
0xF7B13000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7B9E000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A50000 giveio.sys 4096 bytes
0xF7B44000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x06CF0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 102400 bytes
0x06B80000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 102400 bytes
0x00D60000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 110592 bytes
0x05F60000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 110592 bytes
0x00D20000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x88EF2BC0 ] PID: 588, 118784 bytes
0x012C0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 118784 bytes
0x07610000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 1232896 bytes
0x054B0000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 159744 bytes
0x06F30000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 1748992 bytes
0x07CB0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Dashboard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 192512 bytes
0x07840000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 208896 bytes
0x070E0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 217088 bytes
0x07890000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 282624 bytes
0x00EF0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x88EF2BC0 ] PID: 588, 28672 bytes
0x01110000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x88EF2BC0 ] PID: 588, 28672 bytes
0x00D50000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x00D80000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x03A50000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x04860000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x04910000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x048F0000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x04930000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x04A90000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x04CB0000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x05480000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x05490000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x055B0000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x05550000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x05590000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x05700000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x05A60000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x05D90000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x05DF0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x05E60000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x05F30000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x05ED0000 Hidden Image-->DEM.Graphics.I0912.dll [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x05F10000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x06040000 Hidden Image-->DEM.Graphics.I0906.dll [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x060C0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x061E0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x06210000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x06280000 Hidden Image-->DEM.Graphics.I0703.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x06340000 Hidden Image-->atixclib.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x06470000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x06490000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x064C0000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x06650000 Hidden Image-->Branding.dll [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x066D0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x06AA0000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x06A90000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x06BE0000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x06C00000 Hidden Image-->CLI.Caste.HydraVision.Wizard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x06C90000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x06CC0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x07120000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 28672 bytes
0x01130000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x88EF2BC0 ] PID: 588, 307200 bytes
0x00DC0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x88DF9BC0 ] PID: 1532, 307200 bytes
0x079B0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 364544 bytes
0x03830000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x88EF2BC0 ] PID: 588, 36864 bytes
0x03990000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 36864 bytes
0x03A30000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 36864 bytes
0x03E40000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 36864 bytes
0x048E0000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 36864 bytes
0x05470000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 36864 bytes
0x05E00000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 36864 bytes
0x05E10000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 36864 bytes
0x05E80000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 36864 bytes
0x05F80000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 36864 bytes
0x05F90000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 36864 bytes
0x06010000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 36864 bytes
0x06AB0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 36864 bytes
0x06C30000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 36864 bytes
0x054E0000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 389120 bytes
0x07950000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 389120 bytes
0x078E0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 405504 bytes
0x06800000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 413696 bytes
0x06AC0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 421888 bytes
0x06D10000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 421888 bytes
0x00D50000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x88EF2BC0 ] PID: 588, 45056 bytes
0x00DC0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x88EF2BC0 ] PID: 588, 45056 bytes
0x03800000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x88EF2BC0 ] PID: 588, 45056 bytes
0x00D20000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 45056 bytes
0x00D40000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 45056 bytes
0x00E20000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 45056 bytes
0x03A70000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 45056 bytes
0x05E70000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 45056 bytes
0x05EC0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 45056 bytes
0x04CC0000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x88DF9BC0 ] PID: 1532, 454656 bytes
0x03A40000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 53248 bytes
0x03E30000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 53248 bytes
0x04890000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 53248 bytes
0x04A80000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 53248 bytes
0x05DB0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 53248 bytes
0x05DE0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 53248 bytes
0x05E20000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 53248 bytes
0x05E50000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 53248 bytes
0x06080000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 53248 bytes
0x067F0000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 53248 bytes
0x06BC0000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 53248 bytes
0x06870000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 585728 bytes
0x07A20000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 585728 bytes
0x03A10000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 61440 bytes
0x05EB0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 61440 bytes
0x05FC0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 61440 bytes
0x05FE0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 61440 bytes
0x06200000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 61440 bytes
0x07D00000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 667648 bytes
0x03960000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 69632 bytes
0x039F0000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 69632 bytes
0x05FA0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 69632 bytes
0x06090000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 69632 bytes
0x06450000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 69632 bytes
0x07CE0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 69632 bytes
0x06590000 Hidden Image-->ResourceManagement.Foundation.Implementation.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 749568 bytes
0x00DD0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x88EF2BC0 ] PID: 588, 77824 bytes
0x00D90000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 77824 bytes
0x05D70000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 77824 bytes
0x05E30000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 77824 bytes
0x05F40000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 77824 bytes
0x05FF0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 77824 bytes
0x06050000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 77824 bytes
0x06CD0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 77824 bytes
0x03E10000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x88DF9BC0 ] PID: 1532, 86016 bytes
0x05DC0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 86016 bytes
0x05EF0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 86016 bytes
0x06CA0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 86016 bytes
0x07B90000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x88DF9BC0 ] PID: 1532, 864256 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Edited by Newbie1011, 19 January 2011 - 12:57 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 19 January 2011 - 04:59 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 19 January 2011 - 07:37 AM

ComboFix 11-01-18.04 - Shravan 01/19/2011 17:43:24.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1404 [GMT 5.5:30]
Running from: c:\documents and settings\Shravan\Desktop\Antivirus logs\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Shravan\Start Menu\Programs\System Tool
c:\windows\system\Color
c:\windows\system\Color\15GA.icm
c:\windows\system\Color\15GS-3.icm
c:\windows\system\Color\15GS.icm
c:\windows\system\Color\17EA.icm
c:\windows\system\Color\17GA-2.icm
c:\windows\system\Color\17GA.icm
c:\windows\system\Color\17GS-2.icm
c:\windows\system\Color\17GS.icm
c:\windows\system\Color\17PS-2.icm
c:\windows\system\Color\17PS.icm
c:\windows\system\Color\21ps-2.icm
c:\windows\system\Color\21PS.icm
c:\windows\system\Color\E40-2.icm
c:\windows\system\Color\e40-3.icm
c:\windows\system\Color\E40.icm
c:\windows\system\Color\E41.icm
c:\windows\system\Color\e50.icm
c:\windows\system\Color\E51.icm
c:\windows\system\Color\E641-2.ICM
c:\windows\system\Color\E641-3.icm
c:\windows\system\Color\E651-2.icm
c:\windows\system\Color\E651.icm
c:\windows\system\Color\e653.icm
c:\windows\system\Color\E655-2.icm
c:\windows\system\Color\E655-3.icm
c:\windows\system\Color\e70.icm
c:\windows\system\Color\E71.icm
c:\windows\system\Color\E771-2.icm
c:\windows\system\Color\E771.ICM
c:\windows\system\Color\e773.icm
c:\windows\system\Color\e790.icm
c:\windows\system\Color\e790b.icm
c:\windows\system\Color\EA771.ICM
c:\windows\system\Color\EA771B.ICM
c:\windows\system\Color\G653-2.icm
c:\windows\system\Color\G653.icm
c:\windows\system\Color\g655.icm
c:\windows\system\Color\G771.icm
c:\windows\system\Color\G773-2.icm
c:\windows\system\Color\g773.icm
c:\windows\system\Color\G790.icm
c:\windows\system\Color\G800.icm
c:\windows\system\Color\G810-2.icm
c:\windows\system\Color\G810.icm
c:\windows\system\Color\GA655.ICM
c:\windows\system\Color\GA771.icm
c:\windows\system\Color\gf775.icm
c:\windows\system\Color\GS771.ICM
c:\windows\system\Color\gs773.icm
c:\windows\system\Color\gt775-3.icm
c:\windows\system\Color\GT775.icm
c:\windows\system\Color\GT800.icm
c:\windows\system\Color\m50.icm
c:\windows\system\Color\m70.icm
c:\windows\system\Color\mb110.icm
c:\windows\system\Color\MB50.icm
c:\windows\system\Color\MB70.icm
c:\windows\system\Color\MB90.icm
c:\windows\system\Color\P655.ICM
c:\windows\system\Color\p775.icm
c:\windows\system\Color\P795.icm
c:\windows\system\Color\P810-2.icm
c:\windows\system\Color\P810-3.icm
c:\windows\system\Color\p810-4.icm
c:\windows\system\Color\P810.icm
c:\windows\system\Color\p815-4.icm
c:\windows\system\Color\P815.icm
c:\windows\system\Color\p817-e.icm
c:\windows\system\Color\P817.icm
c:\windows\system\Color\Pj1000.icm
c:\windows\system\Color\pj1200.icm
c:\windows\system\Color\pj800.icm
c:\windows\system\Color\pj820.icm
c:\windows\system\Color\pj850.icm
c:\windows\system\Color\pj860.icm
c:\windows\system\Color\pjl1035.icm
c:\windows\system\Color\Pjl802.icm
c:\windows\system\Color\ps775-2.icm
c:\windows\system\Color\ps775.icm
c:\windows\system\Color\ps790-2.icm
c:\windows\system\Color\ps790.icm
c:\windows\system\Color\pt770.icm
c:\windows\system\Color\PT771.ICM
c:\windows\system\Color\pt775-6.icm
c:\windows\system\Color\PT775.icm
c:\windows\system\Color\pt795.icm
c:\windows\system\Color\PT810-2.icm
c:\windows\system\Color\PT810-3.icm
c:\windows\system\Color\PT810.icm
c:\windows\system\Color\pt813.icm
c:\windows\system\Color\ve150.icm
c:\windows\system\Color\vg150.icm
c:\windows\system\Color\vg180.icm
c:\windows\system\Color\vp140-2.icm
c:\windows\system\Color\vp140.icm
c:\windows\system\Color\VP150.icm
c:\windows\system\Color\vp190.icm
c:\windows\system\Color\VPA138.ICM
c:\windows\system\Color\VPA145.ICM
c:\windows\system\Color\vpa150.icm
c:\windows\system\Color\VPD150.icm
c:\windows\system\Color\vpd180.icm
c:\windows\system32\windir
F:\autorun.inf

c:\windows\regedit.exe . . . is infected!!

c:\windows\system32\midimap.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))
.

2011-01-13 03:39 . 2011-01-13 03:44 -------- d-----w- c:\documents and settings\Shravan\Local Settings\Application Data\Conduit
2010-12-26 00:48 . 2010-12-26 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\cApBj08200
2010-12-21 02:49 . 2010-12-21 02:50 -------- d-----w- c:\program files\WebSudokuDeluxe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-12 04:14 . 2010-04-08 18:26 285480 ----a-w- c:\windows\system32\guard32.dll
2011-01-12 04:13 . 2010-04-08 18:25 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-12 04:13 . 2010-04-08 18:25 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-12 04:13 . 2010-04-08 18:25 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-12 04:13 . 2010-04-08 18:25 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-12-20 12:39 . 2010-04-24 00:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 12:38 . 2010-04-24 00:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 10:34 . 2010-04-14 07:50 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-22 10:15 . 2010-04-14 07:50 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2010-04-14 04:21 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2008-04-13 22:42 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-09 09:05 . 2010-12-10 23:50 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2010-11-06 00:26 . 2008-04-28 09:25 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2008-04-28 09:17 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:26 . 2008-04-26 03:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-03 12:25 . 2008-04-26 03:44 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-13 17:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-04-13 22:39 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2008-04-13 18:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[-] 2008-04-28 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[7] 2008-04-13 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-03-20 . 1CA39C7E1423FF8821664E0E06FEA55E . 343040 . . [7.0.2600.5508] . . c:\windows\system32\msvcrt.dll
[7] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2008-03-20 . F92D8964B5286DE225BD2B6BF89764BE . 578560 . . [5.1.2600.5508] . . c:\windows\system32\user32.dll

[-] 2008-08-18 . 4A90F51B778FA0157F60D206E8B37D2A . 1616384 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-26 . BC298B78B311397B421D4D52B44B49EC . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll


[-] 2008-04-28 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll

c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-01-06 2342400]
"SifyBB"="c:\program files\Sify Broadband\BBImpSec.exe" [2006-07-20 127085]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-19 2548552]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-07 128512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled
backup=c:\windows\pss\Microsoft Office.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-22 23:17 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-14 08:48 136176 ----atw- c:\documents and settings\Shravan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-05-07 10:11 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" /startup
"Google Update"="c:\documents and settings\Shravan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"Core Temp"="c:\documents and settings\Shravan\Desktop\Core Temp.exe"
"SifyBB"=c:\program files\Sify Broadband\BBImpSec.exe
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Pie Dock"="c:\program files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe"
"Viena Explorer"="c:\program files\Windows7\Vienna Explorer\Vienna Explorer.exe"
"Visual Task Tips"="c:\program files\Windows7\VisualTaskTips\VisualTaskTips.exe"
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Ai Gear Help"="c:\program files\ASUS\AI Gear\GearHelp.exe"
"Launch PC Probe II"="c:\program files\ASUS\PC Probe II\Probe2.exe" 1
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\ODIN\\Diet\\dietodin.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\ASUS\\ASUSUpdate\\Update.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Tally\\tally9.exe"=
"g:\\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\\Age of empires C.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1433:TCP"= 1433:TCP:SQL Server TCP

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [04/08/2010 11:55 PM 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [04/08/2010 11:55 PM 27576]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [02/17/2010 11:55 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/11/2010 12:11 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/14/2010 1:20 PM 135336]
R2 Ast Service;Ast Service;c:\windows\system32\AstSrv.exe [06/09/2010 3:11 PM 57344]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [04/14/2010 5:41 PM 20968]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [07/26/2010 4:41 AM 20328]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [08/25/2010 3:26 PM 312152]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/26/2010 7:53 AM 136176]
S2 RLMDNService;Relyon License Manager .Net;"c:\program files\Common Files\RelyonSoft\RLMDNService.exe" --> c:\program files\Common Files\RelyonSoft\RLMDNService.exe [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Shravan\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Shravan\LOCALS~1\Temp\ALSysIO.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/22/2010 5:12 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2011-01-19 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-04-14 09:54]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 02:23]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 02:23]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1275210071-1801674531-1003Core.job
- c:\documents and settings\Shravan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 08:48]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1275210071-1801674531-1003UA.job
- c:\documents and settings\Shravan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 08:48]

2010-08-04 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-14 12:38]
.
.
------- Supplementary Scan -------
.
uStart Page = https://netbanking.hdfcbank.com/netbanking/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: {C2E343AA-8D15-44B6-A2AE-3076852D3246} = 202.144.95.4,202.144.66.6
FF - ProfilePath - c:\documents and settings\Shravan\Application Data\Mozilla\Firefox\Profiles\mt1apikf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-19 17:47
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,65,68,a0,f4,82,e4,4c,b7,d5,e3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,65,68,a0,f4,82,e4,4c,b7,d5,e3,\

[HKEY_USERS\S-1-5-21-57989841-1275210071-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:be,b2,19,24,98,97,7f,09,52,3e,4f,0e,3c,f8,c5,d7,e0,10,1a,d3,82,92,24,
e7,bd,47,75,99,e6,15,bb,a9,37,ae,3d,55,ec,9e,be,5b,b4,54,c8,02,f6,f0,33,49,\
"??"=hex:66,cf,1a,d7,38,fa,f3,7e,ea,2b,cb,f6,c3,1b,c6,e0

[HKEY_USERS\S-1-5-21-57989841-1275210071-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:5b,da,02,6a,2c,4b,f9,6c,0f,7c,59,93,63,a1,d0,b1,d9,17,ed,63,2f,
bd,1b,28,1e,8d,2c,4d,c8,1e,5b,aa,70,d5,54,dd,23,5e,76,28,9a,35,26,1b,27,1c,\
"rkeysecu"=hex:e2,a0,d9,02,7c,da,4c,84,a9,84,01,8c,58,59,16,cf
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\guard32.dll
c:\windows\system32\setupapi.dll
.
Completion time: 2011-01-19 17:48:48
ComboFix-quarantined-files.txt 2011-01-19 12:18

Pre-Run: 105,099,444,224 bytes free
Post-Run: 105,153,560,576 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

- - End Of File - - E3470DB73E16FADA7BE41B7952365209


I have successfully run the combofix as per your advice.
When the computer starts, I get an error message that the Anti virus is turned off which goes away after a few seconds.
This was happening even before i gave you the problem & still persists

Please let me know if the computer has been cleaned or not & if you require any fresh data to ascertain the same

Thanks for helping

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 19 January 2011 - 07:56 AM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
explorer.exe
user32.dll
sfcfiles.dll
winlogon.exe
hnetcfg.dll
ctfmon.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 19 January 2011 - 08:15 AM

SystemLook 04.09.10 by jpshortstuff
Log created at 18:44 on 19/01/2011 by Shravan
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a---- 1616384 bytes [18:17 18/08/2008] [18:17 18/08/2008] 4A90F51B778FA0157F60D206E8B37D2A

Searching for "user32.dll"
C:\WINDOWS\system32\user32.dll --a---- 578560 bytes [18:36 20/03/2008] [18:36 20/03/2008] F92D8964B5286DE225BD2B6BF89764BE

Searching for "sfcfiles.dll"
C:\WINDOWS\system32\sfcfiles.dll --a---- 1614848 bytes [03:58 26/04/2008] [03:58 26/04/2008] BC298B78B311397B421D4D52B44B49EC

Searching for "winlogon.exe"
C:\WINDOWS\system32\winlogon.exe --a---- 547328 bytes [09:24 28/04/2008] [09:24 28/04/2008] A55B8899D2EA2E800061BCFD456E34DC

Searching for "hnetcfg.dll"
C:\WINDOWS\system32\hnetcfg.dll --a---- 368640 bytes [09:19 28/04/2008] [09:19 28/04/2008] A913E1FF4C0BDA15FC542430182EB7B6

Searching for "ctfmon.exe"
No files found.

-= EOF =-

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 19 January 2011 - 10:10 AM

Hello

I want you to download SP3 to your desk top - http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=en


double click it to run it ( I want you to reinstall sp3 to see if it fixes some of your missing files ) keep it on the desktop when complete I may need to extract some files from it


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 20 January 2011 - 07:39 AM

I have downloaded & installed the SP3 again as recommended

The same was installed successfully

Please let me know the next step

Thanks for advising

Edited by Newbie1011, 20 January 2011 - 07:40 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 20 January 2011 - 07:56 AM

please rerun combofix for me now so I can review the new report


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 20 January 2011 - 07:04 PM

The site is not allowing me to post the report saying that it is too long.
Please advise how to post the same

Thanks

#12 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 20 January 2011 - 08:16 PM

I have taken the liberty of attaching the combofix log output as a zip file.
In case this is wrong, please let me know how to post the output
Thanks for advisng

Attached Files



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 20 January 2011 - 09:32 PM

Hello

please post the report - the zip file is empty



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 20 January 2011 - 09:38 PM

I am sorry for the inconvenience
I have added the report inside the zip folder

Thanks for advising

ComboFix 11-01-19.04 - Shravan 01/21/2011 4:48.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1392 [GMT 5.5:30]
Running from: c:\documents and settings\Shravan\Desktop\Antivirus logs\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2010-12-20 to 2011-01-20 )))))))))))))))))))))))))))))))
.

2011-01-20 12:12 . 2008-04-14 00:11 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2011-01-20 12:11 . 2006-12-28 19:01 19569 ----a-w- c:\windows\000001_.tmp
2011-01-20 12:08 . 2011-01-20 12:08 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-01-13 03:39 . 2011-01-13 03:44 -------- d-----w- c:\documents and settings\Shravan\Local Settings\Application Data\Conduit
2010-12-26 00:48 . 2010-12-26 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\cApBj08200

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-12 04:14 . 2010-04-08 18:26 285480 ----a-w- c:\windows\system32\guard32.dll
2011-01-12 04:13 . 2010-04-08 18:25 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-12 04:13 . 2010-04-08 18:25 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-12 04:13 . 2010-04-08 18:25 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-12 04:13 . 2010-04-08 18:25 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-12-20 12:39 . 2010-04-24 00:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 12:38 . 2010-04-24 00:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 10:34 . 2010-04-14 07:50 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-22 10:15 . 2010-04-14 07:50 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2010-04-14 04:21 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2008-04-13 22:42 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-09 09:05 . 2010-12-10 23:50 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2010-11-06 00:26 . 2008-04-28 09:25 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2008-04-28 09:17 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:26 . 2008-04-26 03:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-03 12:25 . 2008-04-26 03:44 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-13 17:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-04-13 22:39 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2008-04-13 18:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2011-01-19_12.17.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-20 12:14 . 2008-04-14 00:11 2113536 c:\windows\ServicePackFiles\i386\dxdiagn.dll
+ 2011-01-20 12:14 . 2008-04-14 00:12 1298432 c:\windows\ServicePackFiles\i386\dxdiag.exe
+ 2011-01-20 12:14 . 2008-04-14 00:11 1227264 c:\windows\ServicePackFiles\i386\dx8vb.dll
+ 2011-01-20 12:13 . 2008-04-14 00:11 1293824 c:\windows\ServicePackFiles\i386\dsound3d.dll
+ 2011-01-20 12:14 . 2008-04-14 00:11 1504256 c:\windows\ServicePackFiles\i386\diskcopy.dll
+ 2011-01-20 12:14 . 2008-04-14 00:11 1054208 c:\windows\ServicePackFiles\i386\danim.dll
+ 2011-01-20 12:14 . 2008-04-14 00:11 1689088 c:\windows\ServicePackFiles\i386\d3d9.dll
+ 2011-01-20 12:13 . 2008-04-14 00:11 1179648 c:\windows\ServicePackFiles\i386\d3d8.dll
+ 2011-01-20 12:13 . 2008-04-14 00:12 1032192 c:\windows\ServicePackFiles\i386\conf.exe
+ 2011-01-20 12:13 . 2008-04-14 00:11 1267200 c:\windows\ServicePackFiles\i386\comsvcs.dll
+ 2011-01-20 12:14 . 2008-04-14 00:11 1358848 c:\windows\ServicePackFiles\i386\cimwin32.dll
+ 2011-01-20 12:14 . 2008-04-14 00:11 2091520 c:\windows\ServicePackFiles\i386\cdosys.dll
+ 2011-01-20 12:14 . 2008-04-14 00:11 1025024 c:\windows\ServicePackFiles\i386\browseui.dll
+ 2011-01-20 12:13 . 2008-04-14 00:11 1888992 c:\windows\ServicePackFiles\i386\ati3duag.dll
+ 2011-01-20 12:14 . 2008-04-14 00:11 1057760 c:\windows\ServicePackFiles\i386\ati3d2ag.dll
+ 2011-01-20 12:14 . 2008-04-14 00:11 1852928 c:\windows\ServicePackFiles\i386\acgenral.dll
+ 2008-08-18 18:17 . 2008-04-14 00:12 1033728 c:\windows\explorer.exe
+ 2011-01-20 12:13 . 2007-04-02 18:39 11053008 c:\windows\ServicePackFiles\i386\msncli.exe
+ 2011-01-20 12:15 . 2008-04-14 00:09 13463552 c:\windows\ServicePackFiles\i386\lang\hwxjpn.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-01-06 2342400]
"SifyBB"="c:\program files\Sify Broadband\BBImpSec.exe" [2006-07-20 127085]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-19 2548552]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-07 128512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled
backup=c:\windows\pss\Microsoft Office.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-22 23:17 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-14 08:48 136176 ----atw- c:\documents and settings\Shravan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-05-07 10:11 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" /startup
"Google Update"="c:\documents and settings\Shravan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"Core Temp"="c:\documents and settings\Shravan\Desktop\Core Temp.exe"
"SifyBB"=c:\program files\Sify Broadband\BBImpSec.exe
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Pie Dock"="c:\program files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe"
"Viena Explorer"="c:\program files\Windows7\Vienna Explorer\Vienna Explorer.exe"
"Visual Task Tips"="c:\program files\Windows7\VisualTaskTips\VisualTaskTips.exe"
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Ai Gear Help"="c:\program files\ASUS\AI Gear\GearHelp.exe"
"Launch PC Probe II"="c:\program files\ASUS\PC Probe II\Probe2.exe" 1
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\ODIN\\Diet\\dietodin.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\ASUS\\ASUSUpdate\\Update.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Tally\\tally9.exe"=
"g:\\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\\Age of empires C.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1433:TCP"= 1433:TCP:SQL Server TCP
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [04/08/2010 11:55 PM 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [04/08/2010 11:55 PM 27576]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [02/17/2010 11:55 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/11/2010 12:11 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/14/2010 1:20 PM 135336]
R2 Ast Service;Ast Service;c:\windows\system32\AstSrv.exe [06/09/2010 3:11 PM 57344]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [04/14/2010 5:41 PM 20968]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [07/26/2010 4:41 AM 20328]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [08/25/2010 3:26 PM 312152]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/26/2010 7:53 AM 136176]
S2 RLMDNService;Relyon License Manager .Net;"c:\program files\Common Files\RelyonSoft\RLMDNService.exe" --> c:\program files\Common Files\RelyonSoft\RLMDNService.exe [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Shravan\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Shravan\LOCALS~1\Temp\ALSysIO.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/22/2010 5:12 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2011-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 02:23]

2011-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 02:23]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1275210071-1801674531-1003Core.job
- c:\documents and settings\Shravan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 08:48]

2011-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1275210071-1801674531-1003UA.job
- c:\documents and settings\Shravan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 08:48]
.
.
------- Supplementary Scan -------
.
uStart Page = https://netbanking.hdfcbank.com/netbanking/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: {C2E343AA-8D15-44B6-A2AE-3076852D3246} = 202.144.95.4,202.144.66.6
FF - ProfilePath - c:\documents and settings\Shravan\Application Data\Mozilla\Firefox\Profiles\mt1apikf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-21 04:51
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,65,68,a0,f4,82,e4,4c,b7,d5,e3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,65,68,a0,f4,82,e4,4c,b7,d5,e3,\

[HKEY_USERS\S-1-5-21-57989841-1275210071-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:be,b2,19,24,98,97,7f,09,52,3e,4f,0e,3c,f8,c5,d7,e0,10,1a,d3,82,92,24,
e7,bd,47,75,99,e6,15,bb,a9,37,ae,3d,55,ec,9e,be,5b,b4,54,c8,02,f6,f0,33,49,\
"??"=hex:66,cf,1a,d7,38,fa,f3,7e,ea,2b,cb,f6,c3,1b,c6,e0

[HKEY_USERS\S-1-5-21-57989841-1275210071-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:5b,da,02,6a,2c,4b,f9,6c,0f,7c,59,93,63,a1,d0,b1,d9,17,ed,63,2f,
bd,1b,28,1e,8d,2c,4d,c8,1e,5b,aa,70,d5,54,dd,23,5e,76,28,9a,35,26,1b,27,1c,\
"rkeysecu"=hex:e2,a0,d9,02,7c,da,4c,84,a9,84,01,8c,58,59,16,cf
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(776)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-21 04:53:23
ComboFix-quarantined-files.txt 2011-01-20 23:23
ComboFix2.txt 2011-01-19 12:18

Pre-Run: 103,907,618,816 bytes free
Post-Run: 103,912,177,664 bytes free

- - End Of File - - 3CAC456BDC390679F7C5840F9C8642B3

Attached Files


Edited by gringo_pr, 20 January 2011 - 09:43 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 20 January 2011 - 09:47 PM

Hello

That looks alot better!!!!

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.1
Java 2 Runtime Environment, SE v1.4.1_06
Java Web Start



and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users