Jump to content

Infected by virus


Recommended Posts

Hi,

My system is affected by virus. I have followed the preliminary steps . Here are my logs:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Vidhya at 13:03:58 on 2012-03-16

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1809 [GMT -4:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: AVG Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k eapsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\IBM\SQLLIB\bin\db2dasrrm.exe

C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\DRIVERS\o2flash.exe

C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe

C:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe

C:\Program Files\IBM\SQLLIB\BIN\db2fmp.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\All Users\Application Data\eYryLom6muHhor.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

uRun: [Akamai NetSession Interface] "c:\documents and settings\vidhya\local settings\application data\akamai\netsession_win.exe"

uRun: [itibiti.exe] c:\program files\itibiti soft phone\Itibiti.exe

uRun: [ApacheTomcatMonitor7.0_Tomcat7] "c:\program files\apache software foundation\tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [MFARestart] "c:\documents and settings\all users\application data\mfadata\pack\avgrunasx.exe" /usereg

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [DB2COPY1 - db2systray.exe DB2] c:\progra~1\ibm\sqllib\bin\db2systray.exe DB2

mRun: [HWllHxOwIMY.exe] c:\documents and settings\all users\application data\HWllHxOwIMY.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic="&"inst=NzctNzAyMjA0Mjc5LVZJUCsxLUZMMTArMS1ERFQrMzM4OTYtVFVHKzMtREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCKzEtRlVJKzItRjEwVEIrMi1TVDEwVEJGKzE"&"prod=0"&"ver=10.0.1416

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mRunOnce: [innoSetupRegFile.0000000001] "c:\windows\is-HNUHG.exe" /REG /REGSVRMODE

StartupFolder: c:\docume~1\vidhya\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://usnjym03.tcs.com/dwa8W.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 172.20.24.1

TCP: Interfaces\{3278EBCC-BD6A-4644-8F5F-D055857AADAB} : DhcpNameServer = 172.20.24.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\vidhya\application data\mozilla\firefox\profiles\2k5zys0a.default\

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: browser.startup.homepage - hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=20120311587E4F7486570026FA31FD98

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z133&form=ZGAADF&install_date=20110908&q=

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-1-3 108392]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-1-3 108392]

R2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\program files\ibm\sqllib\bin\db2mgmtsvc.exe [2011-11-22 37736]

R2 DB2REMOTECMD_DB2COPY1;DB2 Remote Command Server (DB2COPY1);c:\program files\ibm\sqllib\bin\db2rcmd.exe [2011-11-22 34664]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-16 652360]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-1-3 1839776]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-16 20464]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-16 40776]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120315.002\NAVENG.SYS [2012-3-15 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120315.002\NAVEX15.SYS [2012-3-15 1576312]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2012-1-21 51288]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2012-1-21 43608]

R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2011-3-26 141376]

R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2011-3-26 7424]

R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2011-3-26 235200]

S0 cerc6;cerc6; [x]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-28 136176]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [?]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-1-3 23888]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]

S3 DB2GOVERNOR_DB2COPY1;DB2 Governor (DB2COPY1);c:\program files\ibm\sqllib\bin\db2govds.exe [2011-11-22 23912]

S3 DB2LICD_DB2COPY1;DB2 License Server (DB2COPY1);c:\program files\ibm\sqllib\bin\db2licd.exe [2011-11-22 128360]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-28 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]

S3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys --> c:\windows\system32\drivers\pbsaudrv.sys [?]

S3 Tomcat7;Apache Tomcat 7;"c:\program files\apache software foundation\tomcat 7.0\bin\tomcat7.exe" //rs//tomcat7 --> c:\program files\apache software foundation\tomcat 7.0\bin\tomcat7.exe [?]

.

=============== Created Last 30 ================

.

2012-03-16 16:42:37 709968 ----a-w- c:\windows\is-HNUHG.exe

2012-03-16 16:41:09 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-03-16 15:29:35 -------- d--h--w- c:\documents and settings\vidhya\application data\Malwarebytes

2012-03-16 15:29:27 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-03-16 15:29:26 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-16 15:29:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-16 13:44:06 427032 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-03-16 05:38:58 -------- d--h--w- c:\documents and settings\vidhya\local settings\application data\blekkotb

2012-03-16 04:27:25 337920 ---ha-w- c:\documents and settings\all users\application data\eYryLom6muHhor.exe

2012-03-16 04:24:56 428544 ---ha-w- c:\documents and settings\all users\application data\HWllHxOwIMY.exe

2012-03-11 18:30:27 -------- d--h--w- c:\program files\Rampant Logic Postscript Viewer

2012-03-09 14:35:51 -------- d--h--w- c:\program files\spring-framework-3.1.1.RELEASE

2012-03-05 16:04:43 -------- d--h--w- c:\documents and settings\vidhya\application data\Evaer

2012-03-05 16:00:58 70656 ---ha-w- c:\windows\system32\yv12vfw.dll

2012-03-05 16:00:58 413760 ---ha-w- c:\windows\system32\MPG4c32.dll

2012-03-05 16:00:58 352256 ---ha-w- c:\windows\system32\lame.ax

2012-03-05 16:00:57 -------- d--h--w- c:\program files\Supertintin for Skype

2012-03-03 17:01:24 -------- d--h--w- c:\program files\apache-log4j-1.2.16

2012-02-28 16:40:01 -------- d--h--w- c:\documents and settings\vidhya\application data\LyX2.0

2012-02-28 16:35:56 -------- d--h--w- c:\program files\LyX20

2012-02-28 16:04:46 -------- d--h--w- c:\documents and settings\vidhya\application data\MiKTeX

2012-02-28 16:04:30 -------- d--h--w- c:\documents and settings\vidhya\local settings\application data\MiKTeX

2012-02-28 16:00:57 -------- d--h--w- c:\documents and settings\vidhya\application data\WinEdt Team

2012-02-23 22:57:45 -------- d--h--w- c:\program files\WinEdt Team

2012-02-23 22:47:35 -------- d--h--w- c:\documents and settings\all users\application data\MiKTeX

2012-02-23 22:45:32 -------- d--h--w- c:\program files\MiKTeX 2.8

2012-02-19 04:21:00 -------- d--h--w- c:\documents and settings\vidhya\application data\GetRightToGo

.

==================== Find3M ====================

.

2012-03-07 01:38:06 60 ---ha-w- c:\windows\wpd99.drv

2012-02-11 14:56:02 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22:18 1860096 ---ha-w- c:\windows\system32\win32k.sys

2012-01-23 23:21:37 356352 ---ha-w- c:\windows\system32\AegisI5Installer.exe

2012-01-20 19:40:08 60808 ---ha-w- c:\windows\system32\S32EVNT1.DLL

2012-01-20 19:40:08 125488 ---ha-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-01-11 19:06:47 3072 ---h--w- c:\windows\system32\iacenc.dll

2012-01-09 16:20:25 139784 ---ha-w- c:\windows\system32\drivers\rdpwd.sys

2012-01-07 14:22:08 460800 ---ha-w- c:\windows\system32\LAVSplitter.ax

2012-01-07 14:22:04 448000 ---ha-w- c:\windows\system32\LAVVideo.ax

2012-01-07 14:22:04 212992 ---ha-w- c:\windows\system32\LAVAudio.ax

2012-01-07 14:22:00 172032 ---ha-w- c:\windows\system32\libbluray.dll

2012-01-07 14:21:50 6366094 ---ha-w- c:\windows\system32\avcodec-lav-53.dll

2012-01-07 14:21:50 354979 ---ha-w- c:\windows\system32\swscale-lav-2.dll

2012-01-07 14:21:50 203306 ---ha-w- c:\windows\system32\avutil-lav-51.dll

2012-01-07 14:21:50 138727 ---ha-w- c:\windows\system32\avfilter-lav-2.dll

2012-01-07 14:21:50 1007151 ---ha-w- c:\windows\system32\avformat-lav-53.dll

2012-01-07 14:20:24 142336 ---ha-w- c:\windows\system32\IntelQuickSyncDecoder.dll

2011-12-19 06:31:00 160256 ---ha-w- c:\windows\system32\xvid.ax

2011-12-17 19:46:36 916992 ---ha-w- c:\windows\system32\wininet.dll

2011-12-17 19:46:36 43520 ---h--w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46:36 1469440 ---h--w- c:\windows\system32\inetcpl.cpl

.

============= FINISH: 13:11:42.12 ===============

I have all my important college work stored in my laptop. I would be very grateful if you could help resolve the issue.

Thanks,

Vani

attach.zip

Link to post
Share on other sites

  • Replies 77
  • Created
  • Last Reply

Top Posters In This Topic

Hello Vani! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictlya and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following application: Yontoo Layers Runtime 1.10.01 .

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites

Hi Maniac,

Thanks a lot for your reply.

I tried the instructions stated above.

  • I was unable to remove Yantoo Layers Runtime . It reports 'Initailisation Set up error' when I tried to uninstall it. Also, it states it occupies 0 kb in my system.
  • I ran the malwarebytes after updation. I have copy pasted the logs
  • malwarebytes log :

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.01.13.04

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

Vidhya :: VIDHYA-8F36C4A7 [administrator]

Protection: Disabled

3/16/2012 11:32:30 AM

mbam-log-2012-03-16 (11-32-30).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 409222

Time elapsed: 1 hour(s), 3 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 2

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.FakeVLC) -> Quarantined and deleted successfully.

HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 9

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 6

C:\Documents and Settings\Vidhya\Local Settings\Temp\ICReinstall\cnet2_PCI_Install_5719_0331_zip[1].exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.

C:\Documents and Settings\Vidhya\Local Settings\Temp\ICReinstall\cnet2_R35845_EXE[1].exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.

C:\Documents and Settings\Vidhya\Local Settings\Temp\ICReinstall\cnet2_setup_exe[1].exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.

C:\Documents and Settings\Vidhya\Local Settings\Temp\ICReinstall\cnet_PSViewerSetup_exe.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.

C:\Personal\College\FrenzSent\VidSent\toef\setup.exe (Trojan.FakeVLC) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-2147135071-1417001333-1003\Dc798.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.

(end)

DDS Log :

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Vidhya at 18:57:11 on 2012-03-16

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1708 [GMT -4:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: AVG Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k eapsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\OEM13Mon.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\WINDOWS\system32\WLTRAY.exe

C:\PROGRA~1\IBM\SQLLIB\BIN\db2systray.exe

C:\Documents and Settings\All Users\Application Data\HWllHxOwIMY.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IBM\SQLLIB\bin\db2dasrrm.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\DRIVERS\o2flash.exe

C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe

C:\Documents and Settings\All Users\Application Data\eYryLom6muHhor.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe

C:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\IBM\SQLLIB\BIN\db2fmp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

uRun: [Akamai NetSession Interface] "c:\documents and settings\vidhya\local settings\application data\akamai\netsession_win.exe"

uRun: [itibiti.exe] c:\program files\itibiti soft phone\Itibiti.exe

uRun: [ApacheTomcatMonitor7.0_Tomcat7] "c:\program files\apache software foundation\tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [MFARestart] "c:\documents and settings\all users\application data\mfadata\pack\avgrunasx.exe" /usereg

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [DB2COPY1 - db2systray.exe DB2] c:\progra~1\ibm\sqllib\bin\db2systray.exe DB2

mRun: [HWllHxOwIMY.exe] c:\documents and settings\all users\application data\HWllHxOwIMY.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic="&"inst=NzctNzAyMjA0Mjc5LVZJUCsxLUZMMTArMS1ERFQrMzM4OTYtVFVHKzMtREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCKzEtRlVJKzItRjEwVEIrMi1TVDEwVEJGKzE"&"prod=0"&"ver=10.0.1416

StartupFolder: c:\docume~1\vidhya\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

uPolicies-explorer: NoDesktop = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://usnjym03.tcs.com/dwa8W.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 172.20.48.1

TCP: Interfaces\{3278EBCC-BD6A-4644-8F5F-D055857AADAB} : DhcpNameServer = 172.20.48.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\vidhya\application data\mozilla\firefox\profiles\2k5zys0a.default\

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: browser.startup.homepage - hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=20120311587E4F7486570026FA31FD98

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z133&form=ZGAADF&install_date=20110908&q=

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-1-3 108392]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-1-3 108392]

R2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\program files\ibm\sqllib\bin\db2mgmtsvc.exe [2011-11-22 37736]

R2 DB2REMOTECMD_DB2COPY1;DB2 Remote Command Server (DB2COPY1);c:\program files\ibm\sqllib\bin\db2rcmd.exe [2011-11-22 34664]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-16 652360]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-1-3 1839776]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-16 20464]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-16 40776]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120315.002\NAVENG.SYS [2012-3-15 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120315.002\NAVEX15.SYS [2012-3-15 1576312]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2012-1-21 51288]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2012-1-21 43608]

R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2011-3-26 141376]

R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2011-3-26 7424]

R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2011-3-26 235200]

S0 cerc6;cerc6; [x]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-28 136176]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [?]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-1-3 23888]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]

S3 DB2GOVERNOR_DB2COPY1;DB2 Governor (DB2COPY1);c:\program files\ibm\sqllib\bin\db2govds.exe [2011-11-22 23912]

S3 DB2LICD_DB2COPY1;DB2 License Server (DB2COPY1);c:\program files\ibm\sqllib\bin\db2licd.exe [2011-11-22 128360]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-28 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]

S3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys --> c:\windows\system32\drivers\pbsaudrv.sys [?]

S3 Tomcat7;Apache Tomcat 7;"c:\program files\apache software foundation\tomcat 7.0\bin\tomcat7.exe" //rs//tomcat7 --> c:\program files\apache software foundation\tomcat 7.0\bin\tomcat7.exe [?]

.

=============== Created Last 30 ================

.

2012-03-16 22:18:06 40776 ---ha-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-03-16 15:29:35 -------- d--h--w- c:\documents and settings\vidhya\application data\Malwarebytes

2012-03-16 15:29:27 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes

2012-03-16 15:29:26 20464 ---ha-w- c:\windows\system32\drivers\mbam.sys

2012-03-16 15:29:26 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware

2012-03-16 13:44:06 427032 ---ha-w- c:\windows\system32\PerfStringBackup.TMP

2012-03-16 05:38:58 -------- d--h--w- c:\documents and settings\vidhya\local settings\application data\blekkotb

2012-03-16 04:27:25 337920 ---ha-w- c:\documents and settings\all users\application data\eYryLom6muHhor.exe

2012-03-16 04:24:56 428544 ---ha-w- c:\documents and settings\all users\application data\HWllHxOwIMY.exe

2012-03-11 18:30:27 -------- d--h--w- c:\program files\Rampant Logic Postscript Viewer

2012-03-09 14:35:51 -------- d--h--w- c:\program files\spring-framework-3.1.1.RELEASE

2012-03-05 16:04:43 -------- d--h--w- c:\documents and settings\vidhya\application data\Evaer

2012-03-05 16:00:58 70656 ---ha-w- c:\windows\system32\yv12vfw.dll

2012-03-05 16:00:58 413760 ---ha-w- c:\windows\system32\MPG4c32.dll

2012-03-05 16:00:58 352256 ---ha-w- c:\windows\system32\lame.ax

2012-03-05 16:00:57 -------- d--h--w- c:\program files\Supertintin for Skype

2012-03-03 17:01:24 -------- d--h--w- c:\program files\apache-log4j-1.2.16

2012-02-28 16:40:01 -------- d--h--w- c:\documents and settings\vidhya\application data\LyX2.0

2012-02-28 16:35:56 -------- d--h--w- c:\program files\LyX20

2012-02-28 16:04:46 -------- d--h--w- c:\documents and settings\vidhya\application data\MiKTeX

2012-02-28 16:04:30 -------- d--h--w- c:\documents and settings\vidhya\local settings\application data\MiKTeX

2012-02-28 16:00:57 -------- d--h--w- c:\documents and settings\vidhya\application data\WinEdt Team

2012-02-23 22:57:45 -------- d--h--w- c:\program files\WinEdt Team

2012-02-23 22:47:35 -------- d--h--w- c:\documents and settings\all users\application data\MiKTeX

2012-02-23 22:45:32 -------- d--h--w- c:\program files\MiKTeX 2.8

2012-02-19 04:21:00 -------- d--h--w- c:\documents and settings\vidhya\application data\GetRightToGo

.

==================== Find3M ====================

.

2012-03-07 01:38:06 60 ---ha-w- c:\windows\wpd99.drv

2012-02-11 14:56:02 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22:18 1860096 ---ha-w- c:\windows\system32\win32k.sys

2012-01-23 23:21:37 356352 ---ha-w- c:\windows\system32\AegisI5Installer.exe

2012-01-20 19:40:08 60808 ---ha-w- c:\windows\system32\S32EVNT1.DLL

2012-01-20 19:40:08 125488 ---ha-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-01-11 19:06:47 3072 ---h--w- c:\windows\system32\iacenc.dll

2012-01-09 16:20:25 139784 ---ha-w- c:\windows\system32\drivers\rdpwd.sys

2012-01-07 14:22:08 460800 ---ha-w- c:\windows\system32\LAVSplitter.ax

2012-01-07 14:22:04 448000 ---ha-w- c:\windows\system32\LAVVideo.ax

2012-01-07 14:22:04 212992 ---ha-w- c:\windows\system32\LAVAudio.ax

2012-01-07 14:22:00 172032 ---ha-w- c:\windows\system32\libbluray.dll

2012-01-07 14:21:50 6366094 ---ha-w- c:\windows\system32\avcodec-lav-53.dll

2012-01-07 14:21:50 354979 ---ha-w- c:\windows\system32\swscale-lav-2.dll

2012-01-07 14:21:50 203306 ---ha-w- c:\windows\system32\avutil-lav-51.dll

2012-01-07 14:21:50 138727 ---ha-w- c:\windows\system32\avfilter-lav-2.dll

2012-01-07 14:21:50 1007151 ---ha-w- c:\windows\system32\avformat-lav-53.dll

2012-01-07 14:20:24 142336 ---ha-w- c:\windows\system32\IntelQuickSyncDecoder.dll

2011-12-19 06:31:00 160256 ---ha-w- c:\windows\system32\xvid.ax

.

============= FINISH: 19:04:40.32 ===============

Attach file :

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/26/2011 8:34:15 PM

System Uptime: 3/16/2012 6:05:16 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0H528C

Processor: Intel® Core2 Duo CPU T5670 @ 1.80GHz | U2E1 | 1795/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 177.462 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Biometric Coprocessor

Device ID: USB\VID_0483&PID_2016\5&2E2FDE5C&0&1

Manufacturer:

Name: Biometric Coprocessor

PNP Device ID: USB\VID_0483&PID_2016\5&2E2FDE5C&0&1

Service:

.

==== System Restore Points ===================

.

RP180: 12/19/2011 10:04:15 AM - System Checkpoint

RP181: 12/21/2011 10:07:04 AM - System Checkpoint

RP182: 12/21/2011 11:52:05 AM - Installed Akamai NetSession Interface

RP183: 12/21/2011 11:59:41 AM - Removed Microsoft Visual C++ 2005 Redistributable

RP184: 12/21/2011 12:01:02 PM - Installed Microsoft Visual C++ 2005 Redistributable

RP185: 12/24/2011 8:37:47 AM - System Checkpoint

RP186: 12/25/2011 12:03:02 PM - System Checkpoint

RP187: 12/31/2011 8:01:54 PM - System Checkpoint

RP188: 1/3/2012 2:51:59 PM - System Checkpoint

RP189: 1/3/2012 8:46:12 PM - Removed Ask Toolbar.

RP190: 1/3/2012 8:50:37 PM - Removed Optimum Link.

RP191: 1/3/2012 8:52:48 PM - Removed SplitMediaLabs VH Screen Capture Driver (x86)

RP192: 1/3/2012 8:53:49 PM - Removed TextPad 5.

RP193: 1/3/2012 8:54:29 PM - Removed TOEFL Sample Questions.

RP194: 1/3/2012 8:54:59 PM - Removed Visual CertExam Manager

RP195: 1/4/2012 10:25:20 PM - System Checkpoint

RP196: 1/6/2012 8:58:32 PM - Installed Splashtop Streamer

RP197: 1/8/2012 9:53:38 AM - Installed WeatherBug

RP198: 1/8/2012 10:03:41 AM - Removed ASPCA Reminder by We-Care.com v5.0.5.1

RP199: 1/8/2012 10:05:01 AM - Removed GIMP

RP200: 1/8/2012 10:07:07 AM - Removed WeatherBug

RP201: 1/10/2012 10:08:02 AM - System Checkpoint

RP202: 1/10/2012 11:11:15 AM - Removed Batch PDF Merger

RP203: 1/10/2012 11:14:46 AM - Removed Lizardtech DjVu Control

RP204: 1/10/2012 11:16:50 AM - Removed Splashtop Streamer

RP205: 1/11/2012 8:33:49 AM - Software Distribution Service 3.0

RP206: 1/12/2012 8:38:27 AM - Software Distribution Service 3.0

RP207: 1/13/2012 8:06:51 PM - System Checkpoint

RP208: 1/20/2012 2:38:34 PM - Installed Symantec Endpoint Protection.

RP209: 1/20/2012 8:03:15 PM - Software Distribution Service 3.0

RP210: 1/20/2012 8:51:47 PM - Removed AVG 2011

RP211: 1/20/2012 8:52:52 PM - Removed AVG 2011

RP212: 1/20/2012 9:59:41 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver

RP213: 1/21/2012 11:22:41 AM - Configured REALTEK GbE & FE Ethernet PCI-E NIC Driver

RP214: 1/21/2012 1:04:15 PM - Removed O2Micro Flash Memory Card Reader Driver (x86).

RP215: 1/21/2012 1:04:35 PM - Removed REALTEK GbE & FE Ethernet PCI-E NIC Driver

RP216: 1/21/2012 1:10:43 PM - Installed O2Micro Flash Memory Card Reader Driver (x86).

RP217: 1/21/2012 1:17:53 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver

RP218: 1/21/2012 2:19:32 PM - Removed O2Micro Flash Memory Card Reader Driver (x86).

RP219: 1/21/2012 2:19:48 PM - Removed REALTEK GbE & FE Ethernet PCI-E NIC Driver

RP220: 1/21/2012 2:25:45 PM - Installed O2Micro Flash Memory Card Reader Driver (x86).

RP221: 1/21/2012 2:48:20 PM - Installed REALTEK GbE & FE Ethernet PCI NIC Driver

RP222: 1/21/2012 2:51:31 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver

RP223: 1/21/2012 3:10:45 PM - Installed Intel® PROSet/Wireless Software for Bluetooth® Technology

RP224: 1/21/2012 6:32:15 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver

RP225: 1/23/2012 5:54:08 AM - Printer Driver Xerox Phaser 5500DT PS Installed

RP226: 1/23/2012 6:27:38 PM - Removed Intel® PROSet/Wireless Software for Bluetooth® Technology

RP227: 1/23/2012 6:33:39 PM - Removed REALTEK GbE & FE Ethernet PCI NIC Driver

RP228: 1/27/2012 3:10:39 PM - System Checkpoint

RP229: 1/31/2012 3:57:52 PM - System Checkpoint

RP230: 2/3/2012 1:43:45 PM - System Checkpoint

RP231: 2/5/2012 2:39:01 PM - Installed DB2 Express-C - DB2COPY1

RP232: 2/6/2012 2:25:47 PM - Installed SSH Secure Shell

RP233: 2/6/2012 3:04:29 PM - Removed Bonjour

RP234: 2/6/2012 3:06:23 PM - Removed SSH Secure Shell

RP235: 2/6/2012 4:13:07 PM - Installed Secure Download Manager

RP236: 2/6/2012 5:49:24 PM - Removed Secure Download Manager

RP237: 2/6/2012 5:49:48 PM - Installed Secure Download Manager

RP238: 2/7/2012 7:38:49 PM - System Checkpoint

RP239: 2/7/2012 10:56:06 PM - Removed Adobe Community Help

RP240: 2/7/2012 10:56:20 PM - Removed Adobe Download Assistant

RP241: 2/7/2012 10:59:03 PM - Removed Adobe Widget Browser

RP242: 2/10/2012 8:41:25 PM - System Checkpoint

RP243: 2/11/2012 9:51:44 AM - Installed Intel Cilk++ SDK (1.1.0.8504)

RP244: 2/11/2012 9:54:10 AM - Installed Cilk++ SDK Examples (1.1.0.8504)

RP245: 2/14/2012 7:08:45 AM - System Checkpoint

RP246: 2/15/2012 12:06:46 AM - Software Distribution Service 3.0

RP247: 2/16/2012 2:54:43 AM - System Checkpoint

RP248: 2/16/2012 3:00:20 AM - Software Distribution Service 3.0

RP249: 2/18/2012 11:41:49 PM - Removed Cilk++ SDK Examples (1.1.0.8504)

RP250: 2/18/2012 11:43:17 PM - Removed Intel Cilk++ SDK (1.1.0.8504)

RP251: 2/19/2012 12:03:30 AM - Installed Microsoft Visio Professional 2010

RP252: 2/20/2012 7:59:42 AM - Software Distribution Service 3.0

RP253: 2/23/2012 11:41:27 PM - System Checkpoint

RP254: 2/29/2012 9:31:35 AM - System Checkpoint

RP255: 3/2/2012 1:08:13 PM - System Checkpoint

RP256: 3/4/2012 9:15:00 AM - System Checkpoint

RP257: 3/5/2012 11:03:34 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

RP258: 3/7/2012 8:11:03 PM - System Checkpoint

RP259: 3/9/2012 12:27:38 PM - System Checkpoint

RP260: 3/11/2012 2:47:46 PM - System Checkpoint

RP261: 3/12/2012 8:55:57 PM - System Checkpoint

RP262: 3/13/2012 9:58:56 PM - System Checkpoint

RP263: 3/14/2012 9:11:30 AM - Software Distribution Service 3.0

RP264: 3/15/2012 3:14:25 PM - System Checkpoint

RP265: 3/16/2012 3:39:04 PM - Installed Ad-Aware

.

==== Installed Programs ======================

.

.

A-PDF to Black/White

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.2)

Apache Tomcat 7.0 (remove only)

Apache Tomcat 7.0 Tomcat7 (remove only)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MG5200 series MP Drivers

Canon MG5200 series User Registration

Canon MP Navigator EX 4.0

Canon My Printer

Canon Solution Menu EX

Compare It!

DB2 Express-C - DB2COPY1

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Resource CD

Dell Wireless WLAN Card

Free NaturalReader

Google Talk (remove only)

Google Update Helper

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

IBM Data Studio Administration Client

Intel® Graphics Media Accelerator Driver

Itibiti RTC

iTunes

J2SE Runtime Environment 5.0 Update 6

Java Auto Updater

Java DB 10.6.2.1

Java 6 Update 24

Java SE Development Kit 6

Java SE Development Kit 6 Update 24

Java SE Runtime Environment 6

Laptop Integrated Webcam Driver (1.00.01.0108)

LiveUpdate 3.3 (Symantec Corporation)

LyX 2.0.2-1

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Visio 2010

Microsoft Office Visio MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft Visio 2010 Service Pack 1 (SP1)

Microsoft Visio Professional 2010

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MiKTeX 2.8

Mozilla Firefox 8.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Notepad++

O2Micro Flash Memory Card Reader Driver (x86)

PDF Combine

Pdf995

Pharos

Picasa 3

QuickTime

Rampant Logic Postscript Viewer 1.1

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

Secure Download Manager

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Skype™ 5.3

Snagit 10.0.1

Symantec Endpoint Protection

System Requirements Lab for Intel

TeamViewer 6

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Wascana C/C++ IDE for Windows

WebFldrs XP

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

WinEdt 6

WinRAR 4.01 (32-bit)

Yahoo! Messenger

Yontoo Layers Runtime 1.10.01

.

==== Event Viewer Messages From Past Week ========

.

3/9/2012 1:48:14 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{3278EBCC-BD6A-4644-8F5F-D055857AADAB} because another computer on the network has the same name. The server could not start.

3/9/2012 1:48:14 PM, error: NetBT [4321] - The name "VIDHYA-8F36C4A7:20" could not be registered on the Interface with IP address 172.25.69.58. The machine with the IP address 129.49.2.138 did not allow the name to be claimed by this machine.

3/9/2012 1:48:11 PM, error: NetBT [4321] - The name "VIDHYA-8F36C4A7:0" could not be registered on the Interface with IP address 172.25.69.58. The machine with the IP address 129.49.2.138 did not allow the name to be claimed by this machine.

3/16/2012 3:38:12 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

3/16/2012 2:29:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSP SRTSPX SYMTDI Tcpip

3/16/2012 2:29:03 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

3/16/2012 2:29:03 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/16/2012 2:29:03 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/16/2012 2:29:03 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

3/16/2012 2:29:03 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/16/2012 2:27:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

3/16/2012 12:30:28 AM, error: Dhcp [1002] - The IP address lease 172.25.69.58 for the Network Card with network address 00242B3447E1 has been denied by the DHCP server 172.20.24.1 (The DHCP Server sent a DHCPNACK message).

3/16/2012 11:29:49 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm SPBBCDrv SRTSP SRTSPX SYMTDI

3/16/2012 11:28:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

3/16/2012 11:28:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/15/2012 11:05:47 AM, error: Dhcp [1002] - The IP address lease 129.49.127.219 for the Network Card with network address 00242B3447E1 has been denied by the DHCP server 172.20.24.1 (The DHCP Server sent a DHCPNACK message).

3/14/2012 9:30:06 AM, error: Service Control Manager [7000] - The vToolbarUpdater service failed to start due to the following error: The system cannot find the file specified.

3/14/2012 6:57:29 PM, error: Dhcp [1002] - The IP address lease 172.25.53.46 for the Network Card with network address 00242B3447E1 has been denied by the DHCP server 172.20.24.1 (The DHCP Server sent a DHCPNACK message).

3/11/2012 12:07:17 AM, error: Dhcp [1002] - The IP address lease 172.25.69.58 for the Network Card with network address 00242B3447E1 has been denied by the DHCP server 172.24.1.2 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Link to post
Share on other sites

Hi maniac,

I am extremely sorry for my mistake. Sometime before I did the check in safe mode. I attached that log ..Here is my correct log. Sorry for this.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.01.13.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Vidhya :: VIDHYA-8F36C4A7 [administrator]

Protection: Enabled

3/16/2012 6:19:27 PM

mbam-log-2012-03-16 (18-19-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 221845

Time elapsed: 17 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 7

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Let me know for any..thanks..

Link to post
Share on other sites

Hi Maniac,

Here is my DDS file :

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Vidhya at 9:51:33 on 2012-03-17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2067 [GMT -4:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: AVG Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k eapsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\OEM13Mon.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\IBM\SQLLIB\bin\db2dasrrm.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\PROGRA~1\IBM\SQLLIB\BIN\db2systray.exe

C:\Documents and Settings\All Users\Application Data\HWllHxOwIMY.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\DRIVERS\o2flash.exe

C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Documents and Settings\All Users\Application Data\eYryLom6muHhor.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe

C:\Program Files\IBM\SQLLIB\BIN\db2fmp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

uRun: [Akamai NetSession Interface] "c:\documents and settings\vidhya\local settings\application data\akamai\netsession_win.exe"

uRun: [itibiti.exe] c:\program files\itibiti soft phone\Itibiti.exe

uRun: [ApacheTomcatMonitor7.0_Tomcat7] "c:\program files\apache software foundation\tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [MFARestart] "c:\documents and settings\all users\application data\mfadata\pack\avgrunasx.exe" /usereg

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [DB2COPY1 - db2systray.exe DB2] c:\progra~1\ibm\sqllib\bin\db2systray.exe DB2

mRun: [HWllHxOwIMY.exe] c:\documents and settings\all users\application data\HWllHxOwIMY.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic="&"inst=NzctNzAyMjA0Mjc5LVZJUCsxLUZMMTArMS1ERFQrMzM4OTYtVFVHKzMtREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCKzEtRlVJKzItRjEwVEIrMi1TVDEwVEJGKzE"&"prod=0"&"ver=10.0.1416

StartupFolder: c:\docume~1\vidhya\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

uPolicies-explorer: NoDesktop = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://usnjym03.tcs.com/dwa8W.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 172.20.48.1

TCP: Interfaces\{3278EBCC-BD6A-4644-8F5F-D055857AADAB} : DhcpNameServer = 172.20.48.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\vidhya\application data\mozilla\firefox\profiles\2k5zys0a.default\

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: browser.startup.homepage - hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=20120311587E4F7486570026FA31FD98

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z133&form=ZGAADF&install_date=20110908&q=

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-1-3 108392]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-1-3 108392]

R2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\program files\ibm\sqllib\bin\db2mgmtsvc.exe [2011-11-22 37736]

R2 DB2REMOTECMD_DB2COPY1;DB2 Remote Command Server (DB2COPY1);c:\program files\ibm\sqllib\bin\db2rcmd.exe [2011-11-22 34664]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-16 652360]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-1-3 1839776]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-16 20464]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120315.002\NAVENG.SYS [2012-3-15 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120315.002\NAVEX15.SYS [2012-3-15 1576312]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2012-1-21 51288]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2012-1-21 43608]

R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2011-3-26 141376]

R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2011-3-26 7424]

R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2011-3-26 235200]

S0 cerc6;cerc6; [x]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-28 136176]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [?]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-1-3 23888]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]

S3 DB2GOVERNOR_DB2COPY1;DB2 Governor (DB2COPY1);c:\program files\ibm\sqllib\bin\db2govds.exe [2011-11-22 23912]

S3 DB2LICD_DB2COPY1;DB2 License Server (DB2COPY1);c:\program files\ibm\sqllib\bin\db2licd.exe [2011-11-22 128360]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-28 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]

S3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys --> c:\windows\system32\drivers\pbsaudrv.sys [?]

S3 Tomcat7;Apache Tomcat 7;"c:\program files\apache software foundation\tomcat 7.0\bin\tomcat7.exe" //rs//tomcat7 --> c:\program files\apache software foundation\tomcat 7.0\bin\tomcat7.exe [?]

.

=============== Created Last 30 ================

.

2012-03-17 13:15:51 -------- d-sh--w- C:\found.000

2012-03-16 15:29:35 -------- d--h--w- c:\documents and settings\vidhya\application data\Malwarebytes

2012-03-16 15:29:27 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes

2012-03-16 15:29:26 20464 ---ha-w- c:\windows\system32\drivers\mbam.sys

2012-03-16 15:29:26 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware

2012-03-16 13:44:06 427032 ---ha-w- c:\windows\system32\PerfStringBackup.TMP

2012-03-16 05:38:58 -------- d--h--w- c:\documents and settings\vidhya\local settings\application data\blekkotb

2012-03-16 04:27:25 337920 ---ha-w- c:\documents and settings\all users\application data\eYryLom6muHhor.exe

2012-03-16 04:24:56 428544 ---ha-w- c:\documents and settings\all users\application data\HWllHxOwIMY.exe

2012-03-11 18:30:27 -------- d--h--w- c:\program files\Rampant Logic Postscript Viewer

2012-03-09 14:35:51 -------- d--h--w- c:\program files\spring-framework-3.1.1.RELEASE

2012-03-05 16:04:43 -------- d--h--w- c:\documents and settings\vidhya\application data\Evaer

2012-03-05 16:00:58 70656 ---ha-w- c:\windows\system32\yv12vfw.dll

2012-03-05 16:00:58 413760 ---ha-w- c:\windows\system32\MPG4c32.dll

2012-03-05 16:00:58 352256 ---ha-w- c:\windows\system32\lame.ax

2012-03-05 16:00:57 -------- d--h--w- c:\program files\Supertintin for Skype

2012-03-03 17:01:24 -------- d--h--w- c:\program files\apache-log4j-1.2.16

2012-02-28 16:40:01 -------- d--h--w- c:\documents and settings\vidhya\application data\LyX2.0

2012-02-28 16:35:56 -------- d--h--w- c:\program files\LyX20

2012-02-28 16:04:46 -------- d--h--w- c:\documents and settings\vidhya\application data\MiKTeX

2012-02-28 16:04:30 -------- d--h--w- c:\documents and settings\vidhya\local settings\application data\MiKTeX

2012-02-28 16:00:57 -------- d--h--w- c:\documents and settings\vidhya\application data\WinEdt Team

2012-02-23 22:57:45 -------- d--h--w- c:\program files\WinEdt Team

2012-02-23 22:47:35 -------- d--h--w- c:\documents and settings\all users\application data\MiKTeX

2012-02-23 22:45:32 -------- d--h--w- c:\program files\MiKTeX 2.8

2012-02-19 04:21:00 -------- d--h--w- c:\documents and settings\vidhya\application data\GetRightToGo

.

==================== Find3M ====================

.

2012-03-07 01:38:06 60 ---ha-w- c:\windows\wpd99.drv

2012-02-11 14:56:02 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22:18 1860096 ---ha-w- c:\windows\system32\win32k.sys

2012-01-23 23:21:37 356352 ---ha-w- c:\windows\system32\AegisI5Installer.exe

2012-01-20 19:40:08 60808 ---ha-w- c:\windows\system32\S32EVNT1.DLL

2012-01-20 19:40:08 125488 ---ha-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-01-11 19:06:47 3072 ---h--w- c:\windows\system32\iacenc.dll

2012-01-09 16:20:25 139784 ---ha-w- c:\windows\system32\drivers\rdpwd.sys

2012-01-07 14:22:08 460800 ---ha-w- c:\windows\system32\LAVSplitter.ax

2012-01-07 14:22:04 448000 ---ha-w- c:\windows\system32\LAVVideo.ax

2012-01-07 14:22:04 212992 ---ha-w- c:\windows\system32\LAVAudio.ax

2012-01-07 14:22:00 172032 ---ha-w- c:\windows\system32\libbluray.dll

2012-01-07 14:21:50 6366094 ---ha-w- c:\windows\system32\avcodec-lav-53.dll

2012-01-07 14:21:50 354979 ---ha-w- c:\windows\system32\swscale-lav-2.dll

2012-01-07 14:21:50 203306 ---ha-w- c:\windows\system32\avutil-lav-51.dll

2012-01-07 14:21:50 138727 ---ha-w- c:\windows\system32\avfilter-lav-2.dll

2012-01-07 14:21:50 1007151 ---ha-w- c:\windows\system32\avformat-lav-53.dll

2012-01-07 14:20:24 142336 ---ha-w- c:\windows\system32\IntelQuickSyncDecoder.dll

2011-12-19 06:31:00 160256 ---ha-w- c:\windows\system32\xvid.ax

.

============= FINISH: 9:59:08.93 ===============

Thanks,

Vani

Link to post
Share on other sites

Yes, I see them in your DDS log file. In your previous post:

http://forums.malwarebytes.org/index.php?showtopic=107388&view=findpost&p=535519

You are posting a log file from Malwarebytes' Anti-Malware in Normal mode, but it was made yesterday, but a database of 4 days, which in fighting malware is really long. I would like again to check in normal mode with an updated database to see if they are no longer added to the database Malwarebytes' Anti-Malware.

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-malware log
  • a new fresh DDS log file

Link to post
Share on other sites

Hi Maniac,

Yesterday, I performed the steps and updated accordingly and then ran the malwarebytes .

I find one thing here ..

When I update, it says Updating malware Connecting to server , then a pop up you have the latest database version . Again Connecting to server and you have the latest datbase version so on and on ... I did this yesterday too. Should I run malware again now? Please let me know..

Link to post
Share on other sites

Please do the following:


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Next, try again.

Link to post
Share on other sites

Hi maniac,

I have done the clean up and downloaded and installed from the link that you gave.

But my version indicates as 1/13/2012 . When I click update the problem occurs. I am not able to connect to Internet from laptop. I am downloading the executables from another computer and installing using flash drive.

Is there any means by which I can download the latest version directly instead of connecting to Internet and updating?

Thanks

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Hi Maniac,

I am running combofix now. While running it tried to contact microsoft site for creating the recovery console. But it stopped that actipon since it could not connect to internet. I am connected to internet but cannot access any site. Now it has continued with the malware detection process. Is tis fine? Please let me know.

Thanks,

Vani

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.