vanijayram Posted March 16, 2012 ID:535378 Share Posted March 16, 2012 Hi,My system is affected by virus. I have followed the preliminary steps . Here are my logs:.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702Run by Vidhya at 13:03:58 on 2012-03-16Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1809 [GMT -4:00].AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}FW: AVG Firewall *Disabled*.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\System32\svchost.exe -k eapsvcsC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\System32\svchost.exe -k dot3svcC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\IBM\SQLLIB\bin\db2dasrrm.exeC:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\system32\DRIVERS\o2flash.exeC:\PROGRA~1\PHAROS~1\Core\CTskMstr.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exeC:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exeC:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exeC:\Program Files\IBM\SQLLIB\BIN\db2fmp.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Documents and Settings\All Users\Application Data\eYryLom6muHhor.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\WINDOWS\system32\taskmgr.exeC:\WINDOWS\system32\taskmgr.exeC:\WINDOWS\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://google.com/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/ieuDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: H - No FilemURLSearchHooks: H - No FileBHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dllBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dllBHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLLBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dllTB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dllTB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dllTB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dllTB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileTB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"uRun: [Akamai NetSession Interface] "c:\documents and settings\vidhya\local settings\application data\akamai\netsession_win.exe"uRun: [itibiti.exe] c:\program files\itibiti soft phone\Itibiti.exeuRun: [ApacheTomcatMonitor7.0_Tomcat7] "c:\program files\apache software foundation\tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"mRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [MFARestart] "c:\documents and settings\all users\application data\mfadata\pack\avgrunasx.exe" /useregmRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exemRun: [vProt] "c:\program files\avg secure search\vprot.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logonmRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logonmRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [DB2COPY1 - db2systray.exe DB2] c:\progra~1\ibm\sqllib\bin\db2systray.exe DB2mRun: [HWllHxOwIMY.exe] c:\documents and settings\all users\application data\HWllHxOwIMY.exemRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic="&"inst=NzctNzAyMjA0Mjc5LVZJUCsxLUZMMTArMS1ERFQrMzM4OTYtVFVHKzMtREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCKzEtRlVJKzItRjEwVEIrMi1TVDEwVEJGKzE"&"prod=0"&"ver=10.0.1416mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentmRunOnce: [innoSetupRegFile.0000000001] "c:\windows\is-HNUHG.exe" /REG /REGSVRMODEStartupFolder: c:\docume~1\vidhya\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXEIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllDPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://usnjym03.tcs.com/dwa8W.cabDPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CABDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 172.20.24.1TCP: Interfaces\{3278EBCC-BD6A-4644-8F5F-D055857AADAB} : DhcpNameServer = 172.20.24.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dllNotify: igfxcui - igfxdev.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\vidhya\application data\mozilla\firefox\profiles\2k5zys0a.default\FF - prefs.js: browser.search.selectedEngine - BlekkoFF - prefs.js: browser.startup.homepage - hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=20120311587E4F7486570026FA31FD98FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z133&form=ZGAADF&install_date=20110908&q=FF - prefs.js: network.proxy.type - 4FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLLFF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLLFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLLFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dllFF - plugin: c:\windows\system32\tvuax\npTVUAx.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - true============= SERVICES / DRIVERS ===============.R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-1-3 108392]R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-1-3 108392]R2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\program files\ibm\sqllib\bin\db2mgmtsvc.exe [2011-11-22 37736]R2 DB2REMOTECMD_DB2COPY1;DB2 Remote Command Server (DB2COPY1);c:\program files\ibm\sqllib\bin\db2rcmd.exe [2011-11-22 34664]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-16 652360]R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-1-3 1839776]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-16 20464]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-16 40776]R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120315.002\NAVENG.SYS [2012-3-15 86136]R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120315.002\NAVEX15.SYS [2012-3-15 1576312]R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2012-1-21 51288]R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2012-1-21 43608]R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2011-3-26 141376]R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2011-3-26 7424]R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2011-3-26 235200]S0 cerc6;cerc6; [x]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-28 136176]S2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [?]S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-1-3 23888]S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]S3 DB2GOVERNOR_DB2COPY1;DB2 Governor (DB2COPY1);c:\program files\ibm\sqllib\bin\db2govds.exe [2011-11-22 23912]S3 DB2LICD_DB2COPY1;DB2 License Server (DB2COPY1);c:\program files\ibm\sqllib\bin\db2licd.exe [2011-11-22 128360]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-28 136176]S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]S3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys --> c:\windows\system32\drivers\pbsaudrv.sys [?]S3 Tomcat7;Apache Tomcat 7;"c:\program files\apache software foundation\tomcat 7.0\bin\tomcat7.exe" //rs//tomcat7 --> c:\program files\apache software foundation\tomcat 7.0\bin\tomcat7.exe [?].=============== Created Last 30 ================.2012-03-16 16:42:37 709968 ----a-w- c:\windows\is-HNUHG.exe2012-03-16 16:41:09 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2012-03-16 15:29:35 -------- d--h--w- c:\documents and settings\vidhya\application data\Malwarebytes2012-03-16 15:29:27 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2012-03-16 15:29:26 20464 ----a-w- c:\windows\system32\drivers\mbam.sys2012-03-16 15:29:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-03-16 13:44:06 427032 ----a-w- c:\windows\system32\PerfStringBackup.TMP2012-03-16 05:38:58 -------- d--h--w- c:\documents and settings\vidhya\local settings\application data\blekkotb2012-03-16 04:27:25 337920 ---ha-w- c:\documents and settings\all users\application data\eYryLom6muHhor.exe2012-03-16 04:24:56 428544 ---ha-w- c:\documents and settings\all users\application data\HWllHxOwIMY.exe2012-03-11 18:30:27 -------- d--h--w- c:\program files\Rampant Logic Postscript Viewer2012-03-09 14:35:51 -------- d--h--w- c:\program files\spring-framework-3.1.1.RELEASE2012-03-05 16:04:43 -------- d--h--w- c:\documents and settings\vidhya\application data\Evaer2012-03-05 16:00:58 70656 ---ha-w- c:\windows\system32\yv12vfw.dll2012-03-05 16:00:58 413760 ---ha-w- c:\windows\system32\MPG4c32.dll2012-03-05 16:00:58 352256 ---ha-w- c:\windows\system32\lame.ax2012-03-05 16:00:57 -------- d--h--w- c:\program files\Supertintin for Skype2012-03-03 17:01:24 -------- d--h--w- c:\program files\apache-log4j-1.2.162012-02-28 16:40:01 -------- d--h--w- c:\documents and settings\vidhya\application data\LyX2.02012-02-28 16:35:56 -------- d--h--w- c:\program files\LyX202012-02-28 16:04:46 -------- d--h--w- c:\documents and settings\vidhya\application data\MiKTeX2012-02-28 16:04:30 -------- d--h--w- c:\documents and settings\vidhya\local settings\application data\MiKTeX2012-02-28 16:00:57 -------- d--h--w- c:\documents and settings\vidhya\application data\WinEdt Team2012-02-23 22:57:45 -------- d--h--w- c:\program files\WinEdt Team2012-02-23 22:47:35 -------- d--h--w- c:\documents and settings\all users\application data\MiKTeX2012-02-23 22:45:32 -------- d--h--w- c:\program files\MiKTeX 2.82012-02-19 04:21:00 -------- d--h--w- c:\documents and settings\vidhya\application data\GetRightToGo.==================== Find3M ====================.2012-03-07 01:38:06 60 ---ha-w- c:\windows\wpd99.drv2012-02-11 14:56:02 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-02-03 09:22:18 1860096 ---ha-w- c:\windows\system32\win32k.sys2012-01-23 23:21:37 356352 ---ha-w- c:\windows\system32\AegisI5Installer.exe2012-01-20 19:40:08 60808 ---ha-w- c:\windows\system32\S32EVNT1.DLL2012-01-20 19:40:08 125488 ---ha-w- c:\windows\system32\drivers\SYMEVENT.SYS2012-01-11 19:06:47 3072 ---h--w- c:\windows\system32\iacenc.dll2012-01-09 16:20:25 139784 ---ha-w- c:\windows\system32\drivers\rdpwd.sys2012-01-07 14:22:08 460800 ---ha-w- c:\windows\system32\LAVSplitter.ax2012-01-07 14:22:04 448000 ---ha-w- c:\windows\system32\LAVVideo.ax2012-01-07 14:22:04 212992 ---ha-w- c:\windows\system32\LAVAudio.ax2012-01-07 14:22:00 172032 ---ha-w- c:\windows\system32\libbluray.dll2012-01-07 14:21:50 6366094 ---ha-w- c:\windows\system32\avcodec-lav-53.dll2012-01-07 14:21:50 354979 ---ha-w- c:\windows\system32\swscale-lav-2.dll2012-01-07 14:21:50 203306 ---ha-w- c:\windows\system32\avutil-lav-51.dll2012-01-07 14:21:50 138727 ---ha-w- c:\windows\system32\avfilter-lav-2.dll2012-01-07 14:21:50 1007151 ---ha-w- c:\windows\system32\avformat-lav-53.dll2012-01-07 14:20:24 142336 ---ha-w- c:\windows\system32\IntelQuickSyncDecoder.dll2011-12-19 06:31:00 160256 ---ha-w- c:\windows\system32\xvid.ax2011-12-17 19:46:36 916992 ---ha-w- c:\windows\system32\wininet.dll2011-12-17 19:46:36 43520 ---h--w- c:\windows\system32\licmgr10.dll2011-12-17 19:46:36 1469440 ---h--w- c:\windows\system32\inetcpl.cpl.============= FINISH: 13:11:42.12 ===============I have all my important college work stored in my laptop. I would be very grateful if you could help resolve the issue.Thanks,Vaniattach.zip Link to post Share on other sites More sharing options...
Maniac Posted March 16, 2012 ID:535400 Share Posted March 16, 2012 Hello Vani! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictlya and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Step 1Please uninstall the following application: Yontoo Layers Runtime 1.10.01 .Step 2Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.In your next reply, post the following log files:Malwarebytes' Anti-Malware loga new fresh DDS log file Link to post Share on other sites More sharing options...
vanijayram Posted March 16, 2012 Author ID:535447 Share Posted March 16, 2012 Hi Maniac,Thanks a lot for your reply.I tried the instructions stated above.I was unable to remove Yantoo Layers Runtime . It reports 'Initailisation Set up error' when I tried to uninstall it. Also, it states it occupies 0 kb in my system.I ran the malwarebytes after updation. I have copy pasted the logsmalwarebytes log :Malwarebytes Anti-Malware (Trial) 1.60.1.1000www.malwarebytes.orgDatabase version: v2012.01.13.04Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)Internet Explorer 8.0.6001.18702Vidhya :: VIDHYA-8F36C4A7 [administrator]Protection: Disabled3/16/2012 11:32:30 AMmbam-log-2012-03-16 (11-32-30).txtScan type: Full scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 409222Time elapsed: 1 hour(s), 3 minute(s), 58 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 2HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.FakeVLC) -> Quarantined and deleted successfully.HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 9HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.Folders Detected: 0(No malicious items detected)Files Detected: 6C:\Documents and Settings\Vidhya\Local Settings\Temp\ICReinstall\cnet2_PCI_Install_5719_0331_zip[1].exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.C:\Documents and Settings\Vidhya\Local Settings\Temp\ICReinstall\cnet2_R35845_EXE[1].exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.C:\Documents and Settings\Vidhya\Local Settings\Temp\ICReinstall\cnet2_setup_exe[1].exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.C:\Documents and Settings\Vidhya\Local Settings\Temp\ICReinstall\cnet_PSViewerSetup_exe.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.C:\Personal\College\FrenzSent\VidSent\toef\setup.exe (Trojan.FakeVLC) -> Quarantined and deleted successfully.C:\RECYCLER\S-1-5-21-746137067-2147135071-1417001333-1003\Dc798.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.(end)DDS Log :.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702Run by Vidhya at 18:57:11 on 2012-03-16Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1708 [GMT -4:00].AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}FW: AVG Firewall *Disabled*.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\System32\svchost.exe -k eapsvcsC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\System32\svchost.exe -k dot3svcC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\OEM13Mon.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXEC:\WINDOWS\system32\WLTRAY.exeC:\PROGRA~1\IBM\SQLLIB\BIN\db2systray.exeC:\Documents and Settings\All Users\Application Data\HWllHxOwIMY.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\IBM\SQLLIB\bin\db2dasrrm.exeC:\Program Files\Microsoft Office\Office14\MSOSYNC.EXEC:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\system32\DRIVERS\o2flash.exeC:\PROGRA~1\PHAROS~1\Core\CTskMstr.exeC:\Documents and Settings\All Users\Application Data\eYryLom6muHhor.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exeC:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exeC:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exeC:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\Program Files\IBM\SQLLIB\BIN\db2fmp.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://google.com/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/ieuDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: H - No FilemURLSearchHooks: H - No FileBHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dllBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dllBHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLLBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dllTB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dllTB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dllTB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dllTB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileTB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"uRun: [Akamai NetSession Interface] "c:\documents and settings\vidhya\local settings\application data\akamai\netsession_win.exe"uRun: [itibiti.exe] c:\program files\itibiti soft phone\Itibiti.exeuRun: [ApacheTomcatMonitor7.0_Tomcat7] "c:\program files\apache software foundation\tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"mRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [MFARestart] "c:\documents and settings\all users\application data\mfadata\pack\avgrunasx.exe" /useregmRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exemRun: [vProt] "c:\program files\avg secure search\vprot.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logonmRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logonmRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [DB2COPY1 - db2systray.exe DB2] c:\progra~1\ibm\sqllib\bin\db2systray.exe DB2mRun: [HWllHxOwIMY.exe] c:\documents and settings\all users\application data\HWllHxOwIMY.exemRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic="&"inst=NzctNzAyMjA0Mjc5LVZJUCsxLUZMMTArMS1ERFQrMzM4OTYtVFVHKzMtREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCKzEtRlVJKzItRjEwVEIrMi1TVDEwVEJGKzE"&"prod=0"&"ver=10.0.1416StartupFolder: c:\docume~1\vidhya\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXEuPolicies-explorer: NoDesktop = 1 (0x1)IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllDPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://usnjym03.tcs.com/dwa8W.cabDPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CABDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 172.20.48.1TCP: Interfaces\{3278EBCC-BD6A-4644-8F5F-D055857AADAB} : DhcpNameServer = 172.20.48.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dllNotify: igfxcui - igfxdev.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\vidhya\application data\mozilla\firefox\profiles\2k5zys0a.default\FF - prefs.js: browser.search.selectedEngine - BlekkoFF - prefs.js: browser.startup.homepage - hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=20120311587E4F7486570026FA31FD98FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z133&form=ZGAADF&install_date=20110908&q=FF - prefs.js: network.proxy.type - 4FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLLFF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLLFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLLFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dllFF - plugin: c:\windows\system32\tvuax\npTVUAx.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - true============= SERVICES / DRIVERS ===============.R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-1-3 108392]R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-1-3 108392]R2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\program files\ibm\sqllib\bin\db2mgmtsvc.exe [2011-11-22 37736]R2 DB2REMOTECMD_DB2COPY1;DB2 Remote Command Server (DB2COPY1);c:\program files\ibm\sqllib\bin\db2rcmd.exe [2011-11-22 34664]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-16 652360]R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-1-3 1839776]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-16 20464]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-16 40776]R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120315.002\NAVENG.SYS [2012-3-15 86136]R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120315.002\NAVEX15.SYS [2012-3-15 1576312]R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2012-1-21 51288]R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2012-1-21 43608]R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2011-3-26 141376]R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2011-3-26 7424]R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2011-3-26 235200]S0 cerc6;cerc6; [x]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-28 136176]S2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [?]S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-1-3 23888]S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]S3 DB2GOVERNOR_DB2COPY1;DB2 Governor (DB2COPY1);c:\program files\ibm\sqllib\bin\db2govds.exe [2011-11-22 23912]S3 DB2LICD_DB2COPY1;DB2 License Server (DB2COPY1);c:\program files\ibm\sqllib\bin\db2licd.exe [2011-11-22 128360]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-28 136176]S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]S3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys --> c:\windows\system32\drivers\pbsaudrv.sys [?]S3 Tomcat7;Apache Tomcat 7;"c:\program files\apache software foundation\tomcat 7.0\bin\tomcat7.exe" //rs//tomcat7 --> c:\program files\apache software foundation\tomcat 7.0\bin\tomcat7.exe [?].=============== Created Last 30 ================.2012-03-16 22:18:06 40776 ---ha-w- c:\windows\system32\drivers\mbamswissarmy.sys2012-03-16 15:29:35 -------- d--h--w- c:\documents and settings\vidhya\application data\Malwarebytes2012-03-16 15:29:27 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes2012-03-16 15:29:26 20464 ---ha-w- c:\windows\system32\drivers\mbam.sys2012-03-16 15:29:26 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware2012-03-16 13:44:06 427032 ---ha-w- c:\windows\system32\PerfStringBackup.TMP2012-03-16 05:38:58 -------- d--h--w- c:\documents and settings\vidhya\local settings\application data\blekkotb2012-03-16 04:27:25 337920 ---ha-w- c:\documents and settings\all users\application data\eYryLom6muHhor.exe2012-03-16 04:24:56 428544 ---ha-w- c:\documents and settings\all users\application data\HWllHxOwIMY.exe2012-03-11 18:30:27 -------- d--h--w- c:\program files\Rampant Logic Postscript Viewer2012-03-09 14:35:51 -------- d--h--w- c:\program files\spring-framework-3.1.1.RELEASE2012-03-05 16:04:43 -------- d--h--w- c:\documents and settings\vidhya\application data\Evaer2012-03-05 16:00:58 70656 ---ha-w- c:\windows\system32\yv12vfw.dll2012-03-05 16:00:58 413760 ---ha-w- c:\windows\system32\MPG4c32.dll2012-03-05 16:00:58 352256 ---ha-w- c:\windows\system32\lame.ax2012-03-05 16:00:57 -------- d--h--w- c:\program files\Supertintin for Skype2012-03-03 17:01:24 -------- d--h--w- c:\program files\apache-log4j-1.2.162012-02-28 16:40:01 -------- d--h--w- c:\documents and settings\vidhya\application data\LyX2.02012-02-28 16:35:56 -------- d--h--w- c:\program files\LyX202012-02-28 16:04:46 -------- d--h--w- c:\documents and settings\vidhya\application data\MiKTeX2012-02-28 16:04:30 -------- d--h--w- c:\documents and settings\vidhya\local settings\application data\MiKTeX2012-02-28 16:00:57 -------- d--h--w- c:\documents and settings\vidhya\application data\WinEdt Team2012-02-23 22:57:45 -------- d--h--w- c:\program files\WinEdt Team2012-02-23 22:47:35 -------- d--h--w- c:\documents and settings\all users\application data\MiKTeX2012-02-23 22:45:32 -------- d--h--w- c:\program files\MiKTeX 2.82012-02-19 04:21:00 -------- d--h--w- c:\documents and settings\vidhya\application data\GetRightToGo.==================== Find3M ====================.2012-03-07 01:38:06 60 ---ha-w- c:\windows\wpd99.drv2012-02-11 14:56:02 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-02-03 09:22:18 1860096 ---ha-w- c:\windows\system32\win32k.sys2012-01-23 23:21:37 356352 ---ha-w- c:\windows\system32\AegisI5Installer.exe2012-01-20 19:40:08 60808 ---ha-w- c:\windows\system32\S32EVNT1.DLL2012-01-20 19:40:08 125488 ---ha-w- c:\windows\system32\drivers\SYMEVENT.SYS2012-01-11 19:06:47 3072 ---h--w- c:\windows\system32\iacenc.dll2012-01-09 16:20:25 139784 ---ha-w- c:\windows\system32\drivers\rdpwd.sys2012-01-07 14:22:08 460800 ---ha-w- c:\windows\system32\LAVSplitter.ax2012-01-07 14:22:04 448000 ---ha-w- c:\windows\system32\LAVVideo.ax2012-01-07 14:22:04 212992 ---ha-w- c:\windows\system32\LAVAudio.ax2012-01-07 14:22:00 172032 ---ha-w- c:\windows\system32\libbluray.dll2012-01-07 14:21:50 6366094 ---ha-w- c:\windows\system32\avcodec-lav-53.dll2012-01-07 14:21:50 354979 ---ha-w- c:\windows\system32\swscale-lav-2.dll2012-01-07 14:21:50 203306 ---ha-w- c:\windows\system32\avutil-lav-51.dll2012-01-07 14:21:50 138727 ---ha-w- c:\windows\system32\avfilter-lav-2.dll2012-01-07 14:21:50 1007151 ---ha-w- c:\windows\system32\avformat-lav-53.dll2012-01-07 14:20:24 142336 ---ha-w- c:\windows\system32\IntelQuickSyncDecoder.dll2011-12-19 06:31:00 160256 ---ha-w- c:\windows\system32\xvid.ax.============= FINISH: 19:04:40.32 ===============Attach file :.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 3/26/2011 8:34:15 PMSystem Uptime: 3/16/2012 6:05:16 PM (1 hours ago).Motherboard: Dell Inc. | | 0H528CProcessor: Intel® Core2 Duo CPU T5670 @ 1.80GHz | U2E1 | 1795/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 298 GiB total, 177.462 GiB free.D: is CDROM ()E: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: Biometric CoprocessorDevice ID: USB\VID_0483&PID_2016\5&2E2FDE5C&0&1Manufacturer:Name: Biometric CoprocessorPNP Device ID: USB\VID_0483&PID_2016\5&2E2FDE5C&0&1Service:.==== System Restore Points ===================.RP180: 12/19/2011 10:04:15 AM - System CheckpointRP181: 12/21/2011 10:07:04 AM - System CheckpointRP182: 12/21/2011 11:52:05 AM - Installed Akamai NetSession InterfaceRP183: 12/21/2011 11:59:41 AM - Removed Microsoft Visual C++ 2005 RedistributableRP184: 12/21/2011 12:01:02 PM - Installed Microsoft Visual C++ 2005 RedistributableRP185: 12/24/2011 8:37:47 AM - System CheckpointRP186: 12/25/2011 12:03:02 PM - System CheckpointRP187: 12/31/2011 8:01:54 PM - System CheckpointRP188: 1/3/2012 2:51:59 PM - System CheckpointRP189: 1/3/2012 8:46:12 PM - Removed Ask Toolbar.RP190: 1/3/2012 8:50:37 PM - Removed Optimum Link.RP191: 1/3/2012 8:52:48 PM - Removed SplitMediaLabs VH Screen Capture Driver (x86)RP192: 1/3/2012 8:53:49 PM - Removed TextPad 5.RP193: 1/3/2012 8:54:29 PM - Removed TOEFL Sample Questions.RP194: 1/3/2012 8:54:59 PM - Removed Visual CertExam ManagerRP195: 1/4/2012 10:25:20 PM - System CheckpointRP196: 1/6/2012 8:58:32 PM - Installed Splashtop StreamerRP197: 1/8/2012 9:53:38 AM - Installed WeatherBugRP198: 1/8/2012 10:03:41 AM - Removed ASPCA Reminder by We-Care.com v5.0.5.1RP199: 1/8/2012 10:05:01 AM - Removed GIMPRP200: 1/8/2012 10:07:07 AM - Removed WeatherBugRP201: 1/10/2012 10:08:02 AM - System CheckpointRP202: 1/10/2012 11:11:15 AM - Removed Batch PDF MergerRP203: 1/10/2012 11:14:46 AM - Removed Lizardtech DjVu ControlRP204: 1/10/2012 11:16:50 AM - Removed Splashtop StreamerRP205: 1/11/2012 8:33:49 AM - Software Distribution Service 3.0RP206: 1/12/2012 8:38:27 AM - Software Distribution Service 3.0RP207: 1/13/2012 8:06:51 PM - System CheckpointRP208: 1/20/2012 2:38:34 PM - Installed Symantec Endpoint Protection.RP209: 1/20/2012 8:03:15 PM - Software Distribution Service 3.0RP210: 1/20/2012 8:51:47 PM - Removed AVG 2011RP211: 1/20/2012 8:52:52 PM - Removed AVG 2011RP212: 1/20/2012 9:59:41 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC DriverRP213: 1/21/2012 11:22:41 AM - Configured REALTEK GbE & FE Ethernet PCI-E NIC DriverRP214: 1/21/2012 1:04:15 PM - Removed O2Micro Flash Memory Card Reader Driver (x86).RP215: 1/21/2012 1:04:35 PM - Removed REALTEK GbE & FE Ethernet PCI-E NIC DriverRP216: 1/21/2012 1:10:43 PM - Installed O2Micro Flash Memory Card Reader Driver (x86).RP217: 1/21/2012 1:17:53 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC DriverRP218: 1/21/2012 2:19:32 PM - Removed O2Micro Flash Memory Card Reader Driver (x86).RP219: 1/21/2012 2:19:48 PM - Removed REALTEK GbE & FE Ethernet PCI-E NIC DriverRP220: 1/21/2012 2:25:45 PM - Installed O2Micro Flash Memory Card Reader Driver (x86).RP221: 1/21/2012 2:48:20 PM - Installed REALTEK GbE & FE Ethernet PCI NIC DriverRP222: 1/21/2012 2:51:31 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC DriverRP223: 1/21/2012 3:10:45 PM - Installed Intel® PROSet/Wireless Software for Bluetooth® TechnologyRP224: 1/21/2012 6:32:15 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC DriverRP225: 1/23/2012 5:54:08 AM - Printer Driver Xerox Phaser 5500DT PS InstalledRP226: 1/23/2012 6:27:38 PM - Removed Intel® PROSet/Wireless Software for Bluetooth® TechnologyRP227: 1/23/2012 6:33:39 PM - Removed REALTEK GbE & FE Ethernet PCI NIC DriverRP228: 1/27/2012 3:10:39 PM - System CheckpointRP229: 1/31/2012 3:57:52 PM - System CheckpointRP230: 2/3/2012 1:43:45 PM - System CheckpointRP231: 2/5/2012 2:39:01 PM - Installed DB2 Express-C - DB2COPY1RP232: 2/6/2012 2:25:47 PM - Installed SSH Secure ShellRP233: 2/6/2012 3:04:29 PM - Removed BonjourRP234: 2/6/2012 3:06:23 PM - Removed SSH Secure ShellRP235: 2/6/2012 4:13:07 PM - Installed Secure Download ManagerRP236: 2/6/2012 5:49:24 PM - Removed Secure Download ManagerRP237: 2/6/2012 5:49:48 PM - Installed Secure Download ManagerRP238: 2/7/2012 7:38:49 PM - System CheckpointRP239: 2/7/2012 10:56:06 PM - Removed Adobe Community HelpRP240: 2/7/2012 10:56:20 PM - Removed Adobe Download AssistantRP241: 2/7/2012 10:59:03 PM - Removed Adobe Widget BrowserRP242: 2/10/2012 8:41:25 PM - System CheckpointRP243: 2/11/2012 9:51:44 AM - Installed Intel Cilk++ SDK (1.1.0.8504)RP244: 2/11/2012 9:54:10 AM - Installed Cilk++ SDK Examples (1.1.0.8504)RP245: 2/14/2012 7:08:45 AM - System CheckpointRP246: 2/15/2012 12:06:46 AM - Software Distribution Service 3.0RP247: 2/16/2012 2:54:43 AM - System CheckpointRP248: 2/16/2012 3:00:20 AM - Software Distribution Service 3.0RP249: 2/18/2012 11:41:49 PM - Removed Cilk++ SDK Examples (1.1.0.8504)RP250: 2/18/2012 11:43:17 PM - Removed Intel Cilk++ SDK (1.1.0.8504)RP251: 2/19/2012 12:03:30 AM - Installed Microsoft Visio Professional 2010RP252: 2/20/2012 7:59:42 AM - Software Distribution Service 3.0RP253: 2/23/2012 11:41:27 PM - System CheckpointRP254: 2/29/2012 9:31:35 AM - System CheckpointRP255: 3/2/2012 1:08:13 PM - System CheckpointRP256: 3/4/2012 9:15:00 AM - System CheckpointRP257: 3/5/2012 11:03:34 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022RP258: 3/7/2012 8:11:03 PM - System CheckpointRP259: 3/9/2012 12:27:38 PM - System CheckpointRP260: 3/11/2012 2:47:46 PM - System CheckpointRP261: 3/12/2012 8:55:57 PM - System CheckpointRP262: 3/13/2012 9:58:56 PM - System CheckpointRP263: 3/14/2012 9:11:30 AM - Software Distribution Service 3.0RP264: 3/15/2012 3:14:25 PM - System CheckpointRP265: 3/16/2012 3:39:04 PM - Installed Ad-Aware.==== Installed Programs ======================..A-PDF to Black/WhiteAdobe AIRAdobe Flash Player 10 PluginAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.2)Apache Tomcat 7.0 (remove only)Apache Tomcat 7.0 Tomcat7 (remove only)Apple Application SupportApple Mobile Device SupportApple Software UpdateCanon Easy-PhotoPrint EXCanon Easy-WebPrint EXCanon IJ Network Scan UtilityCanon IJ Network ToolCanon Inkjet Printer/Scanner/Fax Extended Survey ProgramCanon MG5200 series MP DriversCanon MG5200 series User RegistrationCanon MP Navigator EX 4.0Canon My PrinterCanon Solution Menu EXCompare It!DB2 Express-C - DB2COPY1Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDell Resource CDDell Wireless WLAN CardFree NaturalReaderGoogle Talk (remove only)Google Update HelperHotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB952287)IBM Data Studio Administration ClientIntel® Graphics Media Accelerator DriverItibiti RTCiTunesJ2SE Runtime Environment 5.0 Update 6Java Auto UpdaterJava DB 10.6.2.1Java 6 Update 24Java SE Development Kit 6Java SE Development Kit 6 Update 24Java SE Runtime Environment 6Laptop Integrated Webcam Driver (1.00.01.0108) LiveUpdate 3.3 (Symantec Corporation)LyX 2.0.2-1Malwarebytes Anti-Malware version 1.60.1.1000Microsoft Office 2010 Language Pack Service Pack 1 (SP1)Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Visio 2010Microsoft Office Visio MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft Software Update for Web Folders (English) 14Microsoft Visio 2010 Service Pack 1 (SP1)Microsoft Visio Professional 2010Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft_VC80_CRT_x86Microsoft_VC80_MFC_x86Microsoft_VC80_MFCLOC_x86Microsoft_VC90_ATL_x86Microsoft_VC90_CRT_x86Microsoft_VC90_MFC_x86Microsoft_VC90_MFCLOC_x86MiKTeX 2.8Mozilla Firefox 8.0.1 (x86 en-US)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Notepad++O2Micro Flash Memory Card Reader Driver (x86)PDF CombinePdf995PharosPicasa 3QuickTimeRampant Logic Postscript Viewer 1.1REALTEK GbE & FE Ethernet PCI-E NIC DriverRealtek High Definition Audio DriverSecure Download ManagerSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft SharePoint Workspace 2010 (KB2566445)Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit EditionSecurity Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Skype™ 5.3Snagit 10.0.1Symantec Endpoint ProtectionSystem Requirements Lab for IntelTeamViewer 6Update for Microsoft Excel 2010 (KB2553439) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553270) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553385) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597091) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2553323) 32-Bit EditionUpdate for Microsoft Outlook Social Connector (KB2583935)Update for Windows Internet Explorer 8 (KB2447568)Update for Windows Internet Explorer 8 (KB976662)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB898461)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Wascana C/C++ IDE for WindowsWebFldrs XPWindows Feature Pack for Storage (32-bit) - IMAPI update for Blu-RayWindows Genuine Advantage Notifications (KB905474)Windows Internet Explorer 8WinEdt 6WinRAR 4.01 (32-bit)Yahoo! MessengerYontoo Layers Runtime 1.10.01.==== Event Viewer Messages From Past Week ========.3/9/2012 1:48:14 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{3278EBCC-BD6A-4644-8F5F-D055857AADAB} because another computer on the network has the same name. The server could not start.3/9/2012 1:48:14 PM, error: NetBT [4321] - The name "VIDHYA-8F36C4A7:20" could not be registered on the Interface with IP address 172.25.69.58. The machine with the IP address 129.49.2.138 did not allow the name to be claimed by this machine.3/9/2012 1:48:11 PM, error: NetBT [4321] - The name "VIDHYA-8F36C4A7:0" could not be registered on the Interface with IP address 172.25.69.58. The machine with the IP address 129.49.2.138 did not allow the name to be claimed by this machine.3/16/2012 3:38:12 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.3/16/2012 2:29:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSP SRTSPX SYMTDI Tcpip3/16/2012 2:29:03 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.3/16/2012 2:29:03 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.3/16/2012 2:29:03 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.3/16/2012 2:29:03 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.3/16/2012 2:29:03 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.3/16/2012 2:27:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}3/16/2012 12:30:28 AM, error: Dhcp [1002] - The IP address lease 172.25.69.58 for the Network Card with network address 00242B3447E1 has been denied by the DHCP server 172.20.24.1 (The DHCP Server sent a DHCPNACK message).3/16/2012 11:29:49 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm SPBBCDrv SRTSP SRTSPX SYMTDI3/16/2012 11:28:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}3/16/2012 11:28:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}3/15/2012 11:05:47 AM, error: Dhcp [1002] - The IP address lease 129.49.127.219 for the Network Card with network address 00242B3447E1 has been denied by the DHCP server 172.20.24.1 (The DHCP Server sent a DHCPNACK message).3/14/2012 9:30:06 AM, error: Service Control Manager [7000] - The vToolbarUpdater service failed to start due to the following error: The system cannot find the file specified.3/14/2012 6:57:29 PM, error: Dhcp [1002] - The IP address lease 172.25.53.46 for the Network Card with network address 00242B3447E1 has been denied by the DHCP server 172.20.24.1 (The DHCP Server sent a DHCPNACK message).3/11/2012 12:07:17 AM, error: Dhcp [1002] - The IP address lease 172.25.69.58 for the Network Card with network address 00242B3447E1 has been denied by the DHCP server 172.24.1.2 (The DHCP Server sent a DHCPNACK message)..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted March 17, 2012 ID:535489 Share Posted March 17, 2012 I would like these steps to be performed in normal mode, not in safe mode, to be effective. Link to post Share on other sites More sharing options...
vanijayram Posted March 17, 2012 Author ID:535510 Share Posted March 17, 2012 Hi maniac,I have executed the steps in normal mode and not safe modePlease let me know for any.Thanks,Vani Link to post Share on other sites More sharing options...
Maniac Posted March 17, 2012 ID:535511 Share Posted March 17, 2012 Log file from Malwarebytes' Anti-Malware indicates something else:Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Link to post Share on other sites More sharing options...
vanijayram Posted March 17, 2012 Author ID:535519 Share Posted March 17, 2012 Hi maniac,I am extremely sorry for my mistake. Sometime before I did the check in safe mode. I attached that log ..Here is my correct log. Sorry for this.Malwarebytes Anti-Malware (Trial) 1.60.1.1000www.malwarebytes.orgDatabase version: v2012.01.13.04Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Vidhya :: VIDHYA-8F36C4A7 [administrator]Protection: Enabled3/16/2012 6:19:27 PMmbam-log-2012-03-16 (18-19-27).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 221845Time elapsed: 17 minute(s), 51 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 7HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)Let me know for any..thanks.. Link to post Share on other sites More sharing options...
Maniac Posted March 17, 2012 ID:535521 Share Posted March 17, 2012 It is okay, don't worry. Please psot a new fresh DDS log file and let me know how system running now. Link to post Share on other sites More sharing options...
vanijayram Posted March 17, 2012 Author ID:535525 Share Posted March 17, 2012 Thanks maniac. I have started DDS. Will post the logs shortly..Thanks,Vani Link to post Share on other sites More sharing options...
vanijayram Posted March 17, 2012 Author ID:535527 Share Posted March 17, 2012 Hi Maniac,Here is my DDS file :.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702Run by Vidhya at 9:51:33 on 2012-03-17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2067 [GMT -4:00].AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}FW: AVG Firewall *Disabled*.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\System32\svchost.exe -k eapsvcsC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\System32\svchost.exe -k dot3svcC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\OEM13Mon.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXEC:\Program Files\IBM\SQLLIB\bin\db2dasrrm.exeC:\WINDOWS\system32\WLTRAY.exeC:\PROGRA~1\IBM\SQLLIB\BIN\db2systray.exeC:\Documents and Settings\All Users\Application Data\HWllHxOwIMY.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft Office\Office14\MSOSYNC.EXEC:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\system32\DRIVERS\o2flash.exeC:\PROGRA~1\PHAROS~1\Core\CTskMstr.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Documents and Settings\All Users\Application Data\eYryLom6muHhor.exeC:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exeC:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exeC:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exeC:\Program Files\IBM\SQLLIB\BIN\db2fmp.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://google.com/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/ieuDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: H - No FilemURLSearchHooks: H - No FileBHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dllBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dllBHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLLBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dllTB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dllTB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dllTB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dllTB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileTB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"uRun: [Akamai NetSession Interface] "c:\documents and settings\vidhya\local settings\application data\akamai\netsession_win.exe"uRun: [itibiti.exe] c:\program files\itibiti soft phone\Itibiti.exeuRun: [ApacheTomcatMonitor7.0_Tomcat7] "c:\program files\apache software foundation\tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"mRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [MFARestart] "c:\documents and settings\all users\application data\mfadata\pack\avgrunasx.exe" /useregmRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exemRun: [vProt] "c:\program files\avg secure search\vprot.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logonmRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logonmRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [DB2COPY1 - db2systray.exe DB2] c:\progra~1\ibm\sqllib\bin\db2systray.exe DB2mRun: [HWllHxOwIMY.exe] c:\documents and settings\all users\application data\HWllHxOwIMY.exemRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic="&"inst=NzctNzAyMjA0Mjc5LVZJUCsxLUZMMTArMS1ERFQrMzM4OTYtVFVHKzMtREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCKzEtRlVJKzItRjEwVEIrMi1TVDEwVEJGKzE"&"prod=0"&"ver=10.0.1416StartupFolder: c:\docume~1\vidhya\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXEuPolicies-explorer: NoDesktop = 1 (0x1)IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllDPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://usnjym03.tcs.com/dwa8W.cabDPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CABDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 172.20.48.1TCP: Interfaces\{3278EBCC-BD6A-4644-8F5F-D055857AADAB} : DhcpNameServer = 172.20.48.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dllNotify: igfxcui - igfxdev.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\vidhya\application data\mozilla\firefox\profiles\2k5zys0a.default\FF - prefs.js: browser.search.selectedEngine - BlekkoFF - prefs.js: browser.startup.homepage - hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=20120311587E4F7486570026FA31FD98FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z133&form=ZGAADF&install_date=20110908&q=FF - prefs.js: network.proxy.type - 4FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLLFF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLLFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLLFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dllFF - plugin: c:\windows\system32\tvuax\npTVUAx.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - true============= SERVICES / DRIVERS ===============.R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-1-3 108392]R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-1-3 108392]R2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\program files\ibm\sqllib\bin\db2mgmtsvc.exe [2011-11-22 37736]R2 DB2REMOTECMD_DB2COPY1;DB2 Remote Command Server (DB2COPY1);c:\program files\ibm\sqllib\bin\db2rcmd.exe [2011-11-22 34664]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-16 652360]R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-1-3 1839776]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-16 20464]R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120315.002\NAVENG.SYS [2012-3-15 86136]R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120315.002\NAVEX15.SYS [2012-3-15 1576312]R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2012-1-21 51288]R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2012-1-21 43608]R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2011-3-26 141376]R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2011-3-26 7424]R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2011-3-26 235200]S0 cerc6;cerc6; [x]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-28 136176]S2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [?]S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-1-3 23888]S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]S3 DB2GOVERNOR_DB2COPY1;DB2 Governor (DB2COPY1);c:\program files\ibm\sqllib\bin\db2govds.exe [2011-11-22 23912]S3 DB2LICD_DB2COPY1;DB2 License Server (DB2COPY1);c:\program files\ibm\sqllib\bin\db2licd.exe [2011-11-22 128360]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-28 136176]S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]S3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys --> c:\windows\system32\drivers\pbsaudrv.sys [?]S3 Tomcat7;Apache Tomcat 7;"c:\program files\apache software foundation\tomcat 7.0\bin\tomcat7.exe" //rs//tomcat7 --> c:\program files\apache software foundation\tomcat 7.0\bin\tomcat7.exe [?].=============== Created Last 30 ================.2012-03-17 13:15:51 -------- d-sh--w- C:\found.0002012-03-16 15:29:35 -------- d--h--w- c:\documents and settings\vidhya\application data\Malwarebytes2012-03-16 15:29:27 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes2012-03-16 15:29:26 20464 ---ha-w- c:\windows\system32\drivers\mbam.sys2012-03-16 15:29:26 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware2012-03-16 13:44:06 427032 ---ha-w- c:\windows\system32\PerfStringBackup.TMP2012-03-16 05:38:58 -------- d--h--w- c:\documents and settings\vidhya\local settings\application data\blekkotb2012-03-16 04:27:25 337920 ---ha-w- c:\documents and settings\all users\application data\eYryLom6muHhor.exe2012-03-16 04:24:56 428544 ---ha-w- c:\documents and settings\all users\application data\HWllHxOwIMY.exe2012-03-11 18:30:27 -------- d--h--w- c:\program files\Rampant Logic Postscript Viewer2012-03-09 14:35:51 -------- d--h--w- c:\program files\spring-framework-3.1.1.RELEASE2012-03-05 16:04:43 -------- d--h--w- c:\documents and settings\vidhya\application data\Evaer2012-03-05 16:00:58 70656 ---ha-w- c:\windows\system32\yv12vfw.dll2012-03-05 16:00:58 413760 ---ha-w- c:\windows\system32\MPG4c32.dll2012-03-05 16:00:58 352256 ---ha-w- c:\windows\system32\lame.ax2012-03-05 16:00:57 -------- d--h--w- c:\program files\Supertintin for Skype2012-03-03 17:01:24 -------- d--h--w- c:\program files\apache-log4j-1.2.162012-02-28 16:40:01 -------- d--h--w- c:\documents and settings\vidhya\application data\LyX2.02012-02-28 16:35:56 -------- d--h--w- c:\program files\LyX202012-02-28 16:04:46 -------- d--h--w- c:\documents and settings\vidhya\application data\MiKTeX2012-02-28 16:04:30 -------- d--h--w- c:\documents and settings\vidhya\local settings\application data\MiKTeX2012-02-28 16:00:57 -------- d--h--w- c:\documents and settings\vidhya\application data\WinEdt Team2012-02-23 22:57:45 -------- d--h--w- c:\program files\WinEdt Team2012-02-23 22:47:35 -------- d--h--w- c:\documents and settings\all users\application data\MiKTeX2012-02-23 22:45:32 -------- d--h--w- c:\program files\MiKTeX 2.82012-02-19 04:21:00 -------- d--h--w- c:\documents and settings\vidhya\application data\GetRightToGo.==================== Find3M ====================.2012-03-07 01:38:06 60 ---ha-w- c:\windows\wpd99.drv2012-02-11 14:56:02 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-02-03 09:22:18 1860096 ---ha-w- c:\windows\system32\win32k.sys2012-01-23 23:21:37 356352 ---ha-w- c:\windows\system32\AegisI5Installer.exe2012-01-20 19:40:08 60808 ---ha-w- c:\windows\system32\S32EVNT1.DLL2012-01-20 19:40:08 125488 ---ha-w- c:\windows\system32\drivers\SYMEVENT.SYS2012-01-11 19:06:47 3072 ---h--w- c:\windows\system32\iacenc.dll2012-01-09 16:20:25 139784 ---ha-w- c:\windows\system32\drivers\rdpwd.sys2012-01-07 14:22:08 460800 ---ha-w- c:\windows\system32\LAVSplitter.ax2012-01-07 14:22:04 448000 ---ha-w- c:\windows\system32\LAVVideo.ax2012-01-07 14:22:04 212992 ---ha-w- c:\windows\system32\LAVAudio.ax2012-01-07 14:22:00 172032 ---ha-w- c:\windows\system32\libbluray.dll2012-01-07 14:21:50 6366094 ---ha-w- c:\windows\system32\avcodec-lav-53.dll2012-01-07 14:21:50 354979 ---ha-w- c:\windows\system32\swscale-lav-2.dll2012-01-07 14:21:50 203306 ---ha-w- c:\windows\system32\avutil-lav-51.dll2012-01-07 14:21:50 138727 ---ha-w- c:\windows\system32\avfilter-lav-2.dll2012-01-07 14:21:50 1007151 ---ha-w- c:\windows\system32\avformat-lav-53.dll2012-01-07 14:20:24 142336 ---ha-w- c:\windows\system32\IntelQuickSyncDecoder.dll2011-12-19 06:31:00 160256 ---ha-w- c:\windows\system32\xvid.ax.============= FINISH: 9:59:08.93 ===============Thanks,Vani Link to post Share on other sites More sharing options...
vanijayram Posted March 17, 2012 Author ID:535530 Share Posted March 17, 2012 My system is still having some strange pop ups saying 'system check'. And nearly 100 windows stating Windows Delayed write failed.. Internet always gets directed to a standard dummy pageThanks,vani Link to post Share on other sites More sharing options...
Maniac Posted March 17, 2012 ID:535531 Share Posted March 17, 2012 Yes, I see them in your DDS log file. In your previous post:http://forums.malwarebytes.org/index.php?showtopic=107388&view=findpost&p=535519You are posting a log file from Malwarebytes' Anti-Malware in Normal mode, but it was made yesterday, but a database of 4 days, which in fighting malware is really long. I would like again to check in normal mode with an updated database to see if they are no longer added to the database Malwarebytes' Anti-Malware.Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.In your next reply, post the following log files:Malwarebytes' Anti-malware loga new fresh DDS log file Link to post Share on other sites More sharing options...
vanijayram Posted March 17, 2012 Author ID:535534 Share Posted March 17, 2012 Hi Maniac,Yesterday, I performed the steps and updated accordingly and then ran the malwarebytes . I find one thing here ..When I update, it says Updating malware Connecting to server , then a pop up you have the latest database version . Again Connecting to server and you have the latest datbase version so on and on ... I did this yesterday too. Should I run malware again now? Please let me know.. Link to post Share on other sites More sharing options...
Maniac Posted March 17, 2012 ID:535535 Share Posted March 17, 2012 Please do the following: Download and run mbam-clean.exe from here It will ask to restart your computer, please allow it to do so very important After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here Note: You will need to reactivate the program using the license you were sent via email if using the Pro version Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates. Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it. Next, try again. Link to post Share on other sites More sharing options...
vanijayram Posted March 17, 2012 Author ID:535553 Share Posted March 17, 2012 Hi maniac,I have done the clean up and downloaded and installed from the link that you gave.But my version indicates as 1/13/2012 . When I click update the problem occurs. I am not able to connect to Internet from laptop. I am downloading the executables from another computer and installing using flash drive. Is there any means by which I can download the latest version directly instead of connecting to Internet and updating?Thanks Link to post Share on other sites More sharing options...
Maniac Posted March 17, 2012 ID:535555 Share Posted March 17, 2012 Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. Link to post Share on other sites More sharing options...
vanijayram Posted March 17, 2012 Author ID:535561 Share Posted March 17, 2012 Hi Maniac,I am running combofix now. While running it tried to contact microsoft site for creating the recovery console. But it stopped that actipon since it could not connect to internet. I am connected to internet but cannot access any site. Now it has continued with the malware detection process. Is tis fine? Please let me know.Thanks,Vani Link to post Share on other sites More sharing options...
Maniac Posted March 17, 2012 ID:535562 Share Posted March 17, 2012 It is okay, Vani. Link to post Share on other sites More sharing options...
vanijayram Posted March 17, 2012 Author ID:535563 Share Posted March 17, 2012 Thank you Maniac Link to post Share on other sites More sharing options...
vanijayram Posted March 17, 2012 Author ID:535566 Share Posted March 17, 2012 Please bear with me as the combo fix ais still running and in 32stageThanks, Link to post Share on other sites More sharing options...
vanijayram Posted March 17, 2012 Author ID:535574 Share Posted March 17, 2012 Hi maniac,It is preparing log report for more than 20 mins. Is it normal?Thanks Link to post Share on other sites More sharing options...
Maniac Posted March 17, 2012 ID:535578 Share Posted March 17, 2012 Stop it and run it in Safe Mode:http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx Link to post Share on other sites More sharing options...
vanijayram Posted March 17, 2012 Author ID:535580 Share Posted March 17, 2012 To confirm Should I run combo fix installer again in safe mode? Link to post Share on other sites More sharing options...
Maniac Posted March 17, 2012 ID:535596 Share Posted March 17, 2012 Yes, please. Link to post Share on other sites More sharing options...
vanijayram Posted March 17, 2012 Author ID:535607 Share Posted March 17, 2012 Hi maniac,Even in safe mode it takes a very long time more than 45 mins ..and still it runs.. Link to post Share on other sites More sharing options...
Recommended Posts