Unknown & Undetectable Malware executing windows & programs multiple times till laptop hangs

[drec]

Greetings,I'm drec.

There is an unknown malware hiding in my laptop which auto executes IE,WMP, Windows Explorer most of the time.(I have reformatted about 3 times but the malware s still hiding somewhere.I only formatted C Drive for the installation of the W7.It was already on my previous OS,Vista.)

it also executes programs which i use most frequently such as Firefox & so on.It keeps opening up multiple firefox windows till my laptop slows down.It also diabled several keys from my keyboard.most of the numbers can't be typed.it also changed the the keyboard in such a way that when i press certain letters,windows minimize,my laptop gets locked,shows desktop n so on.whenever the cursor is on a typeable 'box'it types out by itself.usually''7890' or '77777777777777777777777' continously.

I used various online virus scanners n spyware detectors but all failed to detect the malware.

malwarebytes full scan can't detect it either.I have attached 'attach' n 'ark' .

DDS file output is as follows

DDS (Ver_09-12-01.01) - NTFSx86

Run by DharmaMayaChandrahas at 12:49:59.84 on Sun 03/14/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.936 [GMT 8:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\aestsrv.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\ThreatFire\TFService.exe

C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\ThreatFire\TFTray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\DharmaMayaChandrahas\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAP.EXE

C:\Users\DharmaMayaChandrahas\AppData\Local\Microsoft\Live Mesh\GacBase\Moe.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Internet Explorer\IELowutil.exe

C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FAMTCAP.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\PeerBlock\peerblock.exe

C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

C:\Users\DharmaMayaChandrahas\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Dharma-Maya Chandrahas

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [MoeMonitor.exe] "c:\users\dharmamayachandrahas\appdata\local\microsoft\live mesh\bin\servicing\0.9.4014.7\MoeMonitor.exe"

uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [EPSON Stylus CX5500 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticap.exe /fu "c:\windows\temp\E_S75D3.tmp" /EF "HKCU"

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe

mRun: [ProcessLassoManagementConsole] c:\program files\process lasso\processlasso.exe

mRun: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe

dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uPolicies-system: NoDispSettingsPage = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5890/mcfscan.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\dharma~1\appdata\roaming\mozilla\firefox\profiles\t48y4nd2.default\

FF - component: c:\users\dharmamayachandrahas\appdata\roaming\mozilla\firefox\profiles\t48y4nd2.default\extensions\glasser@sixxgate.com\components\dwmxpcom.dll

FF - component: c:\users\dharmamayachandrahas\appdata\roaming\mozilla\firefox\profiles\t48y4nd2.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-2-8 28552]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-13 207792]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-2-15 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-2-15 59664]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-2-13 130960]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-2-13 29520]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-2-16 95024]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-1-29 73728]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-13 112592]

R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-12-18 95896]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-28 236368]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-13 359624]

R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]

R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\live mesh\remote desktop\wlcrasvc.exe [2010-2-2 44880]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-28 19160]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]

R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-2-19 16472]

R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-2-2 9040]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-12-1 119296]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-2-15 33552]

S0 EnumProcessesDriver;EnumProcessesDriver;c:\windows\system32\drivers\EnumProcessesDriver.sys [2010-3-14 17664]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-10-29 30603640]

S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2010-1-30 103552]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-13 1141712]

S3 SUNXUBZMU;SUNXUBZMU;c:\users\dharma~1\appdata\local\temp\sunxubzmu.exe --> c:\users\dharma~1\appdata\local\temp\SUNXUBZMU.exe [?]

S3 UVNDTNIFBYK;UVNDTNIFBYK;c:\users\dharma~1\appdata\local\temp\uvndtnifbyk.exe --> c:\users\dharma~1\appdata\local\temp\UVNDTNIFBYK.exe [?]

=============== Created Last 30 ================

2010-03-14 04:46:10 0 ----a-w- c:\users\dharmamayachandrahas\defogger_reenable

2010-03-14 04:33:20 17664 ----a-w- c:\windows\system32\drivers\EnumProcessesDriver.sys

2010-03-13 03:14:58 49152 ----a-w- c:\windows\system32\E_DCINST.DLL

2010-03-13 03:14:57 86528 ----a-w- c:\windows\system32\E_FLBCAP.DLL

2010-03-13 03:14:55 78848 ----a-w- c:\windows\system32\E_FD4BCAP.DLL

2010-03-13 02:21:25 0 d-----w- c:\programdata\EPSON

2010-03-13 02:18:01 0 d-----w- c:\program files\epson

2010-03-13 02:17:58 66560 ----a-w- c:\windows\system32\eswia7e.dll

2010-03-13 02:17:58 3584 ----a-w- c:\windows\system32\eswiaml.dll

2010-03-13 02:17:58 208896 ----a-w- c:\windows\system32\esint7e.dll

2010-03-05 14:11:23 0 d-----w- c:\users\dharma~1\appdata\roaming\ProcessLasso

2010-03-05 14:11:23 0 d-----w- c:\program files\Process Lasso

2010-03-01 12:23:56 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-03-01 12:23:56 465408 ----a-w- c:\windows\system32\psisdecd.dll

2010-03-01 12:23:56 417792 ----a-w- c:\windows\system32\msdri.dll

2010-03-01 12:23:56 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-03-01 12:23:50 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-25 10:57:11 0 d-----w- c:\program files\Anti Trojan Elite

2010-02-20 05:32:27 0 d-----w- c:\program files\VirusTotalUploader2

2010-02-19 12:21:01 0 d-----w- c:\program files\PeerBlock

2010-02-19 10:48:35 65536 --sha-w- c:\users\dharmamayachandrahas\ntuser.dat{97c105c1-1d43-11df-bbff-001aa0ff77d3}.TM.blf

2010-02-19 10:48:35 524288 --sha-w- c:\users\dharmamayachandrahas\ntuser.dat{97c105c1-1d43-11df-bbff-001aa0ff77d3}.TMContainer00000000000000000002.regtrans-ms

2010-02-19 10:48:35 524288 --sha-w- c:\users\dharmamayachandrahas\ntuser.dat{97c105c1-1d43-11df-bbff-001aa0ff77d3}.TMContainer00000000000000000001.regtrans-ms

2010-02-17 18:52:39 0 d-----w- c:\program files\PeerGuardian2

2010-02-16 13:59:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-16 13:47:59 0 d-----w- c:\programdata\Lavasoft

2010-02-15 12:33:02 0 d-----w- C:\Wormguard

2010-02-15 10:29:44 0 d-----w- c:\users\dharma~1\appdata\roaming\TrojanHunter

2010-02-15 08:43:01 0 d-----w- c:\program files\TrojanHunter 5.2

2010-02-15 07:33:48 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2010-02-15 07:33:48 75264 ----a-w- c:\windows\system32\unacev2.dll

2010-02-15 07:33:48 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2010-02-15 07:33:48 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2010-02-15 07:33:48 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2010-02-15 07:32:47 0 d-----w- c:\program files\Trojan Remover

2010-02-14 16:31:59 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys

2010-02-14 16:31:31 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys

2010-02-14 16:31:30 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys

2010-02-14 16:23:10 0 d-----w- c:\program files\ThreatFire

2010-02-14 13:19:44 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-02-14 13:18:34 0 d-----w- c:\programdata\Hitman Pro

2010-02-14 13:17:02 0 d-----w- c:\program files\Hitman Pro 3.5

2010-02-14 12:18:49 0 d-----w- c:\programdata\Sun

2010-02-14 12:17:54 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-13 14:57:41 767952 ----a-w- c:\windows\BDTSupport.dll.old

2010-02-13 14:57:41 767952 ----a-w- c:\windows\BDTSupport.dll

2010-02-13 14:57:40 882 ----a-w- c:\windows\RegSDImport.xml

2010-02-13 14:57:40 879 ----a-w- c:\windows\RegISSImport.xml

2010-02-13 14:57:40 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-02-13 14:57:40 131 ----a-w- c:\windows\IDB.zip

2010-02-13 14:57:39 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-02-13 14:57:39 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-02-13 14:57:39 1640400 ----a-w- c:\windows\PCTBDCore.dll.old

2010-02-13 14:57:39 1152444 ----a-w- c:\windows\UDB.zip

2010-02-13 14:41:54 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2010-02-13 14:41:54 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat

2010-02-13 14:41:54 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-02-13 14:41:46 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat

2010-02-13 14:41:45 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-02-13 14:41:45 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat

2010-02-13 14:41:45 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-02-13 14:41:27 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat

2010-02-13 14:41:27 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-02-13 14:41:04 0 d-----w- c:\program files\common files\PC Tools

2010-02-13 14:41:03 0 d-----w- c:\users\dharma~1\appdata\roaming\PC Tools

2010-02-13 14:41:03 0 d-----w- c:\programdata\PC Tools

2010-02-13 14:41:03 0 d-----w- c:\program files\Spyware Doctor

2010-02-13 11:04:19 0 d-----w- c:\windows\McAfee.com

2010-02-13 09:34:44 0 d-----w- c:\programdata\Comodo

2010-02-13 09:34:38 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2010-02-13 09:34:38 171552 ----a-w- c:\windows\system32\guard32.dll

2010-02-13 09:34:38 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2010-02-12 16:47:03 0 d-----w- c:\users\dharma~1\appdata\roaming\.anki

2010-02-12 16:40:38 0 d-----w- c:\program files\Anki

2010-02-12 13:55:22 0 d-----w- c:\windows\system32\appmgmt

==================== Find3M ====================

2010-02-24 01:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-02 09:47:37 9040 ----a-w- c:\windows\system32\drivers\rdpdispm.sys

2010-02-02 09:47:37 118736 ----a-w- c:\windows\system32\rdpdispd.dll

2010-01-28 15:16:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll

2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2009-12-19 09:02:55 977920 ----a-w- c:\windows\system32\wininet.dll

2009-12-19 09:02:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll

2009-12-19 09:02:48 1328640 ----a-w- c:\windows\system32\quartz.dll

2009-12-19 09:02:46 22016 ----a-w- c:\windows\system32\msyuv.dll

2009-12-19 09:02:45 31744 ----a-w- c:\windows\system32\msvidc32.dll

2009-12-19 09:02:45 13312 ----a-w- c:\windows\system32\msrle32.dll

2009-12-19 09:02:40 84480 ----a-w- c:\windows\system32\mciavi32.dll

2009-12-19 09:02:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2009-12-19 09:02:01 91648 ----a-w- c:\windows\system32\avifil32.dll

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:56:16.54 ===============

Attach.zip

ark.txt

[screen317]

Hi and welcome to Malwarebytes.

Do you still need help?

[drec]

Hi and welcome to Malwarebytes.

Do you still need help?

Hi! Yes,I still do need your help.Thank you.

Regards,

drec.

[screen317]

Hi,

Please run DDS again and post its log.

After you post it, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
  

-screen317

[drec]

Hi,

Please run DDS again and post its log.

After you post it, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
  

-screen317

Hi,

I have posted dds here.I have also attached 'attach'zip.

DDS (Ver_09-12-01.01) - NTFSx86

Run by DharmaMayaChandrahas at 21:50:37.91 on Fri 03/19/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.843 [GMT 8:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\aestsrv.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\ThreatFire\TFService.exe

C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\ThreatFire\TFTray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\DharmaMayaChandrahas\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\DharmaMayaChandrahas\AppData\Local\Microsoft\Live Mesh\GacBase\Moe.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Program Files\Process Lasso\ProcessLasso.exe

C:\Program Files\Process Lasso\processgovernor.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\TrojanHunter 5.2\Tools\LiveUpdate\LiveUpdate.exe

C:\Program Files\COMODO\COMODO System-Cleaner\UpdateApplications.exe

C:\Users\DharmaMayaChandrahas\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Dharma-Maya Chandrahas

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [MoeMonitor.exe] "c:\users\dharmamayachandrahas\appdata\local\microsoft\live mesh\bin\servicing\0.9.4014.7\MoeMonitor.exe"

uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [EPSON Stylus CX5500 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticap.exe /fu "c:\windows\temp\E_S75D3.tmp" /EF "HKCU"

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [ProcessLassoManagementConsole] c:\program files\process lasso\processlasso.exe

mRun: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe

dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uPolicies-system: NoDispSettingsPage = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5890/mcfscan.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\dharma~1\appdata\roaming\mozilla\firefox\profiles\t48y4nd2.default\

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\users\dharmamayachandrahas\appdata\roaming\mozilla\firefox\profiles\t48y4nd2.default\extensions\glasser@sixxgate.com\components\dwmxpcom.dll

FF - component: c:\users\dharmamayachandrahas\appdata\roaming\mozilla\firefox\profiles\t48y4nd2.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-2-8 28552]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-13 207792]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-2-15 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-2-15 59664]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-2-13 130960]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-2-13 29520]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-2-16 95024]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-1-29 73728]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-13 112592]

R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-12-18 95896]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-28 236368]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-13 359624]

R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]

R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\live mesh\remote desktop\wlcrasvc.exe [2010-2-2 44880]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-28 19160]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]

R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-2-2 9040]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-12-1 119296]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-2-15 33552]

S3 EnumProcessesDriver;EnumProcessesDriver;c:\windows\system32\drivers\EnumProcessesDriver.sys [2010-3-14 17664]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-10-29 30603640]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]

S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-2-19 16472]

S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2010-1-30 103552]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-13 1141712]

S3 SUNXUBZMU;SUNXUBZMU;c:\users\dharma~1\appdata\local\temp\sunxubzmu.exe --> c:\users\dharma~1\appdata\local\temp\SUNXUBZMU.exe [?]

S3 UVNDTNIFBYK;UVNDTNIFBYK;c:\users\dharma~1\appdata\local\temp\uvndtnifbyk.exe --> c:\users\dharma~1\appdata\local\temp\UVNDTNIFBYK.exe [?]

=============== Created Last 30 ================

2010-03-18 19:14:46 388873991 ----a-w- c:\windows\MEMORY.DMP

2010-03-18 10:36:17 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2010-03-14 09:50:18 56 ---ha-w- c:\programdata\ezsidmv.dat

2010-03-14 09:46:22 0 d-----r- c:\program files\Skype

2010-03-14 09:46:03 0 d-----w- c:\programdata\Skype

2010-03-14 04:46:10 0 ----a-w- c:\users\dharmamayachandrahas\defogger_reenable

2010-03-14 04:33:20 17664 ----a-w- c:\windows\system32\drivers\EnumProcessesDriver.sys

2010-03-13 03:14:58 49152 ----a-w- c:\windows\system32\E_DCINST.DLL

2010-03-13 03:14:57 86528 ----a-w- c:\windows\system32\E_FLBCAP.DLL

2010-03-13 03:14:55 78848 ----a-w- c:\windows\system32\E_FD4BCAP.DLL

2010-03-13 02:21:25 0 d-----w- c:\programdata\EPSON

2010-03-13 02:18:01 0 d-----w- c:\program files\epson

2010-03-13 02:17:58 66560 ----a-w- c:\windows\system32\eswia7e.dll

2010-03-13 02:17:58 3584 ----a-w- c:\windows\system32\eswiaml.dll

2010-03-13 02:17:58 208896 ----a-w- c:\windows\system32\esint7e.dll

2010-03-05 14:11:23 0 d-----w- c:\users\dharma~1\appdata\roaming\ProcessLasso

2010-03-05 14:11:23 0 d-----w- c:\program files\Process Lasso

2010-03-01 12:23:56 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-03-01 12:23:56 465408 ----a-w- c:\windows\system32\psisdecd.dll

2010-03-01 12:23:56 417792 ----a-w- c:\windows\system32\msdri.dll

2010-03-01 12:23:56 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-03-01 12:23:50 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-25 10:57:11 0 d-----w- c:\program files\Anti Trojan Elite

2010-02-20 05:32:27 0 d-----w- c:\program files\VirusTotalUploader2

2010-02-19 12:21:01 0 d-----w- c:\program files\PeerBlock

2010-02-19 10:48:35 65536 --sha-w- c:\users\dharmamayachandrahas\ntuser.dat{97c105c1-1d43-11df-bbff-001aa0ff77d3}.TM.blf

2010-02-19 10:48:35 524288 --sha-w- c:\users\dharmamayachandrahas\ntuser.dat{97c105c1-1d43-11df-bbff-001aa0ff77d3}.TMContainer00000000000000000002.regtrans-ms

2010-02-19 10:48:35 524288 --sha-w- c:\users\dharmamayachandrahas\ntuser.dat{97c105c1-1d43-11df-bbff-001aa0ff77d3}.TMContainer00000000000000000001.regtrans-ms

2010-02-17 18:52:39 0 d-----w- c:\program files\PeerGuardian2

==================== Find3M ====================

2010-02-24 01:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-23 15:51:37 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-02-17 06:14:28 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-14 12:17:28 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-13 09:33:45 171552 ----a-w- c:\windows\system32\guard32.dll

2010-02-13 09:33:44 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2010-02-13 09:33:44 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2010-02-02 09:47:37 9040 ----a-w- c:\windows\system32\drivers\rdpdispm.sys

2010-02-02 09:47:37 118736 ----a-w- c:\windows\system32\rdpdispd.dll

2010-01-28 15:16:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-01-21 23:21:07 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-01-21 23:21:07 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-01-21 23:21:06 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-01-21 23:21:05 767952 ----a-w- c:\windows\BDTSupport.dll

2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll

2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:57:21.97 ===============

[drec]

Hi,

I have posted dds here.I have also attached 'attach'zip.

DDS (Ver_09-12-01.01) - NTFSx86

Run by DharmaMayaChandrahas at 21:50:37.91 on Fri 03/19/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.843 [GMT 8:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\aestsrv.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\ThreatFire\TFService.exe

C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\ThreatFire\TFTray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\DharmaMayaChandrahas\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\DharmaMayaChandrahas\AppData\Local\Microsoft\Live Mesh\GacBase\Moe.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Program Files\Process Lasso\ProcessLasso.exe

C:\Program Files\Process Lasso\processgovernor.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\TrojanHunter 5.2\Tools\LiveUpdate\LiveUpdate.exe

C:\Program Files\COMODO\COMODO System-Cleaner\UpdateApplications.exe

C:\Users\DharmaMayaChandrahas\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Dharma-Maya Chandrahas

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [MoeMonitor.exe] "c:\users\dharmamayachandrahas\appdata\local\microsoft\live mesh\bin\servicing\0.9.4014.7\MoeMonitor.exe"

uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [EPSON Stylus CX5500 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticap.exe /fu "c:\windows\temp\E_S75D3.tmp" /EF "HKCU"

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [ProcessLassoManagementConsole] c:\program files\process lasso\processlasso.exe

mRun: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe

dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uPolicies-system: NoDispSettingsPage = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5890/mcfscan.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\dharma~1\appdata\roaming\mozilla\firefox\profiles\t48y4nd2.default\

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\users\dharmamayachandrahas\appdata\roaming\mozilla\firefox\profiles\t48y4nd2.default\extensions\glasser@sixxgate.com\components\dwmxpcom.dll

FF - component: c:\users\dharmamayachandrahas\appdata\roaming\mozilla\firefox\profiles\t48y4nd2.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-2-8 28552]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-13 207792]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-2-15 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-2-15 59664]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-2-13 130960]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-2-13 29520]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-2-16 95024]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-1-29 73728]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-13 112592]

R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-12-18 95896]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-28 236368]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-13 359624]

R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]

R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\live mesh\remote desktop\wlcrasvc.exe [2010-2-2 44880]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-28 19160]

R3 netw5v32;Intel

[screen317]

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

Driver::

SUNXUBZMU

UVNDTNIFBYK

CFRMD

KILLALL::

DDS::

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

• Click Start Scanning.
  
• You should get a notification bar (on top) to install the ActiveX control.
  
• Click on it and select to install the ActiveX.
  
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  
• In case you are having problems with installing the ActiveX/starting the scan, please read here.
  
• Click the Full System Scan button.
  
• It will start to download scanner components and databases. This can take a while.
  
• The main scan will start.
  
• Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  
• The cleaning can take a while, so please be patient.
  
• Then click the Show report button and Copy/Paste what is present under results in your next reply.
  

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[drec]

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

• Click Start Scanning.
  
• You should get a notification bar (on top) to install the ActiveX control.
  
• Click on it and select to install the ActiveX.
  
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  
• In case you are having problems with installing the ActiveX/starting the scan, please read here.
  
• Click the Full System Scan button.
  
• It will start to download scanner components and databases. This can take a while.
  
• The main scan will start.
  
• Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  
• The cleaning can take a while, so please be patient.
  
• Then click the Show report button and Copy/Paste what is present under results in your next reply.
  

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

Hi,

I'm still facing the malware attack even after running thru all the given procedures.

Combofix log

1ComboFix 10-03-21.04 - DharmaMayaChandrahas 03/22/2010 23:03:54.2.2 - x8678902442317890789023142317823178904231431423178902314231423142317890789023142

3423178902314231423117890231423114231423142314242317890231

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1049 [GMT 8:00]

Running from: c:\users\DharmaMayaChandrahas\Downloads\ComboFix.exe

Command switches used :: c:\users\DharmaMayaChandrahas\Desktop\CFScript.txt

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://download.windowsupdate.com

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_CFRMD

-------\Service_SUNXUBZMU

-------\Service_UVNDTNIFBYK

((((((((((((((((((((((((( Files Created from 2010-02-22 to 2010-03-22 )))))))))))))))))))))))))))))))

.

2010-03-22 15:54 . 2010-03-22 16:01 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Local\temp

2010-03-22 15:54 . 2010-03-22 15:54 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-03-22 15:54 . 2010-03-22 15:54 -------- d-----w- c:\users\Guest\AppData\Local\temp

2010-03-22 15:54 . 2010-03-22 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-03-22 11:54 . 2010-03-22 11:56 64886 ----a-w- c:\windows\csdf.dat

2010-03-22 11:54 . 2010-03-22 11:56 31184 ----a-w- c:\windows\csdf_sdum.dat

2010-03-22 11:54 . 2010-03-22 11:56 660 ----a-w- c:\windows\crpf.bin

2010-03-22 11:54 . 2010-03-22 11:56 532 ----a-w- c:\windows\crpf_sdum.bin

2010-03-21 08:51 . 2010-03-21 08:51 -------- d-----w- c:\program files\GiPo@Utilities

2010-03-21 08:51 . 2010-03-21 08:51 -------- d-----w- c:\program files\Common Files\Gibinsoft Shared

2010-03-18 10:36 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2010-03-14 15:39 . 2010-03-14 15:39 -------- d-----w- c:\program files\Common Files\Skype

2010-03-14 09:50 . 2010-03-22 13:40 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\skypePM

2010-03-14 09:46 . 2010-03-22 14:25 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Skype

2010-03-14 09:46 . 2010-03-14 15:39 -------- d-----r- c:\program files\Skype

2010-03-14 09:46 . 2010-03-14 15:39 -------- d-----w- c:\programdata\Skype

2010-03-14 04:33 . 2009-12-07 01:49 17664 ----a-w- c:\windows\system32\drivers\EnumProcessesDriver.sys

2010-03-13 03:14 . 2004-09-10 12:12 49152 ----a-w- c:\windows\system32\E_DCINST.DLL

2010-03-13 03:14 . 2007-12-06 18:08 86528 ----a-w- c:\windows\system32\E_FLBCAP.DLL

2010-03-13 03:14 . 2007-12-06 18:01 78848 ----a-w- c:\windows\system32\E_FD4BCAP.DLL

2010-03-13 02:21 . 2007-01-11 04:02 113664 ----a-w- c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE

2010-03-13 02:21 . 2010-03-13 03:14 -------- d-----w- c:\programdata\EPSON

2010-03-13 02:18 . 2010-03-13 02:19 -------- d-----w- c:\program files\epson

2010-03-13 02:17 . 2006-12-27 16:00 66560 ----a-w- c:\windows\system32\eswia7e.dll

2010-03-13 02:17 . 2006-12-27 16:00 208896 ----a-w- c:\windows\system32\esint7e.dll

2010-03-13 02:17 . 2006-03-09 16:00 3584 ----a-w- c:\windows\system32\eswiaml.dll

2010-03-11 05:19 . 2010-03-11 05:19 108824 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT

2010-03-05 14:11 . 2010-03-07 04:40 -------- d-----w- c:\program files\Process Lasso

2010-03-05 14:11 . 2010-03-05 14:11 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\ProcessLasso

2010-03-01 12:23 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-03-01 12:23 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll

2010-03-01 12:23 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll

2010-03-01 12:23 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-25 10:57 . 2010-02-27 17:02 -------- d-----w- c:\program files\Anti Trojan Elite

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-22 09:30 . 2010-01-28 14:50 -------- d-----w- c:\program files\SPlayer

2010-03-22 09:27 . 2010-02-04 14:02 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\TeraCopy

2010-03-18 10:42 . 2010-01-28 16:45 -------- d-----w- c:\program files\SpywareBlaster

2010-03-14 09:50 . 2010-03-14 09:50 56 ---ha-w- c:\programdata\ezsidmv.dat

2010-03-14 09:45 . 2010-01-28 14:11 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Orbit

2010-03-14 05:03 . 2010-02-19 12:21 -------- d-----w- c:\program files\PeerBlock

2010-03-14 04:32 . 2010-01-28 13:48 -------- d-----w- c:\program files\COMODO

2010-03-01 11:18 . 2010-02-15 08:43 -------- d-----w- c:\program files\TrojanHunter 5.2

2010-02-24 02:16 . 2010-01-28 14:17 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-23 15:51 . 2010-02-14 13:19 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-02-21 10:14 . 2010-02-15 07:32 -------- d-----w- c:\program files\Trojan Remover

2010-02-21 09:31 . 2010-02-16 13:47 -------- d-----w- c:\programdata\Lavasoft

2010-02-20 17:34 . 2010-02-14 16:23 -------- d-----w- c:\program files\ThreatFire

2010-02-20 05:32 . 2010-02-20 05:32 -------- d-----w- c:\program files\VirusTotalUploader2

2010-02-19 10:47 . 2010-02-13 09:34 -------- d-----w- c:\programdata\Comodo

2010-02-19 10:47 . 2010-01-28 14:11 -------- d-----w- c:\program files\Orbitdownloader

2010-02-19 10:47 . 2010-02-17 18:52 -------- d-----w- c:\program files\PeerGuardian2

2010-02-18 13:07 . 2010-01-28 14:12 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\GrabPro

2010-02-17 06:14 . 2010-02-16 13:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-16 13:45 . 2010-02-13 14:41 -------- d-----w- c:\program files\Spyware Doctor

2010-02-15 10:29 . 2010-02-15 10:29 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\TrojanHunter

2010-02-14 16:23 . 2010-02-13 14:41 -------- d-----w- c:\programdata\PC Tools

2010-02-14 13:19 . 2010-02-14 13:18 -------- d-----w- c:\programdata\Hitman Pro

2010-02-14 13:17 . 2010-02-14 13:17 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-02-14 12:18 . 2010-02-14 12:18 -------- d-----w- c:\program files\Common Files\Java

2010-02-14 12:17 . 2010-02-17 05:56 651776 ----a-w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Mozilla\Firefox\Profiles\t48y4nd2.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

2010-02-14 12:17 . 2010-02-14 12:17 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-14 12:17 . 2010-02-14 12:17 -------- d-----w- c:\program files\Java

2010-02-13 14:58 . 2010-02-13 14:41 -------- d-----w- c:\program files\Common Files\PC Tools

2010-02-13 14:41 . 2010-02-13 14:41 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\PC Tools

2010-02-13 12:59 . 2010-02-12 16:47 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\.anki

2010-02-13 09:33 . 2010-02-13 09:34 74328 ----a-w- c:\windows\system32\drivers\inspect.sys

2010-02-13 09:33 . 2010-02-13 09:34 171552 ----a-w- c:\windows\system32\guard32.dll

2010-02-13 09:33 . 2010-02-13 09:34 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2010-02-13 09:33 . 2010-02-13 09:34 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2010-02-13 05:55 . 2010-02-05 12:44 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-02-13 05:55 . 2010-03-11 05:13 38784 ----a-w- c:\users\Guest\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-02-13 05:55 . 2010-02-05 12:44 38784 ----a-w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-02-13 05:55 . 2010-02-05 12:44 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-02-12 16:41 . 2010-02-12 16:40 -------- d-----w- c:\program files\Anki

2010-02-12 13:54 . 2010-01-28 16:17 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Uniblue

2010-02-12 13:53 . 2010-01-28 14:05 -------- d-----w- c:\programdata\Microsoft Help

2010-02-11 10:26 . 2010-02-02 11:49 -------- d-----w- c:\program files\Microsoft Silverlight

2010-02-08 12:14 . 2010-02-08 12:14 -------- d-----w- c:\program files\Panda Security

2010-02-05 13:09 . 2010-02-05 13:09 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-02-05 12:45 . 2010-02-05 12:45 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Snippage.B28FB424FD6880E47B18D7D649F6CC93BDE9B29B.1

2010-02-04 15:46 . 2010-02-04 15:46 9624 ----a-w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Microsoft\IdentityCRL\production\WLIDClientConfig.dll

2010-02-04 15:45 . 2010-02-04 15:45 -------- d-----w- c:\program files\SkyDrive Explorer

2010-02-04 14:02 . 2010-02-04 14:02 -------- d-----w- c:\program files\TeraCopy

2010-02-04 14:01 . 2010-02-04 13:55 -------- d-----w- c:\program files\QT Lite

2010-02-04 13:59 . 2010-02-04 13:59 -------- d-----w- c:\program files\Real Alternative

2010-02-04 13:55 . 2010-02-04 13:55 -------- d-----w- c:\programdata\Apple Computer

2010-02-04 12:47 . 2010-02-02 09:37 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\QuickScan

2010-02-03 11:08 . 2010-01-30 10:12 -------- d-----w- c:\program files\HSPA USB MODEM

2010-02-03 10:14 . 2010-01-28 16:07 108824 ----a-w- c:\users\DharmaMayaChandrahas\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-03 10:00 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild

2010-02-03 09:59 . 2010-02-03 09:59 -------- d-----w- c:\program files\Microsoft Synchronization Services

2010-02-03 09:58 . 2010-02-03 09:58 -------- d-----w- c:\program files\Microsoft.NET

2010-02-03 09:58 . 2010-02-03 09:58 -------- d-----w- c:\program files\Microsoft Sync Framework

2010-02-03 09:58 . 2010-02-03 09:58 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-02-03 09:57 . 2010-02-03 09:57 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2010-02-03 09:56 . 2010-02-03 09:56 -------- d-----w- c:\program files\Microsoft Analysis Services

2010-02-02 13:46 . 2010-02-02 13:46 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\ComodoGroup

2010-02-02 09:47 . 2010-02-02 09:47 9040 ----a-w- c:\windows\system32\drivers\rdpdispm.sys

2010-02-02 09:47 . 2010-02-02 09:47 118736 ----a-w- c:\windows\system32\rdpdispd.dll

2010-02-02 09:47 . 2010-02-02 09:47 -------- d-----w- c:\program files\Live Mesh

2010-01-28 17:05 . 2010-01-28 17:05 -------- d-----w- c:\program files\WIDCOMM

2010-01-28 17:02 . 2010-01-28 17:02 -------- d-----w- c:\program files\Microsoft

2010-01-28 17:02 . 2010-01-28 16:57 -------- d-----w- c:\program files\Windows Live

2010-01-28 16:58 . 2010-01-28 16:58 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-01-28 16:53 . 2010-01-28 16:53 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-28 16:53 . 2010-01-28 16:53 -------- d-----w- c:\program files\SigmaTel

2010-01-28 16:53 . 2010-01-28 16:53 -------- d-----w- c:\program files\Common Files\InstallShield

2010-01-28 16:25 . 2010-01-28 16:24 -------- d-----w- c:\program files\CCleaner

2010-01-28 16:13 . 2010-01-28 16:13 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\SPlayer

2010-01-28 16:07 . 2010-01-28 16:07 -------- d-----w- c:\program files\Common Files\Windows Live

2010-01-28 15:16 . 2010-01-28 15:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-01-28 15:14 . 2010-01-28 15:14 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Foxit

2010-01-28 15:13 . 2010-01-28 15:13 -------- d-----w- c:\program files\Foxit Software

2010-01-28 15:09 . 2010-01-28 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-28 15:07 . 2010-01-28 15:07 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-28 15:03 . 2010-01-28 15:03 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Malwarebytes

2010-01-28 15:03 . 2010-01-28 15:03 -------- d-----w- c:\programdata\Malwarebytes

2010-01-28 14:35 . 2010-01-28 14:35 -------- d-----w- c:\program files\Intel

2010-01-28 14:30 . 2010-01-28 14:30 -------- d-----w- c:\program files\ESET

2010-01-28 14:17 . 2010-01-28 14:17 -------- d-----w- c:\program files\Sandboxie

2010-01-21 23:21 . 2010-02-13 14:57 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-01-21 23:21 . 2010-02-13 14:57 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-01-21 23:21 . 2010-02-13 14:57 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-01-21 23:21 . 2010-02-13 14:57 767952 ----a-w- c:\windows\BDTSupport.dll

2010-01-18 23:29 . 2010-02-10 11:53 365568 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-18 23:29 . 2010-02-10 11:53 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-18 23:29 . 2010-02-10 11:53 85504 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-18 23:29 . 2010-02-10 11:53 369152 ----a-w- c:\windows\system32\secproc.dll

2010-01-18 23:28 . 2010-02-10 11:53 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-18 23:28 . 2010-02-10 11:53 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-18 23:28 . 2010-02-10 11:53 320512 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-18 23:28 . 2010-02-10 11:53 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-14 08:08 . 2010-02-14 16:31 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys

2010-01-14 08:08 . 2010-02-14 16:31 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

2009-11-03 13:12 556432 ----a-w- c:\progra~1\MICROS~4\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"MoeMonitor.exe"="c:\users\DharmaMayaChandrahas\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe" [2010-02-02 1315152]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-27 1529432]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-13 1800464]

"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

"ProcessLassoManagementConsole"="c:\program files\Process Lasso\processlasso.exe" [2010-02-03 401424]

"ProcessGovernor"="c:\program files\Process Lasso\processgovernor.exe" [2010-02-03 230416]

"COMODO System Cleaner Finalize All"="c:\program files\COMODO\COMODO System-Cleaner\CSC.EXE" [2010-01-26 6573832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^DharmaMayaChandrahas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]

path=c:\users\DharmaMayaChandrahas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 07:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]

2009-10-08 14:59 1063072 ----a-w- c:\program files\TrojanHunter 5.2\THGuard.exe

R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [x]

R3 EnumProcessesDriver;EnumProcessesDriver;c:\windows\system32\drivers\EnumProcessesDriver.sys [2009-12-07 17664]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-25 4639136]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-27 16472]

R3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2009-05-25 103552]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-09 207792]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-02-13 130960]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-02-13 29520]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-02-17 95024]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]

S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]

S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]

S2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [2010-02-02 44880]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-01-07 19160]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-02-02 9040]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]

.

Contents of the 'Scheduled Tasks' folder

2010-03-22 c:\windows\Tasks\COMODO Registry Cleaner task.job

- c:\program files\COMODO\COMODO System-Cleaner\CSC.exe [2010-01-26 10:00]

2010-03-22 c:\windows\Tasks\COMODO System Cleaner Update.job

- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-26 08:28]

2010-03-21 c:\windows\Tasks\Malwarebytes' Scheduled Scan for DharmaMayaChandrahas.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-28 08:07]

2010-03-21 c:\windows\Tasks\Malwarebytes' Scheduled Update for DharmaMayaChandrahas.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-28 08:07]

2010-03-22 c:\windows\Tasks\TrojanHunter LiveUpdate.job

- c:\program files\TrojanHunter 5.2\Tools\LiveUpdate\LiveUpdate.exe [2010-02-15 03:48]

.

.

------- Supplementary Scan -------

.

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\users\DharmaMayaChandrahas\AppData\Roaming\Mozilla\Firefox\Profiles\t48y4nd2.default\

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: c:\users\DharmaMayaChandrahas\AppData\Roaming\Mozilla\Firefox\Profiles\t48y4nd2.default\extensions\glasser@sixxgate.com\components\dwmxpcom.dll

FF - component: c:\users\DharmaMayaChandrahas\AppData\Roaming\Mozilla\Firefox\Profiles\t48y4nd2.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]

"AlternateImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)

c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'lsass.exe'(556)

c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'Explorer.exe'(3156)

c:\program files\ThreatFire\TfWah.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\wlanutil.dll

c:\windows\system32\wwanapi.dll

c:\windows\System32\msxml6.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\COMODO\COMODO Internet Security\cmdagent.exe

c:\program files\Sandboxie\SbieSvc.exe

c:\windows\system32\STacSV.exe

c:\program files\ThreatFire\TFService.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

.

**************************************************************************

.

Completion time: 2010-03-23 00:22:21 - machine was rebooted

ComboFix-quarantined-files.txt 2010-03-22 16:22

ComboFix2.txt 2010-03-20 10:34

Pre-Run: 57,972,428,800 bytes free

Post-Run: 57,778,970,624 bytes free

- - End Of File - - 0B3B08240511A648BA068A67DC759479

DDS log

DDS (Ver_09-12-01.01) - NTFSx86

Run by DharmaMayaChandrahas at 9:12:21.35 on Wed 03/24/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.887 [GMT 8:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\aestsrv.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\ThreatFire\TFService.exe

C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\ThreatFire\TFTray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\DharmaMayaChandrahas\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\DharmaMayaChandrahas\AppData\Local\Microsoft\Live Mesh\GacBase\Moe.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskhost.exe

C:\Users\DharmaMayaChandrahas\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [MoeMonitor.exe] "c:\users\dharmamayachandrahas\appdata\local\microsoft\live mesh\bin\servicing\0.9.4014.7\MoeMonitor.exe"

uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [ProcessLassoManagementConsole] c:\program files\process lasso\processlasso.exe

mRun: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe

mRun: [COMODO System Cleaner Finalize All] "c:\program files\comodo\comodo system-cleaner\CSC.EXE" //delete_all

dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5890/mcfscan.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\dharma~1\appdata\roaming\mozilla\firefox\profiles\t48y4nd2.default\

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\users\dharmamayachandrahas\appdata\roaming\mozilla\firefox\profiles\t48y4nd2.default\extensions\glasser@sixxgate.com\components\dwmxpcom.dll

FF - component: c:\users\dharmamayachandrahas\appdata\roaming\mozilla\firefox\profiles\t48y4nd2.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-2-8 28552]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-13 207792]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-2-15 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-2-15 59664]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-2-13 130960]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-2-13 29520]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-2-16 95024]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-1-29 73728]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-13 112592]

R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-12-18 95896]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-28 236368]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-13 359624]

R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]

R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\live mesh\remote desktop\wlcrasvc.exe [2010-2-2 44880]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-28 19160]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]

R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-2-2 9040]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-12-1 119296]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-2-15 33552]

S3 EnumProcessesDriver;EnumProcessesDriver;c:\windows\system32\drivers\EnumProcessesDriver.sys [2010-3-14 17664]

S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\dharma~1\appdata\local\temp\onlinescanner\anti-virus\fsgk.sys [2010-3-23 70144]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-10-29 30603640]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]

S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-2-19 16472]

S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2010-1-30 103552]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-13 1141712]

=============== Created Last 30 ================

2010-03-23 11:16:34 0 d-----w- c:\programdata\F-Secure

2010-03-22 16:17:44 0 d-sh--w- C:\$RECYCLE.BIN

2010-03-22 14:44:00 0 d-----w- C:\ComboFix

2010-03-21 08:51:03 0 d-----w- c:\program files\GiPo@Utilities

2010-03-21 08:51:03 0 d-----w- c:\program files\common files\Gibinsoft Shared

2010-03-20 09:52:18 77312 ----a-w- c:\windows\MBR.exe

2010-03-20 09:52:15 261632 ----a-w- c:\windows\PEV.exe

2010-03-20 09:52:14 98816 ----a-w- c:\windows\sed.exe

2010-03-20 09:52:14 161792 ----a-w- c:\windows\SWREG.exe

2010-03-18 10:36:17 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2010-03-14 09:50:18 56 ---ha-w- c:\programdata\ezsidmv.dat

2010-03-14 09:46:22 0 d-----r- c:\program files\Skype

2010-03-14 09:46:03 0 d-----w- c:\programdata\Skype

2010-03-14 04:46:10 0 ----a-w- c:\users\dharmamayachandrahas\defogger_reenable

2010-03-14 04:33:20 17664 ----a-w- c:\windows\system32\drivers\EnumProcessesDriver.sys

2010-03-13 03:14:58 49152 ----a-w- c:\windows\system32\E_DCINST.DLL

2010-03-13 03:14:57 86528 ----a-w- c:\windows\system32\E_FLBCAP.DLL

2010-03-13 03:14:55 78848 ----a-w- c:\windows\system32\E_FD4BCAP.DLL

2010-03-13 02:21:25 0 d-----w- c:\programdata\EPSON

2010-03-13 02:18:01 0 d-----w- c:\program files\epson

2010-03-13 02:17:58 66560 ----a-w- c:\windows\system32\eswia7e.dll

2010-03-13 02:17:58 3584 ----a-w- c:\windows\system32\eswiaml.dll

2010-03-13 02:17:58 208896 ----a-w- c:\windows\system32\esint7e.dll

2010-03-05 14:11:23 0 d-----w- c:\users\dharma~1\appdata\roaming\ProcessLasso

2010-03-05 14:11:23 0 d-----w- c:\program files\Process Lasso

2010-03-01 12:23:56 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-03-01 12:23:56 465408 ----a-w- c:\windows\system32\psisdecd.dll

2010-03-01 12:23:56 417792 ----a-w- c:\windows\system32\msdri.dll

2010-03-01 12:23:56 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-03-01 12:23:50 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-25 10:57:11 0 d-----w- c:\program files\Anti Trojan Elite

==================== Find3M ====================

2010-02-24 02:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-23 15:51:37 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-02-17 06:14:28 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-14 12:17:28 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-13 09:33:45 171552 ----a-w- c:\windows\system32\guard32.dll

2010-02-13 09:33:44 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2010-02-13 09:33:44 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2010-02-02 09:47:37 9040 ----a-w- c:\windows\system32\drivers\rdpdispm.sys

2010-02-02 09:47:37 118736 ----a-w- c:\windows\system32\rdpdispd.dll

2010-01-28 15:16:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-01-21 23:21:07 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-01-21 23:21:07 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-01-21 23:21:06 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-01-21 23:21:05 767952 ----a-w- c:\windows\BDTSupport.dll

2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll

2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 9:16:47.44 ===============

F-Secure Online Scanner results-it detected 5 malwares.3 malwares couldn't be disinfected ,so i uninstalled the infected program files n ran again a full scan which didn't detect any malwares.Before I started my first post in this forum,i have tried to use f secure online scanner but it wouldn't install.it kept showing errors.I am very glad it worked this time.thank you.BTW,i doubt that this particular virus is the one responsible as I installed the infected program about 4-5 months after the attack started.Also, I noticed some of my downloads which was previously clean,occasionally gets infected with Trojan.agent.I remove them using Malwarebytes.This has happened about 2 times until now.

Scanning Report

Tuesday, March 23, 2010 19:36:48 - 20:40:50

Computer name: DIVINEGIFT7

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ D:\

5 malware found

TrackingCookie.Atdmt (spyware)

* System (Disinfected)

Suspicious:W32/Malware!Gemini (spyware)

* System (Disinfected)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\TROJANHUNTER 5.2\INSTALLLICENSE.EXE (Not cleaned)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\TROJANHUNTER 5.2\TOOLS\LIVEUPDATE\LIVEUPDATE.EXE (Not cleaned)

Suspicious:W32/Malware!Gemini (virus)

* C:\PROGRAM FILES\TROJANHUNTER 5.2\SUBMITFILES\SUBMITFILES.EXE (Not cleaned)

Statistics

Scanned:

* Files: 46616

* System: 5015

* Not scanned: 28

Actions:

* Disinfected: 2

* Renamed: 0

* Deleted: 0

* Not cleaned: 3

* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS

* C:\HIBERFIL.SYS

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* C:\WINDOWS\SYSTEM32\CONFIG\SAM

* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT

* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE

* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM

* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY

* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB

* C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB

* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM

* C:\USERS\DHARMAMAYACHANDRAHAS\APPDATA\LOCAL\TEMP\HSPERFDATA_DHARMAMAYACHANDRAHAS\1636

* C:\USERS\DHARMAMAYACHANDRAHAS\APPDATA\LOCAL\TEMP\HSPERFDATA_DHARMAMAYACHANDRAHAS\5120

* C:\USERS\ALL USERS\MICROSOFT\WINDOWS DEFENDER\SCANS\HISTORY\CACHEMANAGER\MPSFC.BIN

* C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\21CBD9B66C86B946DE5470B76FBFADE2_AB88ECD7-3D5B-475D-97A1-9B54BE76B847

* C:\SYSTEM VOLUME INFORMATION\{0363A27B-34CF-11DF-BDE7-001AA0FF77D3}{3808876B-C176-4E48-B7AE-04046E6CC752}

* C:\SYSTEM VOLUME INFORMATION\{19D1C37A-34F7-11DF-9BE6-001AA0FF77D3}{3808876B-C176-4E48-B7AE-04046E6CC752}

* C:\SYSTEM VOLUME INFORMATION\{92BF54E3-34AC-11DF-92FE-001AA0FF77D3}{3808876B-C176-4E48-B7AE-04046E6CC752}

* C:\SYSTEM VOLUME INFORMATION\{92BF54FD-34AC-11DF-92FE-001AA0FF77D3}{3808876B-C176-4E48-B7AE-04046E6CC752}

* C:\SYSTEM VOLUME INFORMATION\{B7BBB574-3423-11DF-9996-001AA0FF77D3}{3808876B-C176-4E48-B7AE-04046E6CC752}

* C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}

* C:\SYSTEM VOLUME INFORMATION\{B7BBB5B3-3423-11DF-9996-001AA0FF77D3}{3808876B-C176-4E48-B7AE-04046E6CC752}

* C:\SYSTEM VOLUME INFORMATION\{711A03DC-359D-11DF-8B08-001AA0FF77D3}{3808876B-C176-4E48-B7AE-04046E6CC752}

* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\21CBD9B66C86B946DE5470B76FBFADE2_AB88ECD7-3D5B-475D-97A1-9B54BE76B847

* C:\BOOT\BCD

Security Check

Results of screen317's Security Check version 0.99.2

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET NOD32 Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

COMODO System - Cleaner

Java 6 Update 18

Adobe Flash Player 10

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

ThreatFire TFTray.exe

ThreatFire TFService.exe

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

DHARMA~1 AppData Local Temp\OnlineScanner\Anti-Virus\fsgk32.exe

DHARMA~1 AppData Local Temp\OnlineScanner\Anti-Virus\fssm32.exe

DharmaMayaChandrahas AppData Local temp\fsonlinescanner.exe

````````````````````````````````

DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

Please do continue to guide me through.I am very thankful for your help.Although the malware attack is still on,atleast it weeded out 5 malwares which was not able to be detected by several online scanners n my very own programs.

Regards,

drec

[screen317]

Hi,

My apologies for the delay.

Please delete your copy of ComboFix, grab a fresh copy, run it, and post its log.

Next, update MBAM, run a Quick Scan, and post its log.

What indication do you have that you're still infected?

[drec]

Hi,

My apologies for the delay.

Please delete your copy of ComboFix, grab a fresh copy, run it, and post its log.

Next, update MBAM, run a Quick Scan, and post its log.

What indication do you have that you're still infected?

Hi,

It's ok.

There is a set of multimedia buttons called mediadirect buttons which lights up everytime the attack starts.This even takes place before the 'desktop' is loaded after pressing the power button.The rest of the indications are similar as described in the first post.It has completely disabled my number keys.the attack still goes on though the intensity of the attack has decreased.multiple windows,programs executing by itself are the indications.also,automatic filling up of 'forms' with numbers.I have transferred files from this very laptop to numerous friends but none of them ever got infected with similar virus.

combofix logs n mbam logs are as below-

ComboFix 10-03-28.03 - DharmaMayaChandrahas 03/29/2010 20:11:56.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1119 [GMT 8:00]

Running from: c:\users\DharmaMayaChandrahas\Downloads\ComboFix.exe

* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-29 )))))))))))))))))))))))))))))))

.

2010-03-29 12:39 . 2010-03-29 12:39 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Local\temp

2010-03-29 12:39 . 2010-03-29 12:39 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-03-29 12:39 . 2010-03-29 12:39 -------- d-----w- c:\users\Guest\AppData\Local\temp

2010-03-29 12:39 . 2010-03-29 12:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-03-24 02:00 . 2010-03-24 02:08 -------- d-----w- c:\programdata\Comodo

2010-03-24 02:00 . 2010-03-24 01:59 171552 ----a-w- c:\windows\system32\guard32.dll

2010-03-24 02:00 . 2010-03-24 01:59 74328 ----a-w- c:\windows\system32\drivers\inspect.sys

2010-03-24 02:00 . 2010-03-24 01:59 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2010-03-24 02:00 . 2010-03-24 01:59 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2010-03-23 11:16 . 2010-03-23 11:16 -------- d-----w- c:\programdata\F-Secure

2010-03-21 08:51 . 2010-03-21 08:51 -------- d-----w- c:\program files\GiPo@Utilities

2010-03-21 08:51 . 2010-03-21 08:51 -------- d-----w- c:\program files\Common Files\Gibinsoft Shared

2010-03-14 15:39 . 2010-03-14 15:39 -------- d-----w- c:\program files\Common Files\Skype

2010-03-14 09:50 . 2010-03-27 01:05 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\skypePM

2010-03-14 09:46 . 2010-03-27 03:00 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Skype

2010-03-14 09:46 . 2010-03-14 15:39 -------- d-----r- c:\program files\Skype

2010-03-14 09:46 . 2010-03-14 15:39 -------- d-----w- c:\programdata\Skype

2010-03-14 04:33 . 2009-12-07 01:49 17664 ----a-w- c:\windows\system32\drivers\EnumProcessesDriver.sys

2010-03-13 03:14 . 2004-09-10 12:12 49152 ----a-w- c:\windows\system32\E_DCINST.DLL

2010-03-13 03:14 . 2007-12-06 18:08 86528 ----a-w- c:\windows\system32\E_FLBCAP.DLL

2010-03-13 03:14 . 2007-12-06 18:01 78848 ----a-w- c:\windows\system32\E_FD4BCAP.DLL

2010-03-13 02:21 . 2007-01-11 04:02 113664 ----a-w- c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE

2010-03-13 02:21 . 2010-03-13 03:14 -------- d-----w- c:\programdata\EPSON

2010-03-13 02:18 . 2010-03-13 02:19 -------- d-----w- c:\program files\epson

2010-03-13 02:17 . 2006-12-27 16:00 66560 ----a-w- c:\windows\system32\eswia7e.dll

2010-03-13 02:17 . 2006-12-27 16:00 208896 ----a-w- c:\windows\system32\esint7e.dll

2010-03-13 02:17 . 2006-03-09 16:00 3584 ----a-w- c:\windows\system32\eswiaml.dll

2010-03-11 05:19 . 2010-03-11 05:19 108824 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT

2010-03-05 14:11 . 2010-03-07 04:40 -------- d-----w- c:\program files\Process Lasso

2010-03-05 14:11 . 2010-03-05 14:11 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\ProcessLasso

2010-03-01 12:23 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-03-01 12:23 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll

2010-03-01 12:23 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll

2010-03-01 12:23 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-27 06:15 . 2010-02-04 14:02 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\TeraCopy

2010-03-26 09:46 . 2010-01-28 14:05 -------- d-----w- c:\programdata\Microsoft Help

2010-03-24 13:20 . 2010-01-28 14:50 -------- d-----w- c:\program files\SPlayer

2010-03-24 01:59 . 2010-01-28 13:48 -------- d-----w- c:\program files\COMODO

2010-03-18 10:42 . 2010-01-28 16:45 -------- d-----w- c:\program files\SpywareBlaster

2010-03-14 09:50 . 2010-03-14 09:50 56 ---ha-w- c:\programdata\ezsidmv.dat

2010-03-14 09:45 . 2010-01-28 14:11 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Orbit

2010-03-14 05:03 . 2010-02-19 12:21 -------- d-----w- c:\program files\PeerBlock

2010-02-27 17:02 . 2010-02-25 10:57 -------- d-----w- c:\program files\Anti Trojan Elite

2010-02-24 02:16 . 2010-01-28 14:17 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-23 15:51 . 2010-02-14 13:19 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-02-21 10:14 . 2010-02-15 07:32 -------- d-----w- c:\program files\Trojan Remover

2010-02-21 09:31 . 2010-02-16 13:47 -------- d-----w- c:\programdata\Lavasoft

2010-02-20 17:34 . 2010-02-14 16:23 -------- d-----w- c:\program files\ThreatFire

2010-02-20 05:32 . 2010-02-20 05:32 -------- d-----w- c:\program files\VirusTotalUploader2

2010-02-19 10:47 . 2010-01-28 14:11 -------- d-----w- c:\program files\Orbitdownloader

2010-02-19 10:47 . 2010-02-17 18:52 -------- d-----w- c:\program files\PeerGuardian2

2010-02-18 13:07 . 2010-01-28 14:12 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\GrabPro

2010-02-17 06:14 . 2010-02-16 13:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-16 13:45 . 2010-02-13 14:41 -------- d-----w- c:\program files\Spyware Doctor

2010-02-15 10:29 . 2010-02-15 10:29 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\TrojanHunter

2010-02-14 16:23 . 2010-02-13 14:41 -------- d-----w- c:\programdata\PC Tools

2010-02-14 13:19 . 2010-02-14 13:18 -------- d-----w- c:\programdata\Hitman Pro

2010-02-14 13:17 . 2010-02-14 13:17 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-02-14 12:18 . 2010-02-14 12:18 -------- d-----w- c:\program files\Common Files\Java

2010-02-14 12:17 . 2010-02-17 05:56 651776 ----a-w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Mozilla\Firefox\Profiles\t48y4nd2.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

2010-02-14 12:17 . 2010-02-14 12:17 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-14 12:17 . 2010-02-14 12:17 -------- d-----w- c:\program files\Java

2010-02-13 14:58 . 2010-02-13 14:41 -------- d-----w- c:\program files\Common Files\PC Tools

2010-02-13 14:41 . 2010-02-13 14:41 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\PC Tools

2010-02-13 12:59 . 2010-02-12 16:47 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\.anki

2010-02-13 05:55 . 2010-02-05 12:44 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-02-13 05:55 . 2010-03-11 05:13 38784 ----a-w- c:\users\Guest\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-02-13 05:55 . 2010-02-05 12:44 38784 ----a-w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-02-13 05:55 . 2010-02-05 12:44 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-02-12 16:41 . 2010-02-12 16:40 -------- d-----w- c:\program files\Anki

2010-02-12 13:54 . 2010-01-28 16:17 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Uniblue

2010-02-11 10:26 . 2010-02-02 11:49 -------- d-----w- c:\program files\Microsoft Silverlight

2010-02-08 12:14 . 2010-02-08 12:14 -------- d-----w- c:\program files\Panda Security

2010-02-05 13:09 . 2010-02-05 13:09 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-02-05 12:45 . 2010-02-05 12:45 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Snippage.B28FB424FD6880E47B18D7D649F6CC93BDE9B29B.1

2010-02-04 15:46 . 2010-02-04 15:46 9624 ----a-w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Microsoft\IdentityCRL\production\WLIDClientConfig.dll

2010-02-04 15:45 . 2010-02-04 15:45 -------- d-----w- c:\program files\SkyDrive Explorer

2010-02-04 14:02 . 2010-02-04 14:02 -------- d-----w- c:\program files\TeraCopy

2010-02-04 14:01 . 2010-02-04 13:55 -------- d-----w- c:\program files\QT Lite

2010-02-04 13:59 . 2010-02-04 13:59 -------- d-----w- c:\program files\Real Alternative

2010-02-04 13:55 . 2010-02-04 13:55 -------- d-----w- c:\programdata\Apple Computer

2010-02-04 12:47 . 2010-02-02 09:37 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\QuickScan

2010-02-03 11:08 . 2010-01-30 10:12 -------- d-----w- c:\program files\HSPA USB MODEM

2010-02-03 10:14 . 2010-01-28 16:07 108824 ----a-w- c:\users\DharmaMayaChandrahas\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-03 10:00 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild

2010-02-03 09:59 . 2010-02-03 09:59 -------- d-----w- c:\program files\Microsoft Synchronization Services

2010-02-03 09:58 . 2010-02-03 09:58 -------- d-----w- c:\program files\Microsoft.NET

2010-02-03 09:58 . 2010-02-03 09:58 -------- d-----w- c:\program files\Microsoft Sync Framework

2010-02-03 09:58 . 2010-02-03 09:58 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-02-03 09:57 . 2010-02-03 09:57 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2010-02-03 09:56 . 2010-02-03 09:56 -------- d-----w- c:\program files\Microsoft Analysis Services

2010-02-02 13:46 . 2010-02-02 13:46 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\ComodoGroup

2010-02-02 09:47 . 2010-02-02 09:47 9040 ----a-w- c:\windows\system32\drivers\rdpdispm.sys

2010-02-02 09:47 . 2010-02-02 09:47 118736 ----a-w- c:\windows\system32\rdpdispd.dll

2010-02-02 09:47 . 2010-02-02 09:47 -------- d-----w- c:\program files\Live Mesh

2010-01-28 17:05 . 2010-01-28 17:05 -------- d-----w- c:\program files\WIDCOMM

2010-01-28 17:02 . 2010-01-28 17:02 -------- d-----w- c:\program files\Microsoft

2010-01-28 17:02 . 2010-01-28 16:57 -------- d-----w- c:\program files\Windows Live

2010-01-28 16:58 . 2010-01-28 16:58 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-01-28 16:53 . 2010-01-28 16:53 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-28 16:53 . 2010-01-28 16:53 -------- d-----w- c:\program files\SigmaTel

2010-01-28 16:53 . 2010-01-28 16:53 -------- d-----w- c:\program files\Common Files\InstallShield

2010-01-28 16:25 . 2010-01-28 16:24 -------- d-----w- c:\program files\CCleaner

2010-01-28 16:13 . 2010-01-28 16:13 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\SPlayer

2010-01-28 16:07 . 2010-01-28 16:07 -------- d-----w- c:\program files\Common Files\Windows Live

2010-01-28 15:16 . 2010-01-28 15:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-01-28 15:14 . 2010-01-28 15:14 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Foxit

2010-01-28 15:13 . 2010-01-28 15:13 -------- d-----w- c:\program files\Foxit Software

2010-01-28 15:09 . 2010-01-28 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-28 15:07 . 2010-01-28 15:07 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-28 15:03 . 2010-01-28 15:03 -------- d-----w- c:\users\DharmaMayaChandrahas\AppData\Roaming\Malwarebytes

2010-01-28 15:03 . 2010-01-28 15:03 -------- d-----w- c:\programdata\Malwarebytes

2010-01-28 14:35 . 2010-01-28 14:35 -------- d-----w- c:\program files\Intel

2010-01-28 14:30 . 2010-01-28 14:30 -------- d-----w- c:\program files\ESET

2010-01-28 14:17 . 2010-01-28 14:17 -------- d-----w- c:\program files\Sandboxie

2010-01-21 23:21 . 2010-02-13 14:57 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-01-21 23:21 . 2010-02-13 14:57 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-01-21 23:21 . 2010-02-13 14:57 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-01-21 23:21 . 2010-02-13 14:57 767952 ----a-w- c:\windows\BDTSupport.dll

2010-01-18 23:29 . 2010-02-10 11:53 365568 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-18 23:29 . 2010-02-10 11:53 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-18 23:29 . 2010-02-10 11:53 85504 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-18 23:29 . 2010-02-10 11:53 369152 ----a-w- c:\windows\system32\secproc.dll

2010-01-18 23:28 . 2010-02-10 11:53 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-18 23:28 . 2010-02-10 11:53 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-18 23:28 . 2010-02-10 11:53 320512 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-18 23:28 . 2010-02-10 11:53 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-14 08:08 . 2010-02-14 16:31 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys

2010-01-14 08:08 . 2010-02-14 16:31 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys

2010-01-14 08:08 . 2010-02-14 16:31 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys

2010-01-08 03:18 . 2010-02-10 11:53 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-01-08 03:17 . 2010-02-10 11:53 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-01-07 08:07 . 2010-01-28 15:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 08:07 . 2010-01-28 15:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

2009-11-03 13:12 556432 ----a-w- c:\progra~1\MICROS~4\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"MoeMonitor.exe"="c:\users\DharmaMayaChandrahas\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe" [2010-02-02 1315152]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-27 1529432]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

"ProcessLassoManagementConsole"="c:\program files\Process Lasso\processlasso.exe" [2010-02-03 401424]

"ProcessGovernor"="c:\program files\Process Lasso\processgovernor.exe" [2010-02-03 230416]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-03-24 1800464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^DharmaMayaChandrahas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]

path=c:\users\DharmaMayaChandrahas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 07:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]

2010-01-14 08:08 378128 ----a-w- c:\program files\ThreatFire\TFTray.exe

R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [x]

R3 EnumProcessesDriver;EnumProcessesDriver;c:\windows\system32\drivers\EnumProcessesDriver.sys [2009-12-07 17664]

R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\DHARMA~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-25 4639136]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-27 16472]

R3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2009-05-25 103552]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-09 207792]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-03-24 130960]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-03-24 29520]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-02-17 95024]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]

S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]

S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]

S2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [2010-02-02 44880]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-01-07 19160]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-02-02 9040]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]

.

Contents of the 'Scheduled Tasks' folder

2010-03-26 c:\windows\Tasks\COMODO Registry Cleaner task.job

- c:\program files\COMODO\COMODO System-Cleaner\CSC.exe [2010-01-26 10:00]

2010-03-26 c:\windows\Tasks\COMODO System Cleaner Update.job

- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-26 08:28]

2010-03-22 c:\windows\Tasks\Malwarebytes' Scheduled Scan for DharmaMayaChandrahas.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-28 08:07]

2010-03-24 c:\windows\Tasks\Malwarebytes' Scheduled Update for DharmaMayaChandrahas.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-28 08:07]

.

.

------- Supplementary Scan -------

.

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\users\DharmaMayaChandrahas\AppData\Roaming\Mozilla\Firefox\Profiles\t48y4nd2.default\

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: c:\users\DharmaMayaChandrahas\AppData\Roaming\Mozilla\Firefox\Profiles\t48y4nd2.default\extensions\glasser@sixxgate.com\components\dwmxpcom.dll

FF - component: c:\users\DharmaMayaChandrahas\AppData\Roaming\Mozilla\Firefox\Profiles\t48y4nd2.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-THGuard - c:\program files\TrojanHunter 5.2\THGuard.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]

"AlternateImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)

c:\windows\System32\guard32.dll

c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'lsass.exe'(564)

c:\windows\System32\guard32.dll

c:\program files\ThreatFire\TFWAH.dll

c:\windows\system32\IPHLPAPI.DLL

c:\windows\system32\WINNSI.DLL

.

Completion time: 2010-03-29 20:49:57

ComboFix-quarantined-files.txt 2010-03-29 12:49

ComboFix2.txt 2010-03-22 16:22

ComboFix3.txt 2010-03-20 10:34

Pre-Run: 56,616,439,808 bytes free

Post-Run: 56,518,569,984 bytes free

- - End Of File - - 977E8011E7CBAEF40CDA7A1649F0399F

Malwarebytes' Anti-Malware 1.44

Database version: 3926

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

3/29/2010 9:34:55 PM

mbam-log-2010-03-29 (21-34-55).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 218265

Time elapsed: 42 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[screen317]

Hi,

Please run a GMER Rootkit scan:

Download GMER's application from here:

http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe

Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.

This will copy the results to your clipboard.

Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

Also, please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

See if the strange behavior still occurs in Safe Mode.

-screen317

[drec]

Hi,

Please run a GMER Rootkit scan:

Download GMER's application from here:

http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe

Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.

This will copy the results to your clipboard.

Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

Also, please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

See if the strange behavior still occurs in Safe Mode.

-screen317

Hi,

I couldn't post the results ,so I have attached it as a compressed file.it says,post is too long.The 'show all' tab was unticked and blurred.I did not change any settings.....perhaps it was from previous changes in settings.

I need another two or three days to make sure the attack does not take place again.There has been times when the attack stops upto two weeks before starting again,especially after heavy cleanup and scanning via online virus scanners.I'll post again in three days time. Thank you for your valuable time.

gmer.zip

[screen317]

Hi,

For sake of thoroughness, could you please completely disable Comodo and run GMER again? The report shouldn't be so long this time. You can re-enable Comodo when the scan finishes.

[drec]

Hi,

For sake of thoroughness, could you please completely disable Comodo and run GMER again? The report shouldn't be so long this time. You can re-enable Comodo when the scan finishes.

Hi,

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-04-03 18:50:15

Windows 6.1.7600

Running: gmer.exe; Driver: C:\Users\DHARMA~1\AppData\Local\Temp\pxtiqpog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8D83DF8E]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8D83EF5C]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8D83E174]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8D83D3FA]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8D83DBF4]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8D83D2DC]

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x88C3BCDE]

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x88C3BED0]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8D83DA82]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8D83EC16]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8D83CEA2]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8D83E280]

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x88C3C0D8]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x8D83CCD4]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8D83E898]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8D83D67E]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8D83DDD0]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x8D83CA04]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8D83D90E]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x8D83CB7C]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8D83F3C6]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8D83E634]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8D83EA46]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8D83D618]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8D83D802]

SSDT \SystemRoot\system32\drivers\TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0x88C81B30]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8D83D074]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2FAF8

INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2F104

INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2F3F4

INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E182D8

INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E17898

INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2F1DC

INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2F958

INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2F6F8

INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2FF2C

INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E301A8

Code 964D7B0C ZwTraceEvent

Code 964D7B0B NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!NtTraceEvent 82E7EE24 5 Bytes JMP 964D7B10

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E8F5C9 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB4052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!RtlSidHashLookup + 250 82EBB850 4 Bytes [8E, DF, 83, 8D]

.text ntkrnlpa.exe!RtlSidHashLookup + 278 82EBB878 8 Bytes [5C, EF, 83, 8D, 74, E1, 83, ...]

.text ntkrnlpa.exe!RtlSidHashLookup + 30C 82EBB90C 4 Bytes [FA, D3, 83, 8D]

.text ntkrnlpa.exe!RtlSidHashLookup + 328 82EBB928 4 Bytes [F4, DB, 83, 8D]

.text ntkrnlpa.exe!RtlSidHashLookup + 354 82EBB954 4 Bytes [DC, D2, 83, 8D]

.text ...

PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 830C10A5 5 Bytes JMP 964D7CF0

PAGE ntkrnlpa.exe!NtRequestPort + 2 830D6D33 5 Bytes JMP 964D7BB0

.text win32k.sys!XFORMOBJ_iGetXform + 331A 946F4C57 5 Bytes JMP 964D7610

.text win32k.sys!PATHOBJ_bEnum + 7A2F 9471782E 5 Bytes JMP 964D76B0

.text win32k.sys!PATHOBJ_bEnum + 8714 94718513 5 Bytes JMP 964D7890

.text win32k.sys!EngCreateSemaphore + CB9F 9473638F 5 Bytes JMP 964D7930

.text win32k.sys!EngCreateSemaphore + CEDB 947366CB 5 Bytes JMP 964D7570

.text win32k.sys!EngCopyBits + 1F22 947389B4 5 Bytes JMP 964D74D0

.text win32k.sys!EngBitBlt + 23D2 9474179D 5 Bytes JMP 964D7430

.text win32k.sys!EngLpkInstalled + 6119 94757842 5 Bytes JMP 964D79D0

.text win32k.sys!PATHOBJ_vGetBounds + EB7 947D5C81 5 Bytes JMP 964D77F0

.text win32k.sys!EngCTGetCurrentGamma + 1C7A 947D9C9C 5 Bytes JMP 964D7750

.text win32k.sys!CLIPOBJ_cEnumStart + 6CE0 947E55A5 5 Bytes JMP 964D7A70

.text peauth.sys 97419C9D 28 Bytes [DE, A6, 55, B4, 28, 52, 4A, ...]

.text peauth.sys 97419CC1 28 Bytes [DE, A6, 55, B4, 28, 52, 4A, ...]

PAGE peauth.sys 9741FB9B 72 Bytes JMP 0E1DF457

PAGE peauth.sys 9741FBEC 111 Bytes [67, 3B, E6, 3C, 79, 7C, FD, ...]

PAGE peauth.sys 9742002C 102 Bytes [81, 7B, F6, B2, 65, 97, D2, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[352] ntdll.dll!LdrLoadDll 777CF585 5 Bytes JMP 012413F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[852] ntdll.dll!NtAllocateVirtualMemory 777B4720 5 Bytes JMP 0040FD50 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1828] kernel32.dll!SetUnhandledExceptionFilter 76073162 4 Bytes [C2, 04, 00, 00]

.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] ntdll.dll!NtAllocateVirtualMemory 777B4720 5 Bytes JMP 0050E060 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1796] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75885E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1796] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75885E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1796] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75885E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1796] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75885E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1796] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75885E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74292494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74275624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742756E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7429250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74288573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74284D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742850CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742851A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [742866D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [742882CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74288819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7428907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7428E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74284C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [006181D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00617B70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [006182B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00618260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00618340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00618210] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [006172F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!RegisterClassA] [00617C00] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!RegisterClassW] [00617CC0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetSysColor] [006172A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcW] [00617760] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcA] [006176D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetSystemMetrics] [00617D80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00618260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00618340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [006181D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [00618210] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetSysColorBrush] [00617330] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!DrawFrameControl] [00618130] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!DrawEdge] [00618110] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetScrollInfo] [00617520] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!SystemParametersInfoW] [00617EA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!AdjustWindowRectEx] [00617FB0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!SetScrollInfo] [00617410] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!CallWindowProcW] [00617590] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!SetScrollPos] [00617380] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetSysColor] [006172A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!RegisterClassW] [00617CC0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!FillRect] [006180C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!DefWindowProcW] [00617760] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetSystemMetrics] [00617D80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!DeleteObject] [006172F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [006181D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [006172F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\ole32.dll [uSER32.dll!CallWindowProcW] [00617590] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\ole32.dll [uSER32.dll!GetSysColor] [006172A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\ole32.dll [uSER32.dll!GetSystemMetrics] [00617D80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\ole32.dll [uSER32.dll!SystemParametersInfoW] [00617EA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\ole32.dll [uSER32.dll!RegisterClassW] [00617CC0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\ole32.dll [uSER32.dll!DefWindowProcW] [00617760] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [006181D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00618260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00618210] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00618190] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3144] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00618340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3156] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75885E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3156] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75885E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3156] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75885E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3156] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75885E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3156] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75885E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3156] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75885E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3156] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75885E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001c26f24c94

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001c26f24c94 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

[screen317]

Hi,

Things look fine from here. Go ahead and delete GMER and SecurityCheck.

Click Start --> Run

Copy and paste the following text into the box that appears.

ComboFix /Uninstall

Note: The space between x and / is needed.

Press Enter. This uninstalls all of ComboFix's components.

Restart your computer and let me know what issues remain.

-screen317

[drec]

Hi,

Things look fine from here. Go ahead and delete GMER and SecurityCheck.

Click Start --> Run

Copy and paste the following text into the box that appears.

ComboFix /Uninstall

Note: The space between x and / is needed.

Press Enter. This uninstalls all of ComboFix's components.

Restart your computer and let me know what issues remain.

-screen317

I did all that and the issue still remains.I then reformatted about three times,the third time,i recreated the partitions after reformatting.But,the virus is still here.What am I to do?

Sorry for the late reply,been busy.

Thanks for all the help.

Regards,

drec

[screen317]

Please describe in detail what symptoms you are experiencing and why you think it is malware.

it also executes programs which i use most frequently such as Firefox & so on.It keeps opening up multiple firefox windows till my laptop slows down.It also diabled several keys from my keyboard.most of the numbers can't be typed.it also changed the the keyboard in such a way that when i press certain letters,windows minimize,my laptop gets locked,shows desktop n so on.whenever the cursor is on a typeable 'box'it types out by itself.usually''7890' or '77777777777777777777777' continously.

How old is this keyboard? Does the issue persist when using another keyboard?

Does the issue exist when disconnected from the Internet?

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!