Most Of the settings turn to default on restart

[nishanth13]

Hi i have malware bytes and kaspersky installed on my system but even then regularly profiles in firefox gets infected even though i use noscript & adblock plus addons . Any change i do to desktop and any application turned to default on restart . I am the admin and i have disabled UAC to get complete admin privileges .

Some one please look into the logs i have created . using dds and combo fix .

DDS Log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Nishanth at 0:09:24 on 2011-10-26

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3199.2286 [GMT 5.5:30]

.

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\KeyFocus\KFSensor\bin\kfsnserv.exe

C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\vmnat.exe

C:\Windows\system32\vmnetdhcp.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\KeyFocus\KFSensor\bin\kfsensmonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = 98.142.212.181:53269

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GR469A~1.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"

mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [KFSensor] c:\program files\keyfocus\kfsensor\bin\kfsensmonitor.exe -s

mRun: [AntiLogger] "c:\program files\antilogger\AntiLogger.exe" /minimized

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\24onli~1.lnk - c:\program files\elitecore\cyberoam client for 24online\CyberoamClient.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll

LSP: c:\program files\vmware\vmware workstation\vsocklib.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 10.100.118.1 202.65.156.10 202.65.128.251

TCP: Interfaces\{509F0F05-CB06-4A38-85F1-B1D7A5D7E88B} : DhcpNameServer = 10.100.118.1 202.65.156.10 202.65.128.251

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GRA32A~1.DLL

Notify: klogon - c:\windows\system32\klogon.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GR469A~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\nishanth\appdata\roaming\mozilla\firefox\profiles\jqfjr55y.default\

FF - prefs.js: network.proxy.ftp - 222.166.170.32

FF - prefs.js: network.proxy.ftp_port - 8909

FF - prefs.js: network.proxy.http - 222.166.170.32

FF - prefs.js: network.proxy.http_port - 8909

FF - prefs.js: network.proxy.socks - 222.166.170.32

FF - prefs.js: network.proxy.socks_port - 8909

FF - prefs.js: network.proxy.ssl - 222.166.170.32

FF - prefs.js: network.proxy.ssl_port - 8909

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AntiLog32;AntiLog32;c:\program files\antilogger\AntiLog32.sys [2011-10-19 56536]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-2-11 13696]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]

R2 KeyFocusSensor;KFSensor;c:\program files\keyfocus\kfsensor\bin\kfsnserv.exe [2010-11-10 1773568]

R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-10-15 439632]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-27 22712]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-10-22 122984]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-5-12 278560]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-5-12 30392]

S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-27 366640]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-3-25 539248]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-13 27192]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-8 52224]

.

=============== Created Last 30 ================

.

2011-10-25 18:28:34 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f501bb0e-2f21-41a7-ba83-e2a925d760f4}\offreg.dll

2011-10-25 18:24:40 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-25 18:24:39 -------- d-----w- c:\users\nishanth\appdata\local\temp

2011-10-25 18:18:11 98816 ----a-w- c:\windows\sed.exe

2011-10-25 18:18:11 518144 ----a-w- c:\windows\SWREG.exe

2011-10-25 18:18:11 256000 ----a-w- c:\windows\PEV.exe

2011-10-25 18:18:11 208896 ----a-w- c:\windows\MBR.exe

2011-10-25 18:18:08 -------- d-----w- C:\ComboFix

2011-10-22 06:35:12 26216 ----a-w- c:\windows\system32\nvhdap32.dll

2011-10-22 06:35:12 122984 ----a-w- c:\windows\system32\drivers\nvhda32v.sys

2011-10-22 06:34:04 -------- d-----w- c:\programdata\NVIDIA Corporation

2011-10-22 06:29:54 57960 ----a-w- c:\windows\system32\OpenCL.dll

2011-10-22 06:29:53 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll

2011-10-22 06:29:51 15047272 ----a-w- c:\windows\system32\nvoglv32.dll

2011-10-22 06:29:48 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-10-22 06:29:43 10078312 ----a-w- c:\windows\system32\nvd3dum.dll

2011-10-22 06:29:41 2895976 ----a-w- c:\windows\system32\nvcuvid.dll

2011-10-22 06:29:40 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-10-22 06:29:39 4941928 ----a-w- c:\windows\system32\nvcuda.dll

2011-10-22 06:29:09 13011560 ----a-w- c:\windows\system32\nvcompiler.dll

2011-10-22 06:29:06 1965672 ----a-w- c:\windows\system32\nvapi.dll

2011-10-21 11:52:18 -------- dc-h--w- c:\programdata\{74C839EA-2796-4223-8C11-81A29F465536}

2011-10-21 11:04:53 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f501bb0e-2f21-41a7-ba83-e2a925d760f4}\mpengine.dll

2011-10-20 16:04:54 -------- d-----w- c:\program files\Email Sender Deluxe

2011-10-18 19:08:54 -------- d-----w- c:\users\nishanth\appdata\roaming\GSplit

2011-10-14 19:21:59 -------- d-----w- c:\programdata\Trend Micro

2011-10-14 19:11:53 -------- d-----w- c:\program files\Trend Micro

2011-10-13 16:29:11 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 16:29:11 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 16:29:09 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-13 16:29:08 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 16:29:08 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-02 13:46:11 -------- d-----w- c:\program files\AntiLogger

2011-10-01 12:30:37 -------- d-----w- c:\program files\Article Marketing Robot

.

==================== Find3M ====================

.

2011-10-14 03:29:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-02 23:36:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-06 18:05:07 2949490 ----a-w- C:\hrefer3.7.exe

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-11 04:23:24 9466208 ----a-w- c:\users\nishanth\mbam-setup-1.51.1.1800.exe

2011-08-08 12:52:35 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-08-02 22:01:54 311912 ----a-w- c:\windows\system32\nvStreaming.exe

.

============= FINISH: 0:09:36.25 ===============

Attach .txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 05/12/2011 4:30:47 PM

System Uptime: 10/25/2011 11:57:57 PM (1 hours ago)

.

Motherboard: BIOSTAR Group | | TA880GB+

Processor: AMD Phenom II X6 1055T Processor | CPU 1 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 98 GiB total, 42.899 GiB free.

D: is FIXED (NTFS) - 98 GiB total, 86.176 GiB free.

E: is FIXED (NTFS) - 98 GiB total, 35.988 GiB free.

F: is FIXED (NTFS) - 98 GiB total, 70.39 GiB free.

G: is FIXED (NTFS) - 75 GiB total, 23.082 GiB free.

H: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: VMware Virtual Ethernet Adapter for VMnet1

Device ID: ROOT\VMWARE\0000

Manufacturer: VMware, Inc.

Name: VMware Virtual Ethernet Adapter for VMnet1

PNP Device ID: ROOT\VMWARE\0000

Service: VMnetAdapter

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: VMware Virtual Ethernet Adapter for VMnet8

Device ID: ROOT\VMWARE\0001

Manufacturer: VMware, Inc.

Name: VMware Virtual Ethernet Adapter for VMnet8

PNP Device ID: ROOT\VMWARE\0001

Service: VMnetAdapter

.

==== System Restore Points ===================

.

RP59: 10/20/2011 8:54:40 PM - Installed Java 6 Update 29

RP61: 10/20/2011 9:18:30 PM - Revo Uninstaller Pro's restore point - GSplit 3

RP62: 10/21/2011 4:51:24 PM - Windows Backup

RP64: 10/21/2011 5:07:34 PM - Revo Uninstaller Pro's restore point - KFSensor

RP66: 10/22/2011 1:51:04 AM - Revo Uninstaller Pro's restore point - VMware Workstation

RP68: 10/22/2011 12:00:28 PM - Removed NVIDIA 3D Vision Controller Driver

RP69: 10/25/2011 11:48:16 PM - ComboFix created restore point

.

==== Installed Programs ======================

.

µTorrent

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.6

AMD USB Filter Driver

AntiLogger

Article Marketing Robot

ATI Catalyst Install Manager

CCleaner

Cyberoam Client for 24Online

Email Sender Deluxe

IBP 11.9

Java Auto Updater

Java 6 Update 29

Kaspersky Internet Security 2012

KFSensor

Malwarebytes' Anti-Malware version 1.51.1.1800

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visio Viewer 2010

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 7.0.1 (x86 en-US)

Notepad++

NVIDIA 3D Vision Driver 266.58

NVIDIA Control Panel 266.58

NVIDIA Graphics Driver 266.58

NVIDIA HD Audio Driver 1.1.13.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

NVIDIA Stereoscopic 3D Driver

Proxy Goblin

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Revo Uninstaller Pro 2.5.3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

SEO PowerSuite

swMSM

tools-freebsd

tools-linux

tools-netware

tools-solaris

tools-windows

Trend Micro RUBotted 2.0 Beta

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update or Uninstall SENukeX

VirusTotal Uploader 2.0

VLC media player 1.1.11

VMware Workstation

WinPcap 4.1.1

WinRAR archiver

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

10/25/2011 9:24:42 PM, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.

10/25/2011 4:02:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

10/25/2011 4:02:31 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/25/2011 4:02:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/25/2011 4:02:11 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

10/25/2011 4:02:11 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

10/25/2011 11:58:15 PM, Error: Service Control Manager [7023] - The VMware USB Arbitration Service service terminated with the following error: A device attached to the system is not functioning.

10/25/2011 11:53:31 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

10/25/2011 10:10:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

10/25/2011 10:10:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/25/2011 10:10:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/25/2011 10:10:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/25/2011 10:10:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

10/25/2011 10:10:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/25/2011 10:10:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/25/2011 10:09:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BIOS CSC DfsC discache kl2 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl

10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/23/2011 12:29:31 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

10/22/2011 2:06:20 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024864

10/22/2011 2:06:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024864

10/22/2011 2:06:20 PM, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:5357. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.

10/22/2011 11:56:11 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

10/22/2011 11:56:11 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

10/22/2011 1:38:48 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x9312d6bc, 0x998e7b00, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102211-16629-01.

10/21/2011 9:52:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

.

==== End Of File ===========================

Combo fix log

ComboFix 11-10-25.03 - Nishanth 10/25/2011 23:49:40.2.6 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3199.2336 [GMT 5.5:30]

Running from: c:\users\Nishanth\Downloads\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Nishanth\AppData\Roaming\EurekaLog

c:\users\Nishanth\ComboFix.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-09-25 to 2011-10-25 )))))))))))))))))))))))))))))))

.

.

2011-10-25 18:00 . 2011-10-25 18:00 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F501BB0E-2F21-41A7-BA83-E2A925D760F4}\offreg.dll

2011-10-22 06:35 . 2011-10-25 18:00 -------- d-----w- c:\programdata\NVIDIA

2011-10-22 06:35 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll

2011-10-21 11:52 . 2011-10-21 11:52 -------- dc-h--w- c:\programdata\{74C839EA-2796-4223-8C11-81A29F465536}

2011-10-21 11:04 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F501BB0E-2F21-41A7-BA83-E2A925D760F4}\mpengine.dll

2011-10-20 16:04 . 2011-10-20 16:04 -------- d-----w- c:\program files\Email Sender Deluxe

2011-10-20 15:26 . 2011-10-20 15:26 -------- d-----w- c:\program files\Common Files\Java

2011-10-20 06:01 . 2011-10-20 06:01 -------- d-----w- c:\windows\Sun

2011-10-19 10:29 . 2011-10-19 10:29 -------- d-----w- c:\users\Administrator

2011-10-18 19:08 . 2011-10-20 15:48 -------- d-----w- c:\users\Nishanth\AppData\Roaming\GSplit

2011-10-14 19:21 . 2011-10-14 19:21 -------- d-----w- c:\programdata\Trend Micro

2011-10-14 19:11 . 2011-10-14 19:11 -------- d-----w- c:\program files\Trend Micro

2011-10-13 16:29 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 16:29 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 16:29 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-13 16:29 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 16:29 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-02 13:46 . 2011-10-21 11:52 -------- d-----w- c:\program files\AntiLogger

2011-10-01 12:30 . 2011-10-01 12:30 -------- d-----w- c:\program files\Article Marketing Robot

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-14 03:29 . 2011-05-12 17:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-02 23:36 . 2011-05-12 17:33 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-06 18:05 . 2011-09-06 18:05 2949490 ----a-w- C:\hrefer3.7.exe

2011-08-11 04:23 . 2011-08-11 04:23 9466208 ----a-w- c:\users\Nishanth\mbam-setup-1.51.1.1800.exe

2011-08-08 12:52 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-08-03 11:20 . 2011-08-03 11:20 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-08-03 11:20 . 2011-08-03 11:20 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-08-03 11:20 . 2011-08-03 11:20 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-08-03 11:20 . 2011-08-03 11:20 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-08-03 11:20 . 2011-08-03 11:20 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-08-03 11:20 . 2011-08-03 11:20 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-08-03 11:20 . 2011-08-03 11:20 367104 ----a-w- c:\windows\system32\html.iec

2011-08-03 11:20 . 2011-08-03 11:20 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-03 11:20 . 2011-08-03 11:20 161792 ----a-w- c:\windows\system32\msls31.dll

2011-08-03 11:20 . 2011-08-03 11:20 152064 ----a-w- c:\windows\system32\wextract.exe

2011-08-03 11:20 . 2011-08-03 11:20 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-08-03 11:20 . 2011-08-03 11:20 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-03 11:20 . 2011-08-03 11:20 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-08-03 11:20 . 2011-08-03 11:20 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-08-03 11:20 . 2011-08-03 11:20 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-08-03 11:20 . 2011-08-03 11:20 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-08-03 11:20 . 2011-08-03 11:20 11776 ----a-w- c:\windows\system32\mshta.exe

2011-08-03 11:20 . 2011-08-03 11:20 101888 ----a-w- c:\windows\system32\admparse.dll

2011-08-02 22:01 . 2011-08-02 22:01 311912 ----a-w- c:\windows\system32\nvStreaming.exe

2011-09-30 17:44 . 2011-08-02 11:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 9210400]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]

"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"KFSensor"="c:\program files\KeyFocus\KFSensor\bin\kfsensmonitor.exe" [2010-11-09 2818048]

"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2011-10-19 2962376]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

24Online Client.lnk - c:\program files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe [2003-12-17 245760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-26 19:17 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SEnukeX]

2011-09-22 04:41 11236352 ----a-w- c:\users\Nishanth\AppData\Local\SENukeX\SENuke.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]

2011-03-25 18:12 129648 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

S1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2011-10-19 56536]

S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-02-11 13696]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]

S2 KeyFocusSensor;KFSensor;c:\program files\KeyFocus\KFSensor\bin\kfsnserv.exe [2010-11-09 1773568]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]

S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-03-25 70768]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-21 30392]

.

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = 98.142.212.181:53269

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll

TCP: DhcpNameServer = 10.100.118.1 202.65.156.10 202.65.128.251

FF - ProfilePath - c:\users\Nishanth\AppData\Roaming\Mozilla\Firefox\Profiles\jqfjr55y.default\

FF - prefs.js: network.proxy.ftp - 222.166.170.32

FF - prefs.js: network.proxy.ftp_port - 8909

FF - prefs.js: network.proxy.http - 222.166.170.32

FF - prefs.js: network.proxy.http_port - 8909

FF - prefs.js: network.proxy.socks - 222.166.170.32

FF - prefs.js: network.proxy.socks_port - 8909

FF - prefs.js: network.proxy.ssl - 222.166.170.32

FF - prefs.js: network.proxy.ssl_port - 8909

FF - prefs.js: network.proxy.type - 0

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-10-25 23:54:37

ComboFix-quarantined-files.txt 2011-10-25 18:24

ComboFix2.txt 2011-08-11 04:11

.

Pre-Run: 46,181,732,352 bytes free

Post-Run: 45,995,184,128 bytes free

.

- - End Of File - - 75A820A1FB306974ECFDDCD2FCD7D896

Please Help

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!