Jump to content

nishanth13

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. nishanth13
    Hi i have malware bytes and kaspersky installed on my system but even then regularly profiles in firefox gets infected even though i use noscript & adblock plus addons . Any change i do to desktop and any application turned to default on restart . I am the admin and i have disabled UAC to get complete admin privileges . Some one please look into the logs i have created . using dds and combo fix . DDS Log . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Nishanth at 0:09:24 on 2011-10-26 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3199.2286 [GMT 5.5:30] . AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\KeyFocus\KFSensor\bin\kfsnserv.exe C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\vmnat.exe C:\Windows\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\KeyFocus\KFSensor\bin\kfsensmonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = 98.142.212.181:53269 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GR469A~1.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe" mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [KFSensor] c:\program files\keyfocus\kfsensor\bin\kfsensmonitor.exe -s mRun: [AntiLogger] "c:\program files\antilogger\AntiLogger.exe" /minimized StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\24onli~1.lnk - c:\program files\elitecore\cyberoam client for 24online\CyberoamClient.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll LSP: c:\program files\vmware\vmware workstation\vsocklib.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 10.100.118.1 202.65.156.10 202.65.128.251 TCP: Interfaces\{509F0F05-CB06-4A38-85F1-B1D7A5D7E88B} : DhcpNameServer = 10.100.118.1 202.65.156.10 202.65.128.251 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GRA32A~1.DLL Notify: klogon - c:\windows\system32\klogon.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GR469A~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\nishanth\appdata\roaming\mozilla\firefox\profiles\jqfjr55y.default\ FF - prefs.js: network.proxy.ftp - 222.166.170.32 FF - prefs.js: network.proxy.ftp_port - 8909 FF - prefs.js: network.proxy.http - 222.166.170.32 FF - prefs.js: network.proxy.http_port - 8909 FF - prefs.js: network.proxy.socks - 222.166.170.32 FF - prefs.js: network.proxy.socks_port - 8909 FF - prefs.js: network.proxy.ssl - 222.166.170.32 FF - prefs.js: network.proxy.ssl_port - 8909 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll . ============= SERVICES / DRIVERS =============== . R1 AntiLog32;AntiLog32;c:\program files\antilogger\AntiLog32.sys [2011-10-19 56536] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-2-11 13696] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856] R2 KeyFocusSensor;KFSensor;c:\program files\keyfocus\kfsensor\bin\kfsnserv.exe [2010-11-10 1773568] R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-10-15 439632] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-27 22712] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-10-22 122984] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-5-12 278560] R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-5-12 30392] S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-27 366640] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-3-25 539248] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-13 27192] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-8 52224] . =============== Created Last 30 ================ . 2011-10-25 18:28:34 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f501bb0e-2f21-41a7-ba83-e2a925d760f4}\offreg.dll 2011-10-25 18:24:40 -------- d-sh--w- C:\$RECYCLE.BIN 2011-10-25 18:24:39 -------- d-----w- c:\users\nishanth\appdata\local\temp 2011-10-25 18:18:11 98816 ----a-w- c:\windows\sed.exe 2011-10-25 18:18:11 518144 ----a-w- c:\windows\SWREG.exe 2011-10-25 18:18:11 256000 ----a-w- c:\windows\PEV.exe 2011-10-25 18:18:11 208896 ----a-w- c:\windows\MBR.exe 2011-10-25 18:18:08 -------- d-----w- C:\ComboFix 2011-10-22 06:35:12 26216 ----a-w- c:\windows\system32\nvhdap32.dll 2011-10-22 06:35:12 122984 ----a-w- c:\windows\system32\drivers\nvhda32v.sys 2011-10-22 06:34:04 -------- d-----w- c:\programdata\NVIDIA Corporation 2011-10-22 06:29:54 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-22 06:29:53 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-10-22 06:29:51 15047272 ----a-w- c:\windows\system32\nvoglv32.dll 2011-10-22 06:29:48 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-10-22 06:29:43 10078312 ----a-w- c:\windows\system32\nvd3dum.dll 2011-10-22 06:29:41 2895976 ----a-w- c:\windows\system32\nvcuvid.dll 2011-10-22 06:29:40 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-10-22 06:29:39 4941928 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-22 06:29:09 13011560 ----a-w- c:\windows\system32\nvcompiler.dll 2011-10-22 06:29:06 1965672 ----a-w- c:\windows\system32\nvapi.dll 2011-10-21 11:52:18 -------- dc-h--w- c:\programdata\{74C839EA-2796-4223-8C11-81A29F465536} 2011-10-21 11:04:53 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f501bb0e-2f21-41a7-ba83-e2a925d760f4}\mpengine.dll 2011-10-20 16:04:54 -------- d-----w- c:\program files\Email Sender Deluxe 2011-10-18 19:08:54 -------- d-----w- c:\users\nishanth\appdata\roaming\GSplit 2011-10-14 19:21:59 -------- d-----w- c:\programdata\Trend Micro 2011-10-14 19:11:53 -------- d-----w- c:\program files\Trend Micro 2011-10-13 16:29:11 75776 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 16:29:11 465408 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 16:29:09 2334720 ----a-w- c:\windows\system32\win32k.sys 2011-10-13 16:29:08 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 16:29:08 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-10-02 13:46:11 -------- d-----w- c:\program files\AntiLogger 2011-10-01 12:30:37 -------- d-----w- c:\program files\Article Marketing Robot . ==================== Find3M ==================== . 2011-10-14 03:29:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-02 23:36:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-09-06 18:05:07 2949490 ----a-w- C:\hrefer3.7.exe 2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-08-11 04:23:24 9466208 ----a-w- c:\users\nishanth\mbam-setup-1.51.1.1800.exe 2011-08-08 12:52:35 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-08-02 22:01:54 311912 ----a-w- c:\windows\system32\nvStreaming.exe . ============= FINISH: 0:09:36.25 =============== Attach .txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 05/12/2011 4:30:47 PM System Uptime: 10/25/2011 11:57:57 PM (1 hours ago) . Motherboard: BIOSTAR Group | | TA880GB+ Processor: AMD Phenom II X6 1055T Processor | CPU 1 | 2800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 98 GiB total, 42.899 GiB free. D: is FIXED (NTFS) - 98 GiB total, 86.176 GiB free. E: is FIXED (NTFS) - 98 GiB total, 35.988 GiB free. F: is FIXED (NTFS) - 98 GiB total, 70.39 GiB free. G: is FIXED (NTFS) - 75 GiB total, 23.082 GiB free. H: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VMware Virtual Ethernet Adapter for VMnet1 Device ID: ROOT\VMWARE\0000 Manufacturer: VMware, Inc. Name: VMware Virtual Ethernet Adapter for VMnet1 PNP Device ID: ROOT\VMWARE\0000 Service: VMnetAdapter . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VMware Virtual Ethernet Adapter for VMnet8 Device ID: ROOT\VMWARE\0001 Manufacturer: VMware, Inc. Name: VMware Virtual Ethernet Adapter for VMnet8 PNP Device ID: ROOT\VMWARE\0001 Service: VMnetAdapter . ==== System Restore Points =================== . RP59: 10/20/2011 8:54:40 PM - Installed Java 6 Update 29 RP61: 10/20/2011 9:18:30 PM - Revo Uninstaller Pro's restore point - GSplit 3 RP62: 10/21/2011 4:51:24 PM - Windows Backup RP64: 10/21/2011 5:07:34 PM - Revo Uninstaller Pro's restore point - KFSensor RP66: 10/22/2011 1:51:04 AM - Revo Uninstaller Pro's restore point - VMware Workstation RP68: 10/22/2011 12:00:28 PM - Removed NVIDIA 3D Vision Controller Driver RP69: 10/25/2011 11:48:16 PM - ComboFix created restore point . ==== Installed Programs ====================== . µTorrent Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.4.6 AMD USB Filter Driver AntiLogger Article Marketing Robot ATI Catalyst Install Manager CCleaner Cyberoam Client for 24Online Email Sender Deluxe IBP 11.9 Java Auto Updater Java 6 Update 29 Kaspersky Internet Security 2012 KFSensor Malwarebytes' Anti-Malware version 1.51.1.1800 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visio Viewer 2010 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox 7.0.1 (x86 en-US) Notepad++ NVIDIA 3D Vision Driver 266.58 NVIDIA Control Panel 266.58 NVIDIA Graphics Driver 266.58 NVIDIA HD Audio Driver 1.1.13.1 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.10.0514 NVIDIA Stereoscopic 3D Driver Proxy Goblin Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Revo Uninstaller Pro 2.5.3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) SEO PowerSuite swMSM tools-freebsd tools-linux tools-netware tools-solaris tools-windows Trend Micro RUBotted 2.0 Beta Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update or Uninstall SENukeX VirusTotal Uploader 2.0 VLC media player 1.1.11 VMware Workstation WinPcap 4.1.1 WinRAR archiver Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 10/25/2011 9:24:42 PM, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number. 10/25/2011 4:02:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 10/25/2011 4:02:31 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/25/2011 4:02:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/25/2011 4:02:11 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 10/25/2011 4:02:11 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 10/25/2011 11:58:15 PM, Error: Service Control Manager [7023] - The VMware USB Arbitration Service service terminated with the following error: A device attached to the system is not functioning. 10/25/2011 11:53:31 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 10/25/2011 10:10:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 10/25/2011 10:10:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/25/2011 10:10:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/25/2011 10:10:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 10/25/2011 10:10:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 10/25/2011 10:10:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/25/2011 10:10:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/25/2011 10:09:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BIOS CSC DfsC discache kl2 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl 10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/25/2011 10:09:54 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/23/2011 12:29:31 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 10/22/2011 2:06:20 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024864 10/22/2011 2:06:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024864 10/22/2011 2:06:20 PM, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:5357. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number. 10/22/2011 11:56:11 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 10/22/2011 11:56:11 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 10/22/2011 1:38:48 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x9312d6bc, 0x998e7b00, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102211-16629-01. 10/21/2011 9:52:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} . ==== End Of File =========================== Combo fix log ComboFix 11-10-25.03 - Nishanth 10/25/2011 23:49:40.2.6 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3199.2336 [GMT 5.5:30] Running from: c:\users\Nishanth\Downloads\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Nishanth\AppData\Roaming\EurekaLog c:\users\Nishanth\ComboFix.exe . . ((((((((((((((((((((((((( Files Created from 2011-09-25 to 2011-10-25 ))))))))))))))))))))))))))))))) . . 2011-10-25 18:00 . 2011-10-25 18:00 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F501BB0E-2F21-41A7-BA83-E2A925D760F4}\offreg.dll 2011-10-22 06:35 . 2011-10-25 18:00 -------- d-----w- c:\programdata\NVIDIA 2011-10-22 06:35 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll 2011-10-21 11:52 . 2011-10-21 11:52 -------- dc-h--w- c:\programdata\{74C839EA-2796-4223-8C11-81A29F465536} 2011-10-21 11:04 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F501BB0E-2F21-41A7-BA83-E2A925D760F4}\mpengine.dll 2011-10-20 16:04 . 2011-10-20 16:04 -------- d-----w- c:\program files\Email Sender Deluxe 2011-10-20 15:26 . 2011-10-20 15:26 -------- d-----w- c:\program files\Common Files\Java 2011-10-20 06:01 . 2011-10-20 06:01 -------- d-----w- c:\windows\Sun 2011-10-19 10:29 . 2011-10-19 10:29 -------- d-----w- c:\users\Administrator 2011-10-18 19:08 . 2011-10-20 15:48 -------- d-----w- c:\users\Nishanth\AppData\Roaming\GSplit 2011-10-14 19:21 . 2011-10-14 19:21 -------- d-----w- c:\programdata\Trend Micro 2011-10-14 19:11 . 2011-10-14 19:11 -------- d-----w- c:\program files\Trend Micro 2011-10-13 16:29 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 16:29 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 16:29 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys 2011-10-13 16:29 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 16:29 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-10-02 13:46 . 2011-10-21 11:52 -------- d-----w- c:\program files\AntiLogger 2011-10-01 12:30 . 2011-10-01 12:30 -------- d-----w- c:\program files\Article Marketing Robot . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-14 03:29 . 2011-05-12 17:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-02 23:36 . 2011-05-12 17:33 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-09-06 18:05 . 2011-09-06 18:05 2949490 ----a-w- C:\hrefer3.7.exe 2011-08-11 04:23 . 2011-08-11 04:23 9466208 ----a-w- c:\users\Nishanth\mbam-setup-1.51.1.1800.exe 2011-08-08 12:52 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-08-03 11:20 . 2011-08-03 11:20 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-08-03 11:20 . 2011-08-03 11:20 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-08-03 11:20 . 2011-08-03 11:20 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-08-03 11:20 . 2011-08-03 11:20 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-08-03 11:20 . 2011-08-03 11:20 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-08-03 11:20 . 2011-08-03 11:20 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-08-03 11:20 . 2011-08-03 11:20 367104 ----a-w- c:\windows\system32\html.iec 2011-08-03 11:20 . 2011-08-03 11:20 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-03 11:20 . 2011-08-03 11:20 161792 ----a-w- c:\windows\system32\msls31.dll 2011-08-03 11:20 . 2011-08-03 11:20 152064 ----a-w- c:\windows\system32\wextract.exe 2011-08-03 11:20 . 2011-08-03 11:20 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-08-03 11:20 . 2011-08-03 11:20 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-08-03 11:20 . 2011-08-03 11:20 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-08-03 11:20 . 2011-08-03 11:20 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-08-03 11:20 . 2011-08-03 11:20 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-08-03 11:20 . 2011-08-03 11:20 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-08-03 11:20 . 2011-08-03 11:20 11776 ----a-w- c:\windows\system32\mshta.exe 2011-08-03 11:20 . 2011-08-03 11:20 101888 ----a-w- c:\windows\system32\admparse.dll 2011-08-02 22:01 . 2011-08-02 22:01 311912 ----a-w- c:\windows\system32\nvStreaming.exe 2011-09-30 17:44 . 2011-08-02 11:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 9210400] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296] "Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "KFSensor"="c:\program files\KeyFocus\KFSensor\bin\kfsensmonitor.exe" [2010-11-09 2818048] "AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2011-10-19 2962376] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ 24Online Client.lnk - c:\program files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe [2003-12-17 245760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 19:17 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SEnukeX] 2011-09-22 04:41 11236352 ----a-w- c:\users\Nishanth\AppData\Local\SENukeX\SENuke.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray] 2011-03-25 18:12 129648 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] S1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2011-10-19 56536] S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-02-11 13696] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856] S2 KeyFocusSensor;KFSensor;c:\program files\KeyFocus\KFSensor\bin\kfsnserv.exe [2010-11-09 1773568] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704] S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-03-25 70768] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-21 30392] . . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = 98.142.212.181:53269 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll TCP: DhcpNameServer = 10.100.118.1 202.65.156.10 202.65.128.251 FF - ProfilePath - c:\users\Nishanth\AppData\Roaming\Mozilla\Firefox\Profiles\jqfjr55y.default\ FF - prefs.js: network.proxy.ftp - 222.166.170.32 FF - prefs.js: network.proxy.ftp_port - 8909 FF - prefs.js: network.proxy.http - 222.166.170.32 FF - prefs.js: network.proxy.http_port - 8909 FF - prefs.js: network.proxy.socks - 222.166.170.32 FF - prefs.js: network.proxy.socks_port - 8909 FF - prefs.js: network.proxy.ssl - 222.166.170.32 FF - prefs.js: network.proxy.ssl_port - 8909 FF - prefs.js: network.proxy.type - 0 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-10-25 23:54:37 ComboFix-quarantined-files.txt 2011-10-25 18:24 ComboFix2.txt 2011-08-11 04:11 . Pre-Run: 46,181,732,352 bytes free Post-Run: 45,995,184,128 bytes free . - - End Of File - - 75A820A1FB306974ECFDDCD2FCD7D896 Please Help
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.