Hi to everyone I'm new here!!!! Initially my problem started with no sound after reboot & internet disconnection after few minutes of reboot. Now since I turn windows audio service to automatic, sound related issue seems to be gone. I tried everything that I know from google searching like scanning with Malwarebyte's Ant-Malware, Trend-mico's HouseCall, Combofix etc. but the issue of taskbar color change due to which I loose my internet connection still exist:angry:
Here are all log reports:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:30 AM, on 11/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
D:\My IMP. Program files\Capture\Capture.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\fsproflt.exe
E:\Program Files\UGS\Imageware Licensing\12.00.000\bin\lmgrd.exe
E:\Program Files\UGS\Imageware Licensing\12.00.000\bin\iwlmd.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1978305
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Capture .NET] "D:\My IMP. Program files\Capture\Capture.exe"
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249759713703
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB49111A-80B5-405E-9E80-12F82DCD5FA6}: NameServer = 203.192.198.7,203.192.198.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\WINDOWS\system32\fsproflt.exe
O23 - Service: Imageware 12 License Manager - GLOBEtrotter Software Inc. - E:\Program Files\UGS\Imageware Licensing\12.00.000\bin\lmgrd.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: ZL - Unknown owner - C:\DOCUME~1\NAVNATH\LOCALS~1\Temp\ZL.exe (file missing)
--
End of file - 8835 bytes
ComboFix 09-11-04.02 - NAVNATH 11/05/2009 0:13.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1543 [GMT 5.5:30]
Running from: c:\documents and settings\NAVNATH\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091103-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents
C:\Recycle
c:\recycler\S-1-5-21-0306782404-0403296150-468932291-1673
c:\recycler\S-1-5-21-1690392628-9639070320-204829838-7964
c:\recycler\S-1-5-21-4340829974-8025113630-805332040-7178
c:\recycler\S-1-5-21-4404245323-2510926375-959924715-4889
c:\recycler\S-1-5-21-4526544003-9131078385-546885970-0446
c:\recycler\S-1-5-21-4642916222-7686821538-614090642-3753
c:\recycler\S-1-5-21-5504431452-5768450549-560062291-7959
c:\recycler\S-1-5-21-7762691254-4116871461-074637373-8948
c:\recycler\S-1-5-21-7804478225-5844174979-977742103-8620
c:\recycler\S-1-5-21-7872991201-0422058234-947134708-6514
c:\recycler\S-1-5-21-796845957-1614895754-682003330-500
c:\recycler\S-1-5-21-8752049922-5241934417-628490504-9581
c:\windows\system32\28463
c:\windows\system32\tmp1.tmp
c:\windows\system32\tmp2.tmp
c:\windows\system32\tmp3.tmp
c:\windows\system32\tmp61.tmp
c:\windows\system32\tmp62.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OREANS32
-------\Service_oreans32
((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.
2009-11-04 14:40 . 2009-11-04 14:40 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\Malwarebytes
2009-11-04 14:40 . 2009-09-10 09:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-04 14:39 . 2009-11-04 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-04 14:39 . 2009-09-10 09:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 20:43 . 2009-11-02 20:43 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-02 13:16 . 2009-11-02 13:16 319488 ----a-w- c:\windows\HideWin.exe
2009-11-01 13:56 . 2009-11-01 14:05 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-31 19:19 . 2009-10-31 19:45 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\GetRightToGo
2009-10-30 00:17 . 2009-10-30 00:11 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-30 00:17 . 2009-10-30 00:17 151392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\DownloadGuardBHO.dll
2009-10-30 00:17 . 2009-10-30 00:17 428936 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\DownloadGuard.exe
2009-10-30 00:17 . 2009-10-30 00:17 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-10-30 00:17 . 2009-10-30 00:17 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-30 00:17 . 2009-10-30 00:17 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-30 00:17 . 2009-10-30 00:17 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-10-30 00:17 . 2009-10-30 00:17 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-10-30 00:17 . 2009-10-30 00:17 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-10-30 00:17 . 2009-10-30 00:17 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-30 00:16 . 2009-10-30 00:17 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-30 00:16 . 2009-10-30 00:16 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-10-30 00:16 . 2009-10-30 00:16 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-10-30 00:16 . 2009-10-30 00:16 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-10-30 00:16 . 2009-10-30 00:16 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-30 00:16 . 2009-10-30 00:16 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-30 00:13 . 2009-10-30 00:14 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-30 00:13 . 2009-10-30 00:13 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-10-30 00:13 . 2009-10-30 00:13 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-10-30 00:13 . 2009-10-30 00:13 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-10-30 00:13 . 2009-10-30 00:13 640608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-10-30 00:11 . 2009-10-30 00:11 815760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-10-30 00:11 . 2009-10-30 00:11 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-10-30 00:11 . 2009-10-30 00:11 1638104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-30 00:11 . 2009-10-30 00:11 788368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-10-30 00:11 . 2009-10-30 00:11 1179232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-10-30 00:11 . 2009-10-30 00:11 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-30 00:08 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-27 08:52 . 2009-10-27 08:52 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\OpenWith.org Cache
2009-10-25 22:43 . 2009-10-30 00:08 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-15 10:20 . 2009-10-15 10:20 -------- d-----w- c:\documents and settings\NAVNATH\Local Settings\Application Data\Activision
2009-10-15 10:16 . 2009-10-21 16:12 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-15 10:16 . 2009-10-15 10:16 22328 ----a-w- c:\documents and settings\NAVNATH\Application Data\PnkBstrK.sys
2009-10-15 10:16 . 2009-10-21 16:12 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-15 10:16 . 2009-11-03 07:43 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-15 10:16 . 2009-10-15 10:16 682280 ----a-w- c:\windows\system32\pbsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 18:48 . 2008-12-12 08:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-01 18:23 . 2008-07-10 17:03 -------- d-----w- c:\program files\Intel
2009-11-01 11:22 . 2009-09-19 19:17 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\Azureus
2009-10-31 19:54 . 2008-07-10 17:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-31 19:53 . 2009-08-11 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-10-31 18:34 . 2009-09-19 19:16 -------- d-----w- c:\program files\Vuze
2009-10-30 00:17 . 2009-02-08 09:47 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-30 00:08 . 2009-02-06 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-21 16:59 . 2009-09-10 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2009-10-02 10:14 . 2009-10-02 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-10-02 10:14 . 2009-10-02 10:14 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\PC Suite
2009-10-02 10:09 . 2009-10-02 10:09 -------- d-----w- c:\program files\Samsung
2009-10-02 10:08 . 2009-10-02 10:08 -------- d-----w- c:\program files\PC Connectivity Solution
2009-10-02 10:08 . 2009-10-02 10:08 -------- d-----w- c:\program files\DIFX
2009-10-02 10:08 . 2009-10-02 10:08 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\Samsung
2009-10-02 10:08 . 2009-10-02 10:08 -------- d-----w- c:\program files\MarkAny
2009-09-24 06:25 . 2009-09-24 06:25 184320 ----a-w- c:\windows\system32\Ncs2Setp.dll
2009-09-24 06:13 . 2009-09-24 06:13 768632 ----a-w- c:\windows\system32\ncs2dmix.dll
2009-09-24 06:12 . 2009-09-24 06:12 539256 ----a-w- c:\windows\system32\accesor.dll
2009-09-24 05:50 . 2009-09-24 05:50 141944 ----a-w- c:\windows\system32\ncs2instutility.dll
2009-09-24 05:39 . 2009-09-24 05:39 1677944 ----a-w- c:\windows\system32\ncscolib.dll
2009-09-23 12:55 . 2009-02-08 08:49 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-21 08:50 . 2009-09-21 08:50 28632 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2009-09-19 19:17 . 2009-09-19 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-09-19 19:16 . 2009-09-19 19:16 -------- d-----w- c:\program files\Common Files\i4j_jres
2009-09-19 18:38 . 2009-08-27 18:32 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\uTorrent
2009-09-15 10:59 . 2009-08-03 10:29 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-08-03 10:29 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-08-03 10:29 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-08-03 10:29 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-08-03 10:29 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-08-03 10:29 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-08-03 10:29 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-08-03 10:29 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-08-03 10:29 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-10 01:15 . 2009-09-10 01:15 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\Thinstall
2009-09-10 00:31 . 2009-09-10 00:31 -------- d-----w- c:\program files\Autorun Eater
2009-09-09 00:16 . 2009-09-09 00:16 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-09 00:16 . 2009-09-09 00:15 -------- d-----w- c:\program files\Common Files\Real
2009-09-09 00:15 . 2006-07-11 13:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-09 00:15 . 2009-09-09 00:15 -------- d-----w- c:\program files\Real
2009-09-06 20:39 . 2009-09-06 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-06 20:37 . 2009-09-06 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-06 20:34 . 2009-09-06 20:31 -------- d-----w- c:\program files\Yahoo!
2009-09-06 20:34 . 2009-09-06 20:34 -------- d-----w- c:\documents and settings\NAVNATH\Application Data\Yahoo!
2009-09-06 04:33 . 2009-06-01 18:29 -------- d-----w- c:\program files\Google
2009-08-18 11:46 . 2008-07-14 16:13 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-08-14 11:14 . 2009-08-14 11:14 6379936 ----a-w- c:\windows\screensaver_radiance.exe
2009-08-14 11:14 . 2009-08-14 11:14 28672 ----a-w- c:\windows\gscr.dll
2009-08-14 11:14 . 2009-08-14 11:14 127904 ----a-w- c:\windows\screensaver_radiance.scr
2009-08-13 14:13 . 2009-08-11 18:57 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-08-13 14:13 . 2009-08-11 18:57 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-08-08 19:50 . 2009-08-08 19:50 3317272 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA3_DapSo.exe
2009-08-08 19:46 . 2009-08-08 19:46 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2008-07-10 18:08 . 2008-07-10 18:08 23 --sha-w- c:\windows\system32\adbfbea2_d.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"Capture .NET"="d:\my imp. program files\Capture\Capture.exe" [2009-03-24 790528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2007-05-09 106904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-09-15 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2008-06-19 2808832]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]
c:\documents and settings\NAVNATH\Start Menu\Programs\Startup\AutorunsDisabled
SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2007-9-9 488728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
"NoStrCmpLogical"= 01000000
"NoSMMyPictures"= 01000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Application Data^Microsoft^Shortcuts^icwsetup.exe]
path=c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe
backup=c:\windows\pss\icwsetup.exeCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PLFlash DeviceIoControl Service"=2 (0x2)
"wuauserv"=2 (0x2)
"gusvc"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"e:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [3/19/2009 5:52 PM 43792]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/8/2009 2:19 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/3/2009 3:59 PM 114768]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [4/24/2007 10:22 PM 16688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/3/2009 3:59 PM 20560]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [3/19/2009 5:52 PM 73392]
R2 Imageware 12 License Manager;Imageware 12 License Manager;e:\program files\UGS\Imageware Licensing\12.00.000\bin\lmgrd.exe [9/25/2002 2:40 AM 597504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 4:47 PM 1179232]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10/2/2009 3:38 PM 36608]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/7/2007 1:52 AM 34064]
S3 ZL;ZL;c:\docume~1\NAVNATH\LOCALS~1\Temp\ZL.exe --> c:\docume~1\NAVNATH\LOCALS~1\Temp\ZL.exe [?]
S4 BBDemon;Backbone Service;"e:\program files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service --> e:\program files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [?]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [10/2/2009 3:38 PM 233472]
S4 gupdate1ca20fd77090518;Google Update Service (gupdate1ca20fd77090518);c:\program files\Google\Update\GoogleUpdate.exe [8/20/2009 12:17 AM 133104]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-19 18:47]
2009-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-19 18:47]
2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1614895754-682003330-1003Core.job
- c:\documents and settings\NAVNATH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:56]
2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1614895754-682003330-1003UA.job
- c:\documents and settings\NAVNATH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1978305
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces
IE: &Download with &DAP
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {EB49111A-80B5-405E-9E80-12F82DCD5FA6} = 203.192.198.7,203.192.198.5
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Internet Connection Wizard Setup Tool - c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe
HKLM-Run-NPSStartup - (no file)
Notify-WgaLogon - (no file)
AddRemove-{B52F8C4B-FE88-4B59-9B80-1C93669D7DEB}_is1 - c:\program files\OpenWith.org
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 00:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89E3F1E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x89e3f1e8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\nview.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Intel\IDU\awServ.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\locator.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
e:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-11-04 0:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-04 18:50
Pre-Run: 17,365,811,200 bytes free
Post-Run: 17,272,356,864 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Malwarebytes' Anti-Malware 1.41
Database version: 3099
Windows 5.1.2600 Service Pack 2
11/4/2009 8:59:07 PM
mbam-log-2009-11-04 (20-59-07).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 333445
Time elapsed: 44 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-21cx1c987224} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgMgr (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Recycle\P-1-3-64-8794238531-8742492-9897532 (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\NAVNATH\restorer64_a.exe (SpamTool.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D480C6E8-D1B9-432F-BEE0-48857CFACC20}\RP448\A0145821.exe (SpamTool.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\restorer64_a.exe (SpamTool.Agent) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{D480C6E8-D1B9-432F-BEE0-48857CFACC20}\RP442\A0143716.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Recycle\P-1-3-64-8794238531-8742492-9897532\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NAVNATH\Start Menu\Programs\Startup\zavupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NAVNATH\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
Hope expert here take some time to analyze these logs.
Thank you.