Laina emmanuel
Posts: 41 +0
Hi all,
I seem to be running into a whole series of computers with virus over the past 2-3 weeks. Hopefully this is the last in the series.
This time it is on a computer in the village where I am visiting in India. This is the only computer with internet here. But it seems to have a trojan virus and possibly other virus - a credit card was hacked on this machine, and it seems to hang everytime a USB hard-disk is attached.
Could you please help me out here? All help greatly appreciated. I have pasted all the requisite logs.
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.06.02
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
BALAJI COMPUTERS :: BALAJI-2F3DBC18 [administrator]
Protection: Enabled
5/6/2012 12:08:26 PM
mbam-log-2012-05-06 (12-14-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 176994
Time elapsed: 5 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CPEJ09I3\myffpf[1].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ODEN45U3\zjjupy[1].gif (Extension.Mismatch) -> No action taken.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-05-06 12:48:44
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160212A rev.3.AAJ
Running: wuh7wkoq.exe; Driver: C:\DOCUME~1\BALAJI~1\LOCALS~1\Temp\fwldakog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip K7TdiHlp.sys (K7Tdi Device Driver For NT/2K/K7 Computing Pvt Ltd)
AttachedDevice \Driver\Tcpip \Device\Tcp K7TdiHlp.sys (K7Tdi Device Driver For NT/2K/K7 Computing Pvt Ltd)
AttachedDevice \Driver\Tcpip \Device\Udp K7TdiHlp.sys (K7Tdi Device Driver For NT/2K/K7 Computing Pvt Ltd)
AttachedDevice \Driver\Tcpip \Device\RawIp K7TdiHlp.sys (K7Tdi Device Driver For NT/2K/K7 Computing Pvt Ltd)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] dledue <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by BALAJI COMPUTERS at 12:59:56 on 2012-05-06
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1271.469 [GMT 5.5:30]
.
AV: K7TotalSecurity *Disabled/Updated* {51AA8441-E1FB-11D8-B3A1-0080482CAD47}
FW: K7TotalSecurity *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\K7 Computing\K7TSecurity\K7TSecurity.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe
C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe
C:\Program Files\K7 Computing\K7TSecurity\K7CrvSvc.exe
C:\Program Files\K7 Computing\K7TSecurity\K7TSMngr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\K7 Computing\K7TSecurity\K7EmlPxy.exe
C:\Program Files\K7 Computing\K7TSecurity\K7FWSrvc.exe
C:\Program Files\K7 Computing\K7TSecurity\K7PSSrvc.exe
C:\Program Files\K7 Computing\K7TSecurity\K7RTScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\K7 Computing\K7TSecurity\K7SysMon.Exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.in/
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PROMon.exe] PROMon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [K7TSStart] c:\program files\k7 computing\k7tsecurity\K7TSecurity.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [D-Link D-Link DWA-525] c:\program files\d-link\dwa-525 reva\AirNCFG.exe
mRun: [WZCSLDR2] c:\program files\d-link\dwa-525 reva\WZCSLDR2.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [MSConfig] c:\documents and settings\networkservice\tiamoji.exe \u
StartupFolder: c:\docume~1\balaji~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\24onli~1.lnk - c:\program files\elitecore\cyberoam client for 24online\CyberoamClient.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\K7WSLsp.dll
TCP: Interfaces\{30F7088E-ADBA-4AC0-BE10-0AE829EF1297} : NameServer = 27.124.49.1,4.2.2.2
TCP: Interfaces\{7CF71C68-45C6-4174-8AB2-64BC04DA1429} : NameServer = 27.124.49.1,4.2.2.2
TCP: Interfaces\{92A2EAE8-25A3-4890-82BC-4519849FEE46} : NameServer = 27.124.49.1,4.2.2.2
TCP: Interfaces\{EDEEF4AA-665A-4233-8537-C2F075B4749B} : NameServer = 27.124.49.1,4.2.2.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\balaji computers\application data\mozilla\firefox\profiles\7w74vwkk.default\
FF - prefs.js: browser.startup.homepage - www.rediff.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R?2 D_Link_DWA-525;D_Link_DWA-525 Service;c:\program files\d-link\dwa-525 reva\ANIWZCSdS.exe [2006-5-16 126976]
R0 K7Sentry;K7AntiVirus MiniFilter Driver;c:\windows\system32\drivers\K7Sentry.sys [2006-5-16 1013560]
R1 K7FWFilt;K7FWFilt;c:\windows\system32\drivers\K7FWFilt.sys [2006-5-16 43168]
R1 K7TdiHlp;K7TDI Helper Service;c:\windows\system32\drivers\K7TdiHlp.sys [2006-5-16 13600]
R2 ANPD;ANPD Service;c:\windows\system32\ANPD.SYS [2012-2-15 29411]
R2 K7CrvSvc;K7Carnivore Service;c:\program files\k7 computing\k7tsecurity\k7crvsvc.exe [2011-1-20 262752]
R2 K7EmlPxy;K7Computng - EMail Proxy Server;c:\program files\k7 computing\k7tsecurity\k7emlpxy.exe [2011-1-20 148576]
R2 K7FWSrvc;K7Firewall Services;c:\program files\k7 computing\k7tsecurity\k7fwsrvc.exe [2011-1-20 230680]
R2 K7PSSrvc;K7Privacy Services;c:\program files\k7 computing\k7tsecurity\k7pssrvc.exe [2011-1-20 136984]
R2 K7RTScan;K7RealTime AntiVirus Services;c:\program files\k7 computing\k7tsecurity\k7rtscan.exe [2011-1-20 195168]
R2 K7TSMngr;K7TotalSecurity Manager;c:\program files\k7 computing\k7tsecurity\k7tsmngr.exe [2011-1-20 215344]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-6 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-6 22344]
S2 D_Link_DWA-525_WPS;D_Link_DWA-525_WPS Service;c:\program files\d-link\dwa-525 reva\ANIWConnService.exe [2006-5-16 40960]
S2 dledue;Shell Security;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 autorun;autorun;C:\huadio.tmp [2011-11-16 5311]
S3 K7SpmSrc;K7SpmSrc;c:\program files\k7 computing\k7tsecurity\K7SpmSrc.exe [2011-7-20 303384]
S3 RT80x86;D-Link 802.11n Wireless Driver;c:\windows\system32\drivers\Drt2860.sys [2026-4-16 1136128]
.
=============== Created Last 30 ================
.
2026-04-16 16:20:57 221184 ----a-r- c:\windows\system32\RaCoInst.dll
2026-04-16 16:20:57 1136128 ----a-r- c:\windows\system32\drivers\Drt2860.sys
2012-05-06 06:34:37 -------- d-----w- c:\documents and settings\balaji computers\application data\Malwarebytes
2012-05-06 06:34:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-06 06:34:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-06 06:34:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-05 18:08:45 -------- d-----w- c:\documents and settings\balaji computers\application data\KeePass
2012-05-05 17:48:15 -------- d-----w- c:\program files\KeePass Password Safe
.
==================== Find3M ====================
.
2012-02-15 09:51:15 73728 ----a-w- c:\windows\system32\ANPDApi.dll
2012-02-15 09:51:15 48640 ----a-w- c:\windows\system32\ANPD64.SYS
2012-02-15 09:51:15 34008 ----a-w- c:\windows\system32\ANPD.VXD
2012-02-15 09:51:15 29411 ----a-w- c:\windows\system32\ANPD.SYS
2004-08-03 19:26:44 159975 --sha-r- c:\windows\system32\hvhbezd.dll
.
============= FINISH: 13:00:13.21 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/16/2011 3:35:14 PM
System Uptime: 5/6/2012 11:49:16 AM (2 hours ago)
.
Motherboard: | | 775i65G.
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | CPU Socket | 3062/133mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | CPU Socket | 3062/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 32.838 GiB free.
D: is FIXED (FAT32) - 38 GiB total, 35.438 GiB free.
E: is FIXED (FAT32) - 38 GiB total, 8.56 GiB free.
F: is FIXED (FAT32) - 35 GiB total, 27.854 GiB free.
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Memory Controller
Device ID: PCI\VEN_04F1&DEV_2D30&SUBSYS_205504F1&REV_01\4&2E98101C&0&10F0
Manufacturer:
Name: PCI Memory Controller
PNP Device ID: PCI\VEN_04F1&DEV_2D30&SUBSYS_205504F1&REV_01\4&2E98101C&0&10F0
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&2E98101C&0&28F0
Manufacturer: Realtek
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&2E98101C&0&28F0
Service: rtl8139
.
==== System Restore Points ===================
.
RP1: 4/16/2026 10:58:05 PM - System Checkpoint
RP2: 5/20/2006 11:29:06 AM - System Checkpoint
RP3: 5/20/2006 11:30:51 AM - Installed Adobe Reader X (10.1.1).
RP4: 6/8/2006 12:15:01 PM - System Checkpoint
RP5: 5/17/2006 1:09:59 PM - System Checkpoint
RP6: 2/15/2012 3:21:03 PM - Installed D-Link DWA-525
RP7: 2/26/2012 9:34:54 PM - System Checkpoint
RP8: 5/16/2006 12:15:26 AM - Removed D-Link DWA-525
RP9: 5/16/2006 12:08:42 AM - Installed D-Link DWA-525
RP10: 4/6/2012 10:58:25 PM - System Checkpoint
RP11: 5/16/2006 8:03:52 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Reader X (10.1.1)
C-Media 3D Audio
Canon Easy-PhotoPrint EX
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon Solution Menu EX
CanSecure-Corporate
Cyberoam Client for 24Online
D-Link DWA-525
Intel(R) Extreme Graphics Driver
Intel(R) PRO Intelligent Installer
K7TotalSecurity
KeePass Password Safe 1.22
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Mozilla Firefox (3.6)
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
WebFldrs XP
XMLinst
.
==== End Of File ===========================
I seem to be running into a whole series of computers with virus over the past 2-3 weeks. Hopefully this is the last in the series.
This time it is on a computer in the village where I am visiting in India. This is the only computer with internet here. But it seems to have a trojan virus and possibly other virus - a credit card was hacked on this machine, and it seems to hang everytime a USB hard-disk is attached.
Could you please help me out here? All help greatly appreciated. I have pasted all the requisite logs.
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.06.02
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
BALAJI COMPUTERS :: BALAJI-2F3DBC18 [administrator]
Protection: Enabled
5/6/2012 12:08:26 PM
mbam-log-2012-05-06 (12-14-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 176994
Time elapsed: 5 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CPEJ09I3\myffpf[1].jpg (Extension.Mismatch) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ODEN45U3\zjjupy[1].gif (Extension.Mismatch) -> No action taken.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-05-06 12:48:44
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160212A rev.3.AAJ
Running: wuh7wkoq.exe; Driver: C:\DOCUME~1\BALAJI~1\LOCALS~1\Temp\fwldakog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip K7TdiHlp.sys (K7Tdi Device Driver For NT/2K/K7 Computing Pvt Ltd)
AttachedDevice \Driver\Tcpip \Device\Tcp K7TdiHlp.sys (K7Tdi Device Driver For NT/2K/K7 Computing Pvt Ltd)
AttachedDevice \Driver\Tcpip \Device\Udp K7TdiHlp.sys (K7Tdi Device Driver For NT/2K/K7 Computing Pvt Ltd)
AttachedDevice \Driver\Tcpip \Device\RawIp K7TdiHlp.sys (K7Tdi Device Driver For NT/2K/K7 Computing Pvt Ltd)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] dledue <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by BALAJI COMPUTERS at 12:59:56 on 2012-05-06
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1271.469 [GMT 5.5:30]
.
AV: K7TotalSecurity *Disabled/Updated* {51AA8441-E1FB-11D8-B3A1-0080482CAD47}
FW: K7TotalSecurity *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\K7 Computing\K7TSecurity\K7TSecurity.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe
C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe
C:\Program Files\K7 Computing\K7TSecurity\K7CrvSvc.exe
C:\Program Files\K7 Computing\K7TSecurity\K7TSMngr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\K7 Computing\K7TSecurity\K7EmlPxy.exe
C:\Program Files\K7 Computing\K7TSecurity\K7FWSrvc.exe
C:\Program Files\K7 Computing\K7TSecurity\K7PSSrvc.exe
C:\Program Files\K7 Computing\K7TSecurity\K7RTScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\K7 Computing\K7TSecurity\K7SysMon.Exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.in/
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PROMon.exe] PROMon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [K7TSStart] c:\program files\k7 computing\k7tsecurity\K7TSecurity.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [D-Link D-Link DWA-525] c:\program files\d-link\dwa-525 reva\AirNCFG.exe
mRun: [WZCSLDR2] c:\program files\d-link\dwa-525 reva\WZCSLDR2.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [MSConfig] c:\documents and settings\networkservice\tiamoji.exe \u
StartupFolder: c:\docume~1\balaji~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\24onli~1.lnk - c:\program files\elitecore\cyberoam client for 24online\CyberoamClient.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\K7WSLsp.dll
TCP: Interfaces\{30F7088E-ADBA-4AC0-BE10-0AE829EF1297} : NameServer = 27.124.49.1,4.2.2.2
TCP: Interfaces\{7CF71C68-45C6-4174-8AB2-64BC04DA1429} : NameServer = 27.124.49.1,4.2.2.2
TCP: Interfaces\{92A2EAE8-25A3-4890-82BC-4519849FEE46} : NameServer = 27.124.49.1,4.2.2.2
TCP: Interfaces\{EDEEF4AA-665A-4233-8537-C2F075B4749B} : NameServer = 27.124.49.1,4.2.2.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\balaji computers\application data\mozilla\firefox\profiles\7w74vwkk.default\
FF - prefs.js: browser.startup.homepage - www.rediff.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R?2 D_Link_DWA-525;D_Link_DWA-525 Service;c:\program files\d-link\dwa-525 reva\ANIWZCSdS.exe [2006-5-16 126976]
R0 K7Sentry;K7AntiVirus MiniFilter Driver;c:\windows\system32\drivers\K7Sentry.sys [2006-5-16 1013560]
R1 K7FWFilt;K7FWFilt;c:\windows\system32\drivers\K7FWFilt.sys [2006-5-16 43168]
R1 K7TdiHlp;K7TDI Helper Service;c:\windows\system32\drivers\K7TdiHlp.sys [2006-5-16 13600]
R2 ANPD;ANPD Service;c:\windows\system32\ANPD.SYS [2012-2-15 29411]
R2 K7CrvSvc;K7Carnivore Service;c:\program files\k7 computing\k7tsecurity\k7crvsvc.exe [2011-1-20 262752]
R2 K7EmlPxy;K7Computng - EMail Proxy Server;c:\program files\k7 computing\k7tsecurity\k7emlpxy.exe [2011-1-20 148576]
R2 K7FWSrvc;K7Firewall Services;c:\program files\k7 computing\k7tsecurity\k7fwsrvc.exe [2011-1-20 230680]
R2 K7PSSrvc;K7Privacy Services;c:\program files\k7 computing\k7tsecurity\k7pssrvc.exe [2011-1-20 136984]
R2 K7RTScan;K7RealTime AntiVirus Services;c:\program files\k7 computing\k7tsecurity\k7rtscan.exe [2011-1-20 195168]
R2 K7TSMngr;K7TotalSecurity Manager;c:\program files\k7 computing\k7tsecurity\k7tsmngr.exe [2011-1-20 215344]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-6 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-6 22344]
S2 D_Link_DWA-525_WPS;D_Link_DWA-525_WPS Service;c:\program files\d-link\dwa-525 reva\ANIWConnService.exe [2006-5-16 40960]
S2 dledue;Shell Security;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 autorun;autorun;C:\huadio.tmp [2011-11-16 5311]
S3 K7SpmSrc;K7SpmSrc;c:\program files\k7 computing\k7tsecurity\K7SpmSrc.exe [2011-7-20 303384]
S3 RT80x86;D-Link 802.11n Wireless Driver;c:\windows\system32\drivers\Drt2860.sys [2026-4-16 1136128]
.
=============== Created Last 30 ================
.
2026-04-16 16:20:57 221184 ----a-r- c:\windows\system32\RaCoInst.dll
2026-04-16 16:20:57 1136128 ----a-r- c:\windows\system32\drivers\Drt2860.sys
2012-05-06 06:34:37 -------- d-----w- c:\documents and settings\balaji computers\application data\Malwarebytes
2012-05-06 06:34:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-06 06:34:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-06 06:34:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-05 18:08:45 -------- d-----w- c:\documents and settings\balaji computers\application data\KeePass
2012-05-05 17:48:15 -------- d-----w- c:\program files\KeePass Password Safe
.
==================== Find3M ====================
.
2012-02-15 09:51:15 73728 ----a-w- c:\windows\system32\ANPDApi.dll
2012-02-15 09:51:15 48640 ----a-w- c:\windows\system32\ANPD64.SYS
2012-02-15 09:51:15 34008 ----a-w- c:\windows\system32\ANPD.VXD
2012-02-15 09:51:15 29411 ----a-w- c:\windows\system32\ANPD.SYS
2004-08-03 19:26:44 159975 --sha-r- c:\windows\system32\hvhbezd.dll
.
============= FINISH: 13:00:13.21 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/16/2011 3:35:14 PM
System Uptime: 5/6/2012 11:49:16 AM (2 hours ago)
.
Motherboard: | | 775i65G.
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | CPU Socket | 3062/133mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | CPU Socket | 3062/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 32.838 GiB free.
D: is FIXED (FAT32) - 38 GiB total, 35.438 GiB free.
E: is FIXED (FAT32) - 38 GiB total, 8.56 GiB free.
F: is FIXED (FAT32) - 35 GiB total, 27.854 GiB free.
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Memory Controller
Device ID: PCI\VEN_04F1&DEV_2D30&SUBSYS_205504F1&REV_01\4&2E98101C&0&10F0
Manufacturer:
Name: PCI Memory Controller
PNP Device ID: PCI\VEN_04F1&DEV_2D30&SUBSYS_205504F1&REV_01\4&2E98101C&0&10F0
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&2E98101C&0&28F0
Manufacturer: Realtek
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&2E98101C&0&28F0
Service: rtl8139
.
==== System Restore Points ===================
.
RP1: 4/16/2026 10:58:05 PM - System Checkpoint
RP2: 5/20/2006 11:29:06 AM - System Checkpoint
RP3: 5/20/2006 11:30:51 AM - Installed Adobe Reader X (10.1.1).
RP4: 6/8/2006 12:15:01 PM - System Checkpoint
RP5: 5/17/2006 1:09:59 PM - System Checkpoint
RP6: 2/15/2012 3:21:03 PM - Installed D-Link DWA-525
RP7: 2/26/2012 9:34:54 PM - System Checkpoint
RP8: 5/16/2006 12:15:26 AM - Removed D-Link DWA-525
RP9: 5/16/2006 12:08:42 AM - Installed D-Link DWA-525
RP10: 4/6/2012 10:58:25 PM - System Checkpoint
RP11: 5/16/2006 8:03:52 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Reader X (10.1.1)
C-Media 3D Audio
Canon Easy-PhotoPrint EX
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon Solution Menu EX
CanSecure-Corporate
Cyberoam Client for 24Online
D-Link DWA-525
Intel(R) Extreme Graphics Driver
Intel(R) PRO Intelligent Installer
K7TotalSecurity
KeePass Password Safe 1.22
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Mozilla Firefox (3.6)
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
WebFldrs XP
XMLinst
.
==== End Of File ===========================