To talk on Icrontic, just register!

It only takes 30 seconds.

Have an account? Sign in:

Forgot?

To reopen your thread, send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own thread instead.

 
Reply to Discussion Options
nick1983
Icrontic Convert
nick1983
13 Posts
12 Jun 2009, 9:24am

windows hangs anonymously; system n sypware tools diabled

hi
i am facing problem with my windows which hangs at uneven intervals leaving me with no option but restart the system

i tried repairing windows installation where i had an error " dsnpfd.sys" file missing but that i guess shouldnt be a problem

i have monitored my cpu/gpu /hdd temperature, all seem normal

problems...
1. computer hangs
2. cant defragment, update windows
3. super anti spyware and malware bytes are not working (doesnt run even in safe mode)
5. microsoft .com doesnt open!!! rest all sites work fine
6. chkdsk /r doesnt get performed at restart

i have scanned my pc (using Mcafee) but no viruses

system spec
4300 core 2 duo
2 x 1 gb 800mhz transcend ram
160gb toshiba sata hdd
samsung dvd writer
p965 neo MSI mobo
nvidia 8500gt 512mb graphic card

hjsplit gets installed but doesnt run even in safe mode
even did renaming the mbam files but no use
please help


now i cud run RSIT tool and the logs are as follows

INFO log
=================================
info.txt logfile of random's system information tool 1.06 2009-06-12 13:58:45

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0009 -removeonly
-->MsiExec /X{64F67489-76BB-4CDD-A236-F954BE774B35}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.45 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
American Classics (Shared Components)-->C:\Program Files\Common Files\Just Flight Limited Shared\Uninstall\American Classics\B566F000\UninstApplet.exe /uninstall
ApexDC++ 1.1.0-->E:\temp isnat\dc++\ApexDC++\uninst.exe
Ashampoo Movie Shrink & Burn 3.01-->"E:\temp isnat\Ashampoo Movie Shrink & Burn 3\unins000.exe"
Bully Scholarship Edition-->"C:\Program Files\InstallShield Installation Information\{A724605D-B399-4304-B8C7-33B3EF7D4677}\setup.exe" -runfromtemp -l0x0409 -removeonly
Bully Scholarship Edition-->MsiExec.exe /X{A724605D-B399-4304-B8C7-33B3EF7D4677}
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Canon MP Navigator 3.1-->"C:\Program Files\Canon\MP Navigator 3.1\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.1\uninst.ini
Canon MP140 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series /L0x0009
Canon Utilities Easy-LayoutPrint-->C:\Program Files\Canon\Easy-LayoutPrint\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CircleSurround II Plugin for Windows Media Player-->MsiExec.exe /I{135BFFD7-D9C1-4374-B18C-BEB64FC7851C}
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertXtoDVD 3.0.0.7-->"E:\temp isnat\3\unins000.exe"
Core Center-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Core Center\Uninst.isu"
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Creative WebCam Vista User's Guide (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Vista\Creative WebCam Vista User's Guide\English\CTManual.isu"
Creative WebCam Vista/Live! Cam Chat Driver (1.11.01.00)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0330.uns -unsext NT -plugin V0330Pin.dll -pluginres CtCamPin.crl
Daily Astrology Explorer-->"E:\temp isnat\Daily Astrolgy Explorer\unins000.exe"
Data Doctor Recovery FAT+NTFS 3.0.1.5-->V:\datarecovery\Data Doctor Recovery FAT+NTFS\Uninstall.exe
E-Kundli - 2002-->C:\WINDOWS\ST5UNST.EXE -n "e:\temp isnat\kundli soft inst\ST5UNST.LOG"
Google Earth Pro-->MsiExec.exe /X{9578C0CD-8108-4379-9026-4601F59859A0}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Goravani Group-->E:\temp isnat\Omni imntall\Unstall.exe
Guitar Hero III-->MsiExec.exe /I{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hard Drive Inspector Professional 2.62 build # 447-->E:\temp isnat\Hard Drive Inspector\Uninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Horoscope Explorer Pro 3.6-->"E:\temp isnat\HoroExPro\unins000.exe"
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JRAID-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\Setup.exe" -l0x9 -removeonly
Kane and Lynch: Dead Men-->MsiExec.exe /X{A66C4716-7E10-4A53-8101-00C3C11D6A9C}
Kundli for Windows (Professional Edition)-->C:\WINDOWS\uninst.exe -f"e:\temp isnat\kundliproinstall\DeIsL1.isu" -c"e:\temp isnat\kundliproinstall\_ISREG32.DLL"
LAN Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB15BACA-8F2E-421C-A214-F9065EA15A92}\Setup.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft DirectX SDK (June 2007)-->MsiExec.exe /I{BBF84B6A-DA3E-4302-997A-00D5490D70B0}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI Live Update 3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Naevius YouTube Converter 1.8-->"E:\temp isnat\Naevius YouTube Converter\unins000.exe"
NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409
Network Magic-->C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
Nimbuzz 0.18.17-->C:\Program Files\Nimbuzz\Uninstall.exe
Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Nokia_PC_Suite_rel_6_86_9_0_eng_web.exe
Nokia PC Suite-->MsiExec.exe /I{0FC76B71-2534-4354-B255-3468578E3F47}
Nokia Video Manager-->MsiExec.exe /X{54CE40CB-EEF3-4BB8-B5FA-C2B1F2C1C639}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA PhysX-->MsiExec.exe /X{64F67489-76BB-4CDD-A236-F954BE774B35}
NVIDIA PureVideo Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
O&O Defrag Professional Edition-->MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Parashara's Light - Personal Edition-->"E:\temp isnat\Parashara light inst\Parashara's Light 7.0 inst\Uninstall_Parashara's Light - Personal Edition\Uninstall Parashara's Light - Personal Edition.exe"
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PDF Password Remover v3.0-->"E:\temp isnat\PDF Password Remover v3.0\unins000.exe"
PerformanceTest v6.1-->"C:\Program Files\PerformanceTest\unins000.exe"
Photo To Color Sketch 6.51-->"E:\temp isnat\Photo To Color Sketch\unins000.exe"
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
ScanSoft OmniPage SE 4-->MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sketch-->"C:\Program Files\AKVIS\Sketch\Uninstall\Uninstall.exe" "C:\Program Files\AKVIS\Sketch\Uninstall\install.log" -u
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Sound Forge 7.0-->MsiExec.exe /I{0712667C-A171-49AE-A098-4ACDA28625F8}
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
USB Vibration Joystick-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\setup.exe" -l0x9
VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Vtune 5.0-->"C:\Program Files\Vtune\unins000.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Live Sign-in Assistant-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

66.98.148.65 auto.search.msn.com
66.98.148.65 auto.search.msn.es

======System event log======

Computer Name: NISHANTPC
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 1929
Source Name: W32Time
Time Written: 20090519203226.000000+330
Event Type: error
User:

Computer Name: NISHANTPC
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 1928
Source Name: W32Time
Time Written: 20090519203226.000000+330
Event Type: error
User:

Computer Name: NISHANTPC
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 60 minutes.
NtpClient has no source of accurate time.

Record Number: 1925
Source Name: W32Time
Time Written: 20090519194953.000000+330
Event Type: error
User:

Computer Name: NISHANTPC
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 1924
Source Name: W32Time
Time Written: 20090519194953.000000+330
Event Type: error
User:

Computer Name: NISHANTPC
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Record Number: 1921
Source Name: W32Time
Time Written: 20090519191953.000000+330
Event Type: error
User:

=====Application event log=====

Computer Name: NISHANTPC
Event Code: 2
Message: Title GTAIV.exe (1, 0, 0, 0)
XLive 2.0.0672.0 (PANORAMA_V2.00_RTM.081022-0447) C:\WINDOWS\system32\xlive.dll


0x80004005

Games for Windows - LIVE DLL
C:\WINDOWS\system32\msidcrl40.dll 5.000.737.6

Record Number: 8409
Source Name: XLive
Time Written: 20090314182834.000000+330
Event Type: warning
User:

Computer Name: NISHANTPC
Event Code: 1000
Message: Faulting application GTAIV.exe, version 1.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0xe89d001d.

Record Number: 8408
Source Name: Application Error
Time Written: 20090314182831.000000+330
Event Type: error
User:

Computer Name: NISHANTPC
Event Code: 1000
Message: Faulting application gtaiv.exe, version 1.0.1.0, faulting module gtaiv.exe, version 1.0.1.0, fault address 0x005c301c.

Record Number: 8407
Source Name: Application Error
Time Written: 20090314182609.000000+330
Event Type: error
User:

Computer Name: NISHANTPC
Event Code: 1000
Message: Faulting application gtaiv.exe, version 1.0.1.0, faulting module gtaiv.exe, version 1.0.1.0, fault address 0x005edfec.

Record Number: 8400
Source Name: Application Error
Time Written: 20090313164815.000000+330
Event Type: error
User:

Computer Name: NISHANTPC
Event Code: 1000
Message: Faulting application gtaiv.exe, version 1.0.0.0, faulting module gtaiv.exe, version 1.0.0.0, fault address 0x007819fd.

Record Number: 8399
Source Name: Application Error
Time Written: 20090313163923.000000+330
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\PC Connectivity Solution\;C:\Program Files\PC Connectivity Solution;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
==================================
nick1983 edited : 12 Jun 2009 at 9:37am .
nick1983
Icrontic Convert
nick1983
13 Posts
12 Jun 2009, 9:37am
"LOG" log

===============
Logfile of random's system information tool 1.06 (written by random/random)
Run by Nishant at 2009-06-12 13:58:02
Microsoft Windows XP Professional Service Pack 2
System drive C: has 27 GB (55%) free of 50 GB
Total RAM: 2046 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:58:43, on 12/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Vtune\TBPanel.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\V0330Mon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Nishant\Desktop\Bandwidth_Meter_Pro_v2.6.603.exe
C:\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exe
C:\Documents and Settings\Nishant\Desktop\RSIT.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\trend micro\Nishant.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: {b469fc15-9da0-3acb-b134-be90f7d209d4} - {4d902d7f-09eb-431b-bca3-0ad951cf964b} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BF29159E-5626-4757-8E4A-D12B68ADD6D4} - (no file)
O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [HDInspector.exe] E:\temp isnat\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\temp isnat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: Download with GetRight Pro - L:\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - L:\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1203789450693
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1229261617109
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5035/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AA2D13D-53DE-4934-98C4-B2239942D240}: NameServer = 202.56.230.6 202.56.250.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DC402DB-A2C4-413C-A96A-C54E209E8AB5}: NameServer = 85.255.112.176,85.255.112.189
O17 - HKLM\System\CCS\Services\Tcpip\..\{B889F46D-6AFE-432C-9141-C85E9AF3F995}: NameServer = 203.94.227.70,203.94.243.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{D534BEB4-EFA3-40D9-99A4-4CCC13222E08}: NameServer = 203.94.227.70,203.94.243.70
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.176,85.255.112.189
O17 - HKLM\System\CS1\Services\Tcpip\..\{5AA2D13D-53DE-4934-98C4-B2239942D240}: NameServer = 202.56.230.6 202.56.250.5
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: NameServer = 85.255.112.176,85.255.112.189
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 85.255.112.176,85.255.112.189
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.176,85.255.112.189
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Just Flight Limited License Service - Just Flight Limited - C:\Program Files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10629 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d902d7f-09eb-431b-bca3-0ad951cf964b}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF29159E-5626-4757-8E4A-D12B68ADD6D4}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Gainward"=C:\Program Files\Vtune\TBPanel.exe [2007-03-23 2158592]
"nwiz"=nwiz.exe /install []
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-08-18 94208]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]
"Network Associates Error Reporting Service"=C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2007-06-14 149024]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"HDInspector.exe"=E:\temp isnat\Hard Drive Inspector\HDInspector.exe [2008-01-09 1002248]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-03 185896]
"V0330Mon.exe"=C:\WINDOWS\V0330Mon.exe [2007-04-30 32768]
"JMB36X Configure"=C:\WINDOWS\system32\JMRaidTool.exe [2006-04-20 385024]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-03-20 86960]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-09-14 648488]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2009-03-15 705832]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-01-29 16859648]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-03-28 1079296]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-05-13 1510640]
"DAEMON Tools"=E:\temp isnat\DAEMON Tools\daemon.exe [2007-04-04 165784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ssqro
"notification packages"=
scecli
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"H:\game installed\heli strike force\game.exe"="H:\game installed\heli strike force\game.exe:*isabled:game"
"C:\Program Files\Nimbuzz\Nimbuzz.exe"="C:\Program Files\Nimbuzz\Nimbuzz.exe:*:Enabled:Nimbuzz"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*isabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\softs\P._LimeWire_4.16.6_by_yerdenizden.exe"="D:\softs\P._LimeWire_4.16.6_by_yerdenizden.exe:*:Enabled:LimeWire"
"V:\P._LimeWire_4.16.6_by_yerdenizden.exe"="V:\P._LimeWire_4.16.6_by_yerdenizden.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\Nishant\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Nishant\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Nishant\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Nishant\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Nishant\Desktop\Foxit PDF Editor.exe"="C:\Documents and Settings\Nishant\Desktop\Foxit PDF Editor.exe:*isabled:-Portabled By rain_drop-"
"E:\temp isnat\dc++\ApexDC++\ApexDC.exe"="E:\temp isnat\dc++\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing"
"E:\temp isnat\PFPortChecker\PFPortChecker.exe"="E:\temp isnat\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded."
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*isabled:EA Download Manager"
"V:\dark sectorinstall\DS.exe"="V:\dark sectorinstall\DS.exe:*:Enabledark Sector"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0570e351-6d30-11dd-bc49-001617b3efc9}]
shell\AutoRun\command - AutoRun\AutoStart.exe
shell\Explore\command - AutoRun\AutoStart.exe
shell\Open\command - AutoRun\AutoStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16f1a8cf-aaa7-11dc-9762-806d6172696f}]
shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49766c5c-c52e-11dc-bc4b-001617b3efc9}]
shell\AutoRun\command - M:\m1t8ta.com
shell\explore\command - M:\m1t8ta.com
shell\open\command - M:\m1t8ta.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdc0ca0-5d75-11dd-bc25-001617b3efc9}]
shell\AutoRun\command - 9yqusig.bat
shell\explore\command - 9yqusig.bat
shell\open\command - 9yqusig.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86a45ed8-e560-11dc-bc8e-001617b3efc9}]
shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0673953-6ba3-11dd-bc44-001617b3efc9}]
shell\AutoRun\command - L:\AutoRun\AutoStart.exe
shell\Explore\command - L:\AutoRun\AutoStart.exe
shell\Open\command - L:\AutoRun\AutoStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e78a0b8c-6dfe-11dd-bc4c-001617b3efc9}]
shell\AutoRun\command - L:\AutoRun\AutoStart.exe
shell\Explore\command - L:\AutoRun\AutoStart.exe
shell\Open\command - L:\AutoRun\AutoStart.exe


======List of files/folders created in the last 1 months======

2009-06-12 13:58:02 ----D---- C:\rsit
2009-06-12 13:32:42 ----D---- C:\Program Files\Trend Micro
2009-06-12 13:10:08 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-10 18:29:29 ----R---- C:\WINDOWS\Alcmtr.exe
2009-06-10 17:29:14 ----A---- C:\WINDOWS\nvsulib.dll
2009-06-10 17:29:14 ----A---- C:\WINDOWS\nvgpio.dll
2009-06-10 17:29:14 ----A---- C:\WINDOWS\NTuneGpu.dll
2009-06-10 17:29:14 ----A---- C:\WINDOWS\msvcr71.dll
2009-06-10 17:29:14 ----A---- C:\WINDOWS\msvcp71.dll
2009-06-10 17:29:14 ----A---- C:\WINDOWS\MFC71.dll
2009-06-10 17:21:23 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2009-06-10 15:32:29 ----A---- C:\WINDOWS\wininit.ini
2009-06-10 14:53:50 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-06-10 14:53:48 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-06-10 14:51:57 ----D---- C:\4441c714b033426b91e26085f5
2009-06-10 14:47:46 ----D---- C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP
2009-06-10 14:41:40 ----D---- C:\WINDOWS\Prefetch
2009-06-10 14:35:08 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-06-10 14:21:50 ----D---- C:\WINDOWS\A7E07C2B2220441587E3784D5814BC93.TMP
2009-06-10 14:14:11 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-06-10 14:14:11 ----A---- C:\WINDOWS\system32\irclass.dll
2009-06-10 14:13:54 ----RA---- C:\WINDOWS\SETB4.tmp
2009-06-10 14:13:51 ----RA---- C:\WINDOWS\SETA8.tmp
2009-06-10 14:13:49 ----RA---- C:\WINDOWS\SETA5.tmp
2009-06-07 20:59:19 ----D---- C:\Documents and Settings\All Users\Application Data\salvation
2009-05-27 01:50:07 ----D---- C:\Documents and Settings\Nishant\Application Data\ValuSoft
2009-05-26 16:12:25 ----A---- C:\WINDOWS\ModemLog_Nokia E51 USB Modem #4.txt
2009-05-26 16:10:25 ----D---- C:\Documents and Settings\All Users\Application Data\Tages
2009-05-24 17:19:28 ----D---- C:\Documents and Settings\Nishant\Application Data\skypePM
2009-05-24 17:16:02 ----D---- C:\Documents and Settings\Nishant\Application Data\Skype
2009-05-24 17:15:46 ----D---- C:\Program Files\Common Files\Skype
2009-05-24 17:15:41 ----RD---- C:\Program Files\Skype
2009-05-24 17:15:25 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-05-15 22:14:26 ----D---- C:\Program Files\Common Files\Corel

======List of files/folders modified in the last 1 months======

2009-06-12 13:55:39 ----A---- C:\WINDOWS\DFC.INI
2009-06-12 13:49:43 ----A---- C:\WINDOWS\ModemLog_Nokia E51 USB Modem.txt
2009-06-12 13:49:32 ----D---- C:\WINDOWS\Temp
2009-06-12 13:38:27 ----SD---- C:\WINDOWS\Tasks
2009-06-12 13:36:57 ----D---- C:\Program Files\Mozilla Firefox
2009-06-12 13:36:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-12 13:33:33 ----D---- C:\WINDOWS\system32\drivers
2009-06-12 13:32:42 ----RD---- C:\Program Files
2009-06-12 13:31:10 ----D---- C:\Documents and Settings
2009-06-12 13:10:08 ----D---- C:\WINDOWS
2009-06-12 13:09:12 ----D---- C:\WINDOWS\security
2009-06-12 13:08:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-12 12:51:21 ----D---- C:\WINDOWS\system32
2009-06-12 12:51:21 ----D---- C:\WINDOWS\nview
2009-06-10 19:40:40 ----D---- C:\WINDOWS\system32\Setup
2009-06-10 19:40:29 ----D---- C:\WINDOWS\system32\usmt
2009-06-10 19:40:09 ----D---- C:\WINDOWS\mui
2009-06-10 19:40:09 ----D---- C:\WINDOWS\ime
2009-06-10 19:40:09 ----D---- C:\WINDOWS\ehome
2009-06-10 19:40:07 ----RSD---- C:\WINDOWS\Fonts
2009-06-10 19:40:07 ----D---- C:\WINDOWS\Media
2009-06-10 19:39:53 ----D---- C:\WINDOWS\PeerNet
2009-06-10 19:39:37 ----D---- C:\WINDOWS\system32\npp
2009-06-10 19:39:29 ----D---- C:\WINDOWS\msagent
2009-06-10 19:37:05 ----D---- C:\WINDOWS\twain_32
2009-06-10 19:36:52 ----D---- C:\WINDOWS\system32\icsxml
2009-06-10 19:36:22 ----D---- C:\WINDOWS\system32\ias
2009-06-10 19:36:15 ----D---- C:\WINDOWS\system32\1033
2009-06-10 19:34:52 ----D---- C:\WINDOWS\Driver Cache
2009-06-10 18:51:48 ----SHD---- C:\WINDOWS\Installer
2009-06-10 18:51:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-10 18:51:33 ----D---- C:\WINDOWS\Help
2009-06-10 18:29:56 ----D---- C:\WINDOWS\system32\RTCOM
2009-06-10 18:25:30 ----SHD---- C:\WINDOWS\CSC
2009-06-10 17:29:14 ----D---- C:\Program Files\MSI
2009-06-10 17:03:01 ----D---- C:\WINDOWS\AppPatch
2009-06-10 16:38:09 ----D---- C:\WINDOWS\system32\LogFiles
2009-06-10 16:38:09 ----D---- C:\WINDOWS\Debug
2009-06-10 15:05:17 ----D---- C:\WINDOWS\SoftwareDistribution
2009-06-10 15:04:58 ----HD---- C:\WINDOWS\inf
2009-06-10 14:53:50 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-10 14:53:25 ----D---- C:\Program Files\Windows Media Player
2009-06-10 14:46:43 ----D---- C:\Program Files\SUPERAntiSpyware
2009-06-10 14:44:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-10 14:43:57 ----D---- C:\WINDOWS\Registration
2009-06-10 14:42:47 ----D---- C:\WINDOWS\system32\Restore
2009-06-10 14:41:04 ----D---- C:\WINDOWS\system32\inetsrv
2009-06-10 14:41:04 ----D---- C:\WINDOWS\system32\config
2009-06-10 14:35:52 ----A---- C:\WINDOWS\ODBCINST.INI
2009-06-10 14:35:10 ----RD---- C:\WINDOWS\Web
2009-06-10 14:35:03 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-06-10 14:34:52 ----A---- C:\WINDOWS\WIN.INI
2009-06-10 14:34:46 ----D---- C:\WINDOWS\system32\oobe
2009-06-10 14:34:45 ----D---- C:\WINDOWS\srchasst
2009-06-10 14:34:37 ----D---- C:\Program Files\Movie Maker
2009-06-10 14:34:27 ----D---- C:\Program Files\NetMeeting
2009-06-10 14:34:23 ----D---- C:\Program Files\Outlook Express
2009-06-10 14:34:23 ----D---- C:\Program Files\Common Files\System
2009-06-10 14:34:08 ----D---- C:\Program Files\Internet Explorer
2009-06-10 14:33:30 ----D---- C:\WINDOWS\system32\Com
2009-06-10 14:33:01 ----D---- C:\WINDOWS\system32\wbem
2009-06-10 14:32:58 ----D---- C:\Program Files\Windows NT
2009-06-10 14:27:41 ----SH---- C:\boot.ini
2009-06-10 14:21:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-10 14:14:16 ----A---- C:\WINDOWS\system.ini
2009-06-10 14:14:11 ----D---- C:\WINDOWS\system
2009-06-10 14:13:59 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-06-10 02:29:51 ----D---- C:\OEMSettings
2009-06-10 01:53:32 ----D---- C:\our folders
2009-06-10 01:25:04 ----D---- C:\movies 1
2009-06-07 20:12:48 ----HD---- C:\WINDOWS\msdownld.tmp
2009-06-07 19:41:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-02 18:16:39 ----D---- C:\quarantine
2009-05-29 19:27:13 ----D---- C:\WINDOWS\system32\DirectX
2009-05-29 19:26:54 ----RSD---- C:\WINDOWS\assembly
2009-05-29 19:24:37 ----D---- C:\Program Files\AGEIA Technologies
2009-05-24 17:15:46 ----D---- C:\Program Files\Common Files
2009-05-15 22:14:26 ----D---- C:\Program Files\Corel

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-08-18 58016]
R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\system32\Drivers\nvport.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-09-10 21035]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-05-26 279712]
R2 copylock;Copylock NT Driver; \??\C:\WINDOWS\system32\copylock.sys []
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
R2 LANPkt;Realtek LANPkt Protocol; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 8440]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-05-26 25888]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-09-14 23992]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-09-14 25272]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 dsnpfdeskSoft Service; C:\WINDOWS\system32\DRIVERS\dsnpfd.sys [2008-01-05 16896]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-30 4725760]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-08-18 108256]
R3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
R3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 PCAlertDriver;PCAlertDriver; \??\C:\Program Files\MSI\Core Center\NTGLM7X.sys []
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-15 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-03-29 9856]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
R3 RushTopDevice;RushTopDevice; \??\C:\Program Files\MSI\Core Center\RushTop.sys []
R3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 25600]
R3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 RT73;54M USB Wireless Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-12-28 287232]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 V0330VID;WebCam Vista/Live! Cam Chat; C:\WINDOWS\system32\DRIVERS\V0330Vid.sys [2007-08-08 157696]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\system32\ZDCndis5.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2007-06-14 411168]
R2 HDDSvc;HDD Information Service; C:\WINDOWS\system32\HDDSvc.exe [2008-01-06 189704]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-08-18 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-08-18 28672]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-09-14 648488]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-02-15 707344]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Just Flight Limited License Service;Just Flight Limited License Service; C:\Program Files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2008-06-26 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
===============
Trogan
Malware Remover
Trogan
7,405 Posts
17 Jun 2009, 3:21pm
Hi, Apologies for the delay. Since it has been several days, I'd like to see a new HijackThis log. Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Save the log to a convenient location as you'll need to post it soon.
  • Don't use the Analyse This button, its findings are dangerous if misinterpreted.
  • Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
__________________ It's all 'bout Manchester United!


Proud member of ASAP since 2006

بِسۡمِ ٱللهِ ٱلرَّحۡمَـٰنِ ٱلرَّحِيم
nick1983
Icrontic Convert
nick1983
13 Posts
17 Jun 2009, 5:58pm
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:27, on 17/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Vtune\TBPanel.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\V0330Mon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\Nishant\Desktop\Bandwidth_Meter_Pro_v2.6.603.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: {b469fc15-9da0-3acb-b134-be90f7d209d4} - {4d902d7f-09eb-431b-bca3-0ad951cf964b} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BF29159E-5626-4757-8E4A-D12B68ADD6D4} - (no file)
O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [HDInspector.exe] E:\temp isnat\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrojanScanner] V:\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\temp isnat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: Download with GetRight Pro - L:\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - L:\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1203789450693
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1229261617109
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5035/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B889F46D-6AFE-432C-9141-C85E9AF3F995}: NameServer = 203.94.227.70,203.94.243.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{D534BEB4-EFA3-40D9-99A4-4CCC13222E08}: NameServer = 203.94.227.70,203.94.243.70
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Just Flight Limited License Service - Just Flight Limited - C:\Program Files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9355 bytes
Trogan
Malware Remover
Trogan
7,405 Posts
19 Jun 2009, 3:38pm
Hi,

Please do the following...

1. Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: {b469fc15-9da0-3acb-b134-be90f7d209d4} - {4d902d7f-09eb-431b-bca3-0ad951cf964b} - (no file)
O2 - BHO: (no name) - {BF29159E-5626-4757-8E4A-D12B68ADD6D4} - (no file)

- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis

2. Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT!!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

[center][/center]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

[center] [/center]

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
nick1983
Icrontic Convert
nick1983
13 Posts
20 Jun 2009, 3:43pm
removed those keys with hijack

couldnt run combofix in normal mode so done in safemode
====================================================================
ComboFix 09-06-19.01 - Nishant 20/06/2009 19:54.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1749 [GMT 5.5:30]
Running from: c:\documents and settings\Nishant\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.

2009-06-20 14:12 . 2009-06-20 14:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-18 20:27 . 2009-06-18 20:27 -------- d-----w- c:\program files\Western Digital Corporation
2009-06-17 16:58 . 2009-06-17 16:58 -------- d-----w- c:\program files\Trend Micro
2009-06-15 21:15 . 2006-06-19 07:31 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-06-15 21:15 . 2006-05-25 10:22 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-06-15 21:15 . 2005-08-25 20:20 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-06-15 21:15 . 2003-02-02 14:36 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-06-15 21:15 . 2002-03-05 19:30 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-06-15 21:15 . 2009-06-15 21:15 -------- d-----w- c:\documents and settings\Nishant\Application Data\Simply Super Software
2009-06-15 21:15 . 2009-06-15 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-06-15 06:51 . 2009-05-26 07:50 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 06:51 . 2009-05-26 07:49 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 08:28 . 2009-06-12 08:28 -------- d-----w- C:\rsit
2009-06-10 12:59 . 2005-05-03 13:13 69632 ------r- c:\windows\Alcmtr.exe
2009-06-10 11:59 . 2006-02-03 08:29 11264 ----a-w- c:\windows\nvoclk64.sys
2009-06-10 11:59 . 2006-01-11 05:50 45056 ----a-w- c:\windows\NTuneGpu.dll
2009-06-10 11:59 . 2006-01-11 05:50 380928 ----a-w- c:\windows\nvsulib.dll
2009-06-10 11:59 . 2005-09-22 20:03 499712 ----a-w- c:\windows\msvcp71.dll
2009-06-10 11:59 . 2005-09-22 20:03 348160 ----a-w- c:\windows\msvcr71.dll
2009-06-10 11:59 . 2005-09-22 20:03 1060864 ----a-w- c:\windows\MFC71.dll
2009-06-10 11:59 . 2005-09-09 03:02 53248 ----a-w- c:\windows\nvgpio.dll
2009-06-10 09:21 . 2009-06-10 09:22 -------- d-----w- C:\4441c714b033426b91e26085f5
2009-06-10 09:17 . 2009-06-10 09:17 -------- d-----w- c:\windows\5DF3D1BB894E4DCD8275159AC9829B43.TMP
2009-06-10 09:07 . 2004-08-04 01:07 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-06-10 09:06 . 2004-08-04 01:07 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2009-06-10 09:04 . 2004-08-04 01:07 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-06-10 08:51 . 2009-06-10 08:51 -------- d-----w- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2009-06-10 08:44 . 2004-08-04 01:07 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-06-10 08:44 . 2004-08-04 01:07 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-06-10 08:44 . 2004-08-04 01:07 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-06-10 08:44 . 2004-08-04 01:07 13312 ----a-w- c:\windows\system32\irclass.dll
2009-06-10 08:42 . 2009-06-10 08:43 -------- d-s---w- c:\windows\system32\config\systemprofile\History
2009-06-07 15:29 . 2009-06-07 15:29 -------- d-----w- c:\documents and settings\Nishant\Local Settings\Application Data\salvation
2009-06-07 15:29 . 2009-06-07 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\salvation
2009-06-04 17:45 . 2008-12-03 19:55 120832 ----a-w- c:\documents and settings\Nishant\Application Data\Mozilla\Firefox\Profiles\bvdwgfse.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-03 16:56 . 2009-06-03 16:56 390664 ----a-w- c:\documents and settings\Nishant\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-26 20:20 . 2009-05-26 20:20 -------- d-----w- c:\documents and settings\Nishant\Application Data\ValuSoft
2009-05-26 10:40 . 2009-05-26 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages
2009-05-26 10:11 . 2009-05-26 10:11 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-05-26 10:11 . 2009-05-26 10:11 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-05-24 11:49 . 2009-05-24 11:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-24 11:49 . 2009-06-10 10:30 -------- d-----w- c:\documents and settings\Nishant\Application Data\skypePM
2009-05-24 11:46 . 2009-06-10 11:24 -------- d-----w- c:\documents and settings\Nishant\Application Data\Skype
2009-05-24 11:45 . 2009-05-24 11:45 -------- d-----w- c:\program files\Common Files\Skype
2009-05-24 11:45 . 2009-05-24 11:45 -------- d-----r- c:\program files\Skype
2009-05-24 11:45 . 2009-05-24 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 18:23 . 2007-12-14 20:09 72720 ----a-w- c:\documents and settings\Nishant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-15 07:19 . 2008-05-31 15:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-10 11:59 . 2008-04-30 17:21 -------- d-----w- c:\program files\MSI
2009-06-10 09:03 . 2007-12-14 19:36 23392 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-10 08:51 . 2007-12-15 19:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-07 14:11 . 2007-12-14 19:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-29 13:54 . 2008-09-14 19:37 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-15 16:54 . 2008-01-25 18:57 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-05-15 16:44 . 2009-05-15 16:44 -------- d-----w- c:\program files\Common Files\Corel
2009-05-15 16:44 . 2008-01-23 15:01 -------- d-----w- c:\program files\Corel
2009-04-29 15:41 . 2008-12-15 16:11 -------- d-----w- c:\documents and settings\Nishant\Application Data\TeamViewer
2009-04-27 15:47 . 2009-04-27 15:47 7168 ----a-w- c:\documents and settings\Nishant\Application Data\Thinstall\Your Uninstaller! 2008 Version 6.0\400000d400002i\unins000.exe
2009-04-27 15:47 . 2008-05-05 14:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-23 09:56 . 2009-04-23 09:56 -------- d-----w- c:\documents and settings\Nishant\Application Data\Disney Interactive Studios
2002-09-11 14:26 . 2007-12-14 19:55 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
2006-05-06 16:42 . 2008-01-17 19:10 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 1079296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-15 1510640]
"DAEMON Tools"="e:\temp isnat\DAEMON Tools\daemon.exe" [2007-04-03 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\program files\Vtune\TBPanel.exe" [2007-03-23 2158592]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-05 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-06-14 149024]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"HDInspector.exe"="e:\temp isnat\Hard Drive Inspector\HDInspector.exe" [2008-01-09 1002248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-03 185896]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-29 32768]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-04-20 385024]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"TrojanScanner"="v:\trojan remover\Trjscan.exe" [2009-06-01 1059720]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-01-29 16859648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2009-6-10 928256]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 08:11 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Nimbuzz\\Nimbuzz.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\softs\\P._LimeWire_4.16.6_by_yerdenizden.exe"=
"c:\\Documents and Settings\\Nishant\\Desktop\\Foxit PDF Editor.exe"=
"e:\\temp isnat\\dc++\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:q
"6346:UDP"= 6346:UDP:as
"67:UDP"= 67:UDPHCP Discovery Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [15/12/2007 01:40 58016]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 dsnpfdeskSoft Service;c:\windows\system32\drivers\dsnpfd.sys [05/01/2008 23:40 16896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [13/05/2008 12:43 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/05/2008 12:43 55024]
S2 copylock;Copylock NT Driver;c:\windows\system32\COPYLOCK.SYS [26/01/2009 17:20 5248]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 13:13 38144]
S2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [23/07/2008 23:07 8440]
S3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [26/06/2008 21:38 69632]
S3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\Core Center\NTGLM7X.sys [10/06/2009 17:29 27648]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23/04/2007 14:11 287232]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [13/05/2008 12:44 7408]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [11/05/2008 14:31 157696]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 13:50]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Download with GetRight Pro - l:\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Pro Browser - l:\getright\GRbrowse.htm
TCP: {B889F46D-6AFE-432C-9141-C85E9AF3F995} = 203.94.227.70,203.94.243.70
TCP: {D534BEB4-EFA3-40D9-99A4-4CCC13222E08} = 203.94.227.70,203.94.243.70
DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-20 19:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1123561945-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:77,e4,8f,61,27,ce,15,b3,52,4c,92,45,da,f7,00,5a,57,a5,93,77,1f,34,d7,
c1,d3,26,fb,b1,9e,b3,d6,57,f8,ff,4e,71,07,5f,7f,1b,63,68,e3,21,7b,de,ef,f7,\
"??"=hex:cc,dd,2e,e0,49,43,a1,d5,bc,2e,56,92,33,03,71,bb

[HKEY_USERS\S-1-5-21-1078081533-1123561945-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:a3,a3,61,c1,92,6f,71,2d,53,8c,6c,ce,93,44,aa,96,fb,21,31,19,b4,
07,b1,87,1b,6f,32,8d,53,d2,e9,7d,98,ca,2a,d1,bb,52,68,54,c7,da,d9,ef,16,ce,\
"rkeysecu"=hex:52,5d,16,0d,b7,39,a2,46,ad,ad,80,41,40,a9,b0,8b

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="AE904F227ABD92F2477D4748799FBFA1F591184845D5D4C93C316D1C90F01797135E68DDF65B1DD770BA1C74023F0ABFD1E00587C4C3D495DC80A54D7B9CA79C8CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A9C6AECB7A5D14075D575E7D6A3B9808E12D41E6D77530D199A370D07F639619CE7854CBB8D21B279B5403D0E9B38A39D879DF423DF7471EBDD2DF1CB2643BDF5E95A6227303930765F7EAAA0B1ED5652C6FB173D744C1762686D6095DE9FBCD08BAE1BCE38E1394DAF332ACDC78CC99C2857858A303CCEFB03FF9C68E747C18490F2F3EC1E95147B6B8280CE2D3DCB0B313C557157C2AE2F2DC428BC126723AD31E0ECC38341BDAE89A6EFD196585C4C8D601D8121FB0ED34287D13EBC52CF08CD64E94E7AB51CD9251FCC0E8065EB68272E7C972FB4BF0F3C9CA18733E063F0D8C1742E4B4E7628BFA1E9236B20FAA95E8889A06C9F791DF529F5F349FF4EAA277E18A3856E622DC16F037D48BD50967A6C8BF8EE2C83ADD32442C7A1B7F7ECF337B235CBD6BD5C50868768DD7837D94775EB14244639507C0D6488C0841C749BD8746C1B9A38D3898C99B1EFC7CF86C0DD5EDC910041625B64782A061E85978FAF9B3CBBED59CDB7531F6370A3C2E73FC0EF4460C76F0BBB45A2CDF47BA89FBB31EAC5464591A8AAD8DDBFEB04E17DF40BC4AC5A39E20FDBC281A6B7A0D71A41190F826E61BE052B621A18B4354EE9DB4E7F651E171DF55359E2756E34C70F6A4446202279B11776783256CBD0435CB9BEB88E17AFA315C67FDAFA58CF6A7AEE0FC381AA66D8C6E7E9DC4A2B9A5AE3F1A798FE444585865025B17D6A5A0FDB71C574D980F3A7B629AAF63A1FA98E37EB9139F3DB6BBE075189FC0D7806F9CB393BEF7192C3EC732C04DEAD3E44BA0C4E890D241726C96439F86988A1420F2796676912AECC922F0595B46950145F482771F44B936C30A3CF3A20B477A8133119613FB51E6417DE3AF94E4B87B1FB5DA1BBC16E5EA319000D1D60AD8F4F652B70D7E1687D09C8F07F50AB88125067A266E3E6CF618B445E45DDC0AFE64F78BDF14F7C9B50667D387401CBCA8F3BA9FED6E4BEE13ED6603F19BC187EBD08EDBAFDB8FFE3E87C28AC806036ADB8113C3F2FADECB55BC706B64F7E4FC46E45B867FF62CA674F8E237DF24C8C03C88794DA85BCAB2C9FA1164AB407DEE29EE11905EDD07322122901F995ACCC65E6A69E3B7B730D8F4429A176E2712E0A46377C50BEB2D187F6F26CEF24E427F4CACF372F99D88F54A50F1EF84C180DC3BD669337D5F82D43F6F17159F88ADFA80F7C0AAFE7F9FC735081420788C7971E205D52B5F5CBAE38457E4050473EBC4EE9A867F8B32940E14ED8C1D8C65803009CE41"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-06-20 19:57
ComboFix-quarantined-files.txt 2009-06-20 14:27

Pre-Run: 30,874,882,048 bytes free
Post-Run: 30,856,900,608 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
215 --- E O F --- 2009-03-14 13:23
===============================================================================
Trogan
Malware Remover
Trogan
7,405 Posts
22 Jun 2009, 8:18pm
Hi,

Please do the following...

1.
  • Go to VirusTotal
  • Copy and paste the following file path into the Search Box in the middle of the page:
    • c:\windows\system32\ztvcabinet.dll
  • Now click on the Send File button
    • NOTE:
    • If you come to the "File has already been analysed:" page, select "Reanalyse file now" to get a fresh scan.
  • Save a copy of the Anti-Virus results only. Post the results in your next reply.
Please do the same for the following files:

c:\windows\system32\ztvunrar36.dll
c:\windows\system32\ztvunace26.dll
c:\windows\system32\UNRAR3.dll
c:\windows\system32\irclass.dll
c:\windows\system32\ezsidmv.dat

2. Open Notepad and copy/paste the text in the Quote Box below into it:

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Save this as CFScript.txt to your Desktop



Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log and the VirusTotal results.
nick1983
Icrontic Convert
nick1983
13 Posts
23 Jun 2009, 7:34pm
c:\windows\system32\ztvcabinet.dll
======================================
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.23 -
AhnLab-V3 5.0.0.2 2009.06.23 -
AntiVir 7.9.0.193 2009.06.23 -
Antiy-AVL 2.0.3.1 2009.06.23 -
Authentium 5.1.2.4 2009.06.23 -
Avast 4.8.1335.0 2009.06.23 -
AVG 8.5.0.339 2009.06.23 -
BitDefender 7.2 2009.06.23 -
CAT-QuickHeal 10.00 2009.06.22 -
ClamAV 0.94.1 2009.06.23 -
Comodo 1401 2009.06.23 -
DrWeb 5.0.0.12182 2009.06.23 -
eSafe 7.0.17.0 2009.06.23 -
eTrust-Vet 31.6.6575 2009.06.23 -
F-Prot 4.4.4.56 2009.06.23 -
F-Secure 8.0.14470.0 2009.06.23 -
Fortinet 3.117.0.0 2009.06.23 -
GData 19 2009.06.23 -
Ikarus T3.1.1.59.0 2009.06.23 -
Jiangmin 11.0.706 2009.06.23 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.23 -
McAfee 5655 2009.06.23 -
McAfee+Artemis 5655 2009.06.23 -
McAfee-GW-Edition 6.7.6 2009.06.23 -
Microsoft 1.4803 2009.06.23 -
NOD32 4181 2009.06.23 -
Norman 6.01.09 2009.06.23 -
nProtect 2009.1.8.0 2009.06.23 -
Panda 10.0.0.16 2009.06.23 -
PCTools 4.4.2.0 2009.06.22 -
Prevx 3.0 2009.06.23 -
Rising 21.35.14.00 2009.06.23 -
Sophos 4.42.0 2009.06.23 -
Sunbelt 3.2.1858.2 2009.06.23 -
Symantec 1.4.4.12 2009.06.23 -
TheHacker 6.3.4.3.351 2009.06.22 -
TrendMicro 8.950.0.1094 2009.06.23 -
VBA32 3.12.10.7 2009.06.23 -
ViRobot 2009.6.23.1800 2009.06.23 -
VirusBuster 4.6.5.0 2009.06.23 -
Additional information
File size: 69632 bytes
MD5...: 9ec7cf498f3f71e807629577c7bc2d19
SHA1..: d47d985cedaac980d18ff446687edc0f9c5f2f1f
SHA256: ed3407eeaccc1718e0b2bc27fd3301bb3d4213821533412b2fe0f2149d0f7a8b
ssdeep: 1536X/7+7mbdhpb6aooPzvO5J98baeGFyQyuzxvHZ8KdkroUjPC7mb/pb6sv
MJ98baByqiKdkroUj
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x0
timedatestamp.....: 0x39403bed (Fri Jun 09 00:35:57 2000)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xc74d 0xd000 6.47 16485af7c8f11d33cc0d33815943b39f
.data 0xe000 0x2818 0x1000 0.56 47de7854fbfd6247387b4f524684f06b
.rsrc 0x11000 0x3c8 0x1000 1.04 a672e0b885ac0f9fcc95799429d43e4a
.reloc 0x12000 0x3f8 0x1000 2.10 a9188d5764c12576263581259dd17eca

( 2 imports )
> KERNEL32.dll: CreateDirectoryA, ReadFile, WriteFile, CloseHandle, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, lstrcatA, lstrcpyA, lstrlenA, CreateFileA, SetFileAttributesA, lstrcmpiA, GetLastError, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, DeleteFileA
> ole32.dll: CoTaskMemFree, CoTaskMemAlloc

( 14 exports )
DeleteExtractedFiles, DllGetVersion, Extract, FCIAddFile, FCICreate, FCIDestroy, FCIFlushCabinet, FCIFlushFolder, FDICopy, FDICreate, FDIDestroy, FDIIsCabinet, FDITruncateCabinet, GetDllVersion
PDFiD.: -
RDS...: NSRL Reference Data Set

( Sony )

> Sony System Recovery CD - Sony Driver Recovery CD - Sony Application Recovery CD: 69632_559a562c8!
> Sony System Recover CD: Cabinet.dll

( Microsoft )

> msdn Internet Explorer/ windows2000 Server: cabinet.dll
> Windows: cabinet.dll
> MSDN Disc 0527.1: cabinet.dll
> Windows Me: cabinet.dll
> MSDN Disc 0527.2: cabinet.dll
> Windows DDks: cabinet.dll
> MSDN Disc 2427.1: cabinet.dll
> Platforms, Servers, Applications: cabinet.dll
> MSDN Development Platform Disc2: cabinet.dll
=========================================================
===========================================================
===========================================================


Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.23 -
AhnLab-V3 5.0.0.2 2009.06.23 -
AntiVir 7.9.0.193 2009.06.23 -
Antiy-AVL 2.0.3.1 2009.06.23 -
Authentium 5.1.2.4 2009.06.23 -
Avast 4.8.1335.0 2009.06.23 -
AVG 8.5.0.339 2009.06.23 -
BitDefender 7.2 2009.06.23 -
CAT-QuickHeal 10.00 2009.06.22 -
ClamAV 0.94.1 2009.06.23 -
Comodo 1401 2009.06.23 -
DrWeb 5.0.0.12182 2009.06.23 -
eSafe 7.0.17.0 2009.06.23 -
eTrust-Vet 31.6.6575 2009.06.23 -
F-Prot 4.4.4.56 2009.06.23 -
F-Secure 8.0.14470.0 2009.06.23 -
Fortinet 3.117.0.0 2009.06.23 -
GData 19 2009.06.23 -
Ikarus T3.1.1.59.0 2009.06.23 -
Jiangmin 11.0.706 2009.06.23 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.23 -
McAfee 5655 2009.06.23 -
McAfee+Artemis 5655 2009.06.23 -
McAfee-GW-Edition 6.7.6 2009.06.23 -
Microsoft 1.4803 2009.06.23 -
NOD32 4181 2009.06.23 -
Norman 6.01.09 2009.06.23 -
nProtect 2009.1.8.0 2009.06.23 -
Panda 10.0.0.16 2009.06.23 -
PCTools 4.4.2.0 2009.06.22 -
Prevx 3.0 2009.06.23 -
Rising 21.35.14.00 2009.06.23 -
Sophos 4.42.0 2009.06.23 -
Sunbelt 3.2.1858.2 2009.06.23 -
Symantec 1.4.4.12 2009.06.23 -
TheHacker 6.3.4.3.351 2009.06.22 -
TrendMicro 8.950.0.1094 2009.06.23 -
VBA32 3.12.10.7 2009.06.23 -
ViRobot 2009.6.23.1800 2009.06.23 -
VirusBuster 4.6.5.0 2009.06.23 -
Additional information
File size: 162304 bytes
MD5...: eea6103d96b51e41c058ad2676cdf53e
SHA1..: 5b189298039b67df653c62db5d5c490472ccbef7
SHA256: db4c1d956c6350ba8f7899ba046f71d135b6f7b73ed0b5ec237eea2060a3277e
ssdeep: 3072:lwIKRLhMEH4W1/Ybb1sU0lIyxE16QCL7QcomrpIjiHvHpqPQxhXypCO:aIi
LhME/gbW7/K16QCxHpqYxhXy
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library - Borland C/C++ (86.9%)
DOS Executable Borland C++ (5.1%)
Win32 Executable Generic (3.3%)
Win32 Dynamic Link Library (generic) (2.9%)
Generic Win/DOS Executable (0.7%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x44758c7e (Thu May 25 10:52:46 2006)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x22000 0x21400 6.55 d6d8db6367da62b3ea4421864cc3b844
.data 0x23000 0xb000 0x3e00 4.07 2b6cd3c20974809fbe3788cba61eb35c
.tls 0x2e000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.idata 0x2f000 0x1000 0xa00 4.60 f00458d33043d8896c97389e2b5b1155
.edata 0x30000 0x1000 0x200 4.17 8107f75977acee10365276997b2a6296
.rsrc 0x31000 0x1000 0x400 2.00 a4bcd1db03cf6bf822a9b5f3ea9cf239
.reloc 0x32000 0x1000 0x1000 6.60 92aff816ba265b0d0c61f3421916c64d

( 3 imports )
> ADVAPI32.DLL: AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, SetFileSecurityW
> KERNEL32.DLL: CloseHandle, CompareStringA, CompareStringW, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, DeviceIoControl, ExitProcess, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FreeEnvironmentStringsA, FreeLibrary, GetACP, GetCPInfo, GetCurrentProcess, GetCurrentThreadId, GetEnvironmentStrings, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocalTime, GetModuleFileNameA, GetModuleHandleA, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoA, GetStdHandle, GetStringTypeW, GetVersion, GetVersionExA, GlobalMemoryStatus, HeapAlloc, HeapFree, IsDBCSLeadByte, LCMapStringA, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, MultiByteToWideChar, RaiseException, ReadFile, RtlUnwind, SetConsoleCtrlHandler, SetEndOfFile, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetHandleCount, Sleep, SystemTimeToFileTime, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, WideCharToMultiByte, WriteFile
> USER32.DLL: CharLowerA, CharLowerW, CharToOemA, CharToOemBuffA, CharUpperA, CharUpperW, EnumThreadWindows, MessageBoxA, OemToCharA, OemToCharBuffA, wsprintfA

( 13 exports )
RARCloseArchive, RARGetDllVersion, RAROpenArchive, RAROpenArchiveEx, RARProcessFile, RARProcessFileW, RARReadHeader, RARReadHeaderEx, RARSetCallback, RARSetChangeVolProc, RARSetPassword, RARSetProcessDataProc, ___CPPdebugHook
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=eea6103d96b51e41c058ad2676cdf53e' target='_blank'>http://www.threatexpert.com/report.aspx?md5=eea6103d96b51e41c058ad2676cdf53e</a>

=========================================================
===========================================================
===========================================================


File UNRAR3.dll received on 2009.06.23 18:33:09 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.23 -
AhnLab-V3 5.0.0.2 2009.06.23 -
AntiVir 7.9.0.193 2009.06.23 -
Antiy-AVL 2.0.3.1 2009.06.23 -
Authentium 5.1.2.4 2009.06.23 -
Avast 4.8.1335.0 2009.06.23 -
AVG 8.5.0.339 2009.06.23 -
BitDefender 7.2 2009.06.23 -
CAT-QuickHeal 10.00 2009.06.22 -
ClamAV 0.94.1 2009.06.23 -
Comodo 1401 2009.06.23 -
DrWeb 5.0.0.12182 2009.06.23 -
eSafe 7.0.17.0 2009.06.23 -
eTrust-Vet 31.6.6575 2009.06.23 -
F-Prot 4.4.4.56 2009.06.23 -
Fortinet 3.117.0.0 2009.06.23 -
GData 19 2009.06.23 -
Ikarus T3.1.1.59.0 2009.06.23 -
Jiangmin 11.0.706 2009.06.23 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.23 -
McAfee 5655 2009.06.23 -
McAfee+Artemis 5655 2009.06.23 -
McAfee-GW-Edition 6.7.6 2009.06.23 -
Microsoft 1.4803 2009.06.23 -
NOD32 4181 2009.06.23 -
Norman 6.01.09 2009.06.23 -
nProtect 2009.1.8.0 2009.06.23 -
Panda 10.0.0.16 2009.06.23 -
PCTools 4.4.2.0 2009.06.22 -
Prevx 3.0 2009.06.23 -
Rising 21.35.14.00 2009.06.23 -
Sophos 4.42.0 2009.06.23 -
Sunbelt 3.2.1858.2 2009.06.23 -
Symantec 1.4.4.12 2009.06.23 -
TheHacker 6.3.4.3.351 2009.06.22 -
TrendMicro 8.950.0.1094 2009.06.23 -
VBA32 3.12.10.7 2009.06.23 -
ViRobot 2009.6.23.1800 2009.06.23 -
VirusBuster 4.6.5.0 2009.06.23 -
Additional information
File size: 153088 bytes
MD5...: 5a495e481bf7f5feafc8238dff493af5
SHA1..: d4ba78c8794328859506dc05eb9e6cb7619dad96
SHA256: d951f13927ddfcee6477838ef34ffc1bea4dc05e1f9ee70152a4ccf7d40f1750
ssdeep: 3072:FUAD6LCZpzwPKg4nKjcsNbNj1T+YCcTpyojUlP1UN7Vs2uyKwEWfSqOXMwU
wqBOjZpzIr4KjpbSYCc9yoolMEWfSqO7Uz
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library - Borland C/C++ (86.9%)
DOS Executable Borland C++ (5.1%)
Win32 Executable Generic (3.3%)
Win32 Dynamic Link Library (generic) (2.9%)
Generic Win/DOS Executable (0.7%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x3e3d41ea (Sun Feb 02 16:06:02 2003)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x20000 0x1f200 6.55 34f2fab2130aa949d5a2a06032659fa5
.data 0x21000 0xa000 0x3e00 4.04 b4dec636b4fc5b6d6b7723ad8901e505
.tls 0x2b000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.idata 0x2c000 0x1000 0xa00 4.54 e0785cf4f48671e153e70b377ff47f7f
.edata 0x2d000 0x1000 0x200 4.12 7a2571d9fcdb31e8ddde5bd63ae3b403
.rsrc 0x2e000 0x1000 0x200 0.95 9591d537206c397d4e5e960545ec3ed2
.reloc 0x2f000 0x1000 0x1000 6.50 c7c22096ef6c07fb307ae2f58d111ef2

( 3 imports )
> ADVAPI32.DLL: AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, SetFileSecurityW
> KERNEL32.DLL: CloseHandle, CompareStringA, CompareStringW, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, DosDateTimeToFileTime, ExitProcess, FileTimeToDosDateTime, FileTimeToLocalFileTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FreeEnvironmentStringsA, FreeLibrary, GetACP, GetCPInfo, GetCurrentProcess, GetCurrentThreadId, GetEnvironmentStrings, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocalTime, GetModuleFileNameA, GetModuleHandleA, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoA, GetStdHandle, GetStringTypeW, GetVersion, GetVersionExA, GlobalMemoryStatus, HeapAlloc, HeapFree, IsDBCSLeadByte, LCMapStringA, LoadLibraryA, LocalFileTimeToFileTime, MultiByteToWideChar, RaiseException, ReadFile, RtlUnwind, SetConsoleCtrlHandler, SetEndOfFile, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetHandleCount, Sleep, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, WideCharToMultiByte, WriteFile
> USER32.DLL: CharLowerA, CharLowerW, CharToOemA, CharToOemBuffA, CharUpperA, CharUpperW, EnumThreadWindows, MessageBoxA, OemToCharA, OemToCharBuffA, wsprintfA

( 12 exports )
RARCloseArchive, RARGetDllVersion, RAROpenArchive, RAROpenArchiveEx, RARProcessFile, RARReadHeader, RARReadHeaderEx, RARSetCallback, RARSetChangeVolProc, RARSetPassword, RARSetProcessDataProc, ___CPPdebugHook
PDFiD.: -
RDS...: NSRL Reference Data Set

( Electronic Arts Ltd )

> Nascar Thunder 2004: unrar.dll

ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=5a495e481bf7f5feafc8238dff493af5' target='_blank'>http://www.threatexpert.com/report.aspx?md5=5a495e481bf7f5feafc8238dff493af5</a>


=========================================================
===========================================================
===========================================================

File irclass.dll received on 2009.06.23 18:33:10 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.23 -
AhnLab-V3 5.0.0.2 2009.06.23 -
AntiVir 7.9.0.193 2009.06.23 -
Antiy-AVL 2.0.3.1 2009.06.23 -
Authentium 5.1.2.4 2009.06.23 -
Avast 4.8.1335.0 2009.06.23 -
AVG 8.5.0.339 2009.06.23 -
BitDefender 7.2 2009.06.23 -
CAT-QuickHeal 10.00 2009.06.22 -
ClamAV 0.94.1 2009.06.23 -
Comodo 1401 2009.06.23 -
DrWeb 5.0.0.12182 2009.06.23 -
eSafe 7.0.17.0 2009.06.23 -
eTrust-Vet 31.6.6575 2009.06.23 -
F-Prot 4.4.4.56 2009.06.23 -
Fortinet 3.117.0.0 2009.06.23 -
GData 19 2009.06.23 -
Ikarus T3.1.1.59.0 2009.06.23 -
Jiangmin 11.0.706 2009.06.23 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.23 -
McAfee 5655 2009.06.23 -
McAfee+Artemis 5655 2009.06.23 -
McAfee-GW-Edition 6.7.6 2009.06.23 -
Microsoft 1.4803 2009.06.23 -
NOD32 4181 2009.06.23 -
Norman 6.01.09 2009.06.23 -
nProtect 2009.1.8.0 2009.06.23 -
Panda 10.0.0.16 2009.06.23 -
PCTools 4.4.2.0 2009.06.22 -
Prevx 3.0 2009.06.23 -
Rising 21.35.14.00 2009.06.23 -
Sophos 4.42.0 2009.06.23 -
Sunbelt 3.2.1858.2 2009.06.23 -
Symantec 1.4.4.12 2009.06.23 -
TheHacker 6.3.4.3.351 2009.06.22 -
TrendMicro 8.950.0.1094 2009.06.23 -
VBA32 3.12.10.7 2009.06.23 -
ViRobot 2009.6.23.1800 2009.06.23 -
VirusBuster 4.6.5.0 2009.06.23 -
Additional information
File size: 13312 bytes
MD5...: facef4325fe4795647149dec6ff728c7
SHA1..: 50d325710173145f9f0ec65790d6d279da254cd9
SHA256: 9b10a0ec1c16f396f36fcf8b85c42c45a3ca3f3a45e71dd5e77cddd417d1af4f
ssdeep: 192:RLeMYLNVNVmUPtqVxwoF7FZHN5URAoWlUWh0cLjQf:RLeMYLNVDJPtq375FZ
HN5UnWlUWh0
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x12e0
timedatestamp.....: 0x3b7dfed9 (Sat Aug 18 05:36:25 2001)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x16ba 0x1800 6.00 167ff1be7da9b2c41e26bb3b9d54ffc8
.data 0x3000 0x4f0 0x200 0.63 0289fe426d2814fb9850855337f7f404
.rsrc 0x4000 0x1058 0x1200 3.46 5ec52ce77075d15f4b92dfe7edaea0da
.reloc 0x6000 0x21a 0x400 2.32 87eb91615923354a11c63477cdb5a871

( 6 imports )
> msvcrt.dll: _wtol
> ADVAPI32.dll: RegQueryValueExW, RegCloseKey, RegEnumValueW, RegSetValueExW, RegOpenKeyExW
> COMCTL32.dll: CreatePropertySheetPageW, DestroyPropertySheetPage
> KERNEL32.dll: lstrlenW, DisableThreadLibraryCalls, LocalAlloc, LocalFree, GetLastError, lstrcpyW
> SETUPAPI.dll: SetupFindFirstLineW, SetupCloseInfFile, SetupDiOpenDevRegKey, SetupDiGetDeviceRegistryPropertyW, SetupDiCallClassInstaller, SetupDiSetDeviceInstallParamsW, SetupDiGetDeviceInstallParamsW, SetupDiSetClassInstallParamsW, SetupDiSetDeviceRegistryPropertyW, SetupDiGetClassInstallParamsW, SetupGetIntField, SetupDiGetActualSectionToInstallW, SetupOpenInfFileW, SetupDiGetDriverInfoDetailW, SetupDiGetSelectedDriverW, SetupGetMultiSzFieldW
> USER32.dll: GetWindowLongW, LoadStringW, MessageBoxW, GetFocus, SendDlgItemMessageW, ShowWindow, GetDlgItem, SetDlgItemTextW, WinHelpW, EnableWindow, PostMessageW, SendMessageW, GetParent, EndDialog, SetWindowLongW

( 3 exports )
IrSIRClassCoInstaller, IrSIRPortPropPageProvider, LibMain
PDFiD.: -
RDS...: NSRL Reference Data Set

( Microsoft )

> Operating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: irclass.dll
> Virtual PC for Mac Windows XP Home Edition: irclass.dll
> MSDN Disc 2428: irclass.dll
> MSDN Disc2428.3: irclass.dll
> Platforms, SDK/DDK, Developer Tools: irclass.dll
> Windows XP: irclass.dll
> 2262A: Supporting Users Running Applications on a Microsoft Windows XP Operating System: irclass.dll
> Windows XP Home Edition: irclass.dll
> Microsoft TechNet Trial Software 2002 Volume 1: irclass.dll
> 2261A: Supporting Users Running the Microsoft Windows XP Operating System: irclass.dll
> Windows CE .NET Evaluation Software: irclass.dll
> MSDN Disc 2041: irclass.dll
> MSDN Disc 2307: irclass.dll
> Microsoft Security Resource Kit: irclass.dll
> Windows XP Tablet PC Edition: irclass.dll
> Windows XP Professional: irclass.dll
> Implementing and Supporting Microsoft Windows XP Professional: irclass.dll
> Windows XP Professional 2002 Service Pack 1: irclass.dll
> Windows XP eMbedded Evaluation Software: irclass.dll
> MSDN Disc 3264: irclass.dll
> MSDN Disc 2428.1: irclass.dll
> MSDN Disc 2428.2: irclass.dll
> MSDN Disc 2428.5: irclass.dll
> MSDN Disc 2428.4: irclass.dll
> MSDN Disc 2428.8: irclass.dll
> Platforms, SDK/DDK: irclass.dll
> Virtual PC for Mac Windows XP Professional Edition: irclass.dll
> Microsoft Windows XP Professional: irclass.dll
> Platforms SDKs/DDKs: irclass.dll

( Compaq )

> Compaq Operating System CD: irclass.dll

( Dell )

> Reinstallation CD Microsoft Windows XP Professional: irclass.dll

( Gateway )

> Gateway Operating System Windows XP Pro Edition SP2: irclass.dll


=========================================================
===========================================================
===========================================================


File ezsidmv.dat received on 2009.06.23 18:33:37 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.23 -
AhnLab-V3 5.0.0.2 2009.06.23 -
AntiVir 7.9.0.193 2009.06.23 -
Antiy-AVL 2.0.3.1 2009.06.23 -
Authentium 5.1.2.4 2009.06.23 -
Avast 4.8.1335.0 2009.06.23 -
AVG 8.5.0.339 2009.06.23 -
BitDefender 7.2 2009.06.23 -
CAT-QuickHeal 10.00 2009.06.22 -
ClamAV 0.94.1 2009.06.23 -
Comodo 1401 2009.06.23 -
DrWeb 5.0.0.12182 2009.06.23 -
eSafe 7.0.17.0 2009.06.23 -
eTrust-Vet 31.6.6575 2009.06.23 -
F-Prot 4.4.4.56 2009.06.23 -
F-Secure 8.0.14470.0 2009.06.23 -
Fortinet 3.117.0.0 2009.06.23 -
GData 19 2009.06.23 -
Ikarus T3.1.1.59.0 2009.06.23 -
Jiangmin 11.0.706 2009.06.23 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.23 -
McAfee 5655 2009.06.23 -
McAfee+Artemis 5655 2009.06.23 -
McAfee-GW-Edition 6.7.6 2009.06.23 -
Microsoft 1.4803 2009.06.23 -
NOD32 4181 2009.06.23 -
Norman 6.01.09 2009.06.23 -
nProtect 2009.1.8.0 2009.06.23 -
Panda 10.0.0.16 2009.06.23 -
PCTools 4.4.2.0 2009.06.22 -
Prevx 3.0 2009.06.23 -
Rising 21.35.14.00 2009.06.23 -
Sophos 4.42.0 2009.06.23 -
Sunbelt 3.2.1858.2 2009.06.23 -
Symantec 1.4.4.12 2009.06.23 -
TheHacker 6.3.4.3.351 2009.06.22 -
TrendMicro 8.950.0.1094 2009.06.23 -
VBA32 3.12.10.7 2009.06.23 -
ViRobot 2009.6.23.1800 2009.06.23 -
VirusBuster 4.6.5.0 2009.06.23 -
Additional information
File size: 56 bytes
MD5...: 9c714175156afa89a1c0c98e9f51a319
SHA1..: f65558239942fcac0a0ae57dacf7ada551414b11
SHA256: 064d3df55cacca1ae8f4eaaeb7387523815f9a078c5fc3c70a7d5b5465f43240
ssdeep: 3:AvnprKzNUHkRUO:LNUER
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

=========================================================
===========================================================
===========================================================
File ztvunace26.dll received on 2009.06.23 18:32:46 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.23 -
AhnLab-V3 5.0.0.2 2009.06.23 -
AntiVir 7.9.0.193 2009.06.23 -
Antiy-AVL 2.0.3.1 2009.06.23 -
Authentium 5.1.2.4 2009.06.23 -
Avast 4.8.1335.0 2009.06.23 -
AVG 8.5.0.339 2009.06.23 -
BitDefender 7.2 2009.06.23 -
CAT-QuickHeal 10.00 2009.06.22 -
ClamAV 0.94.1 2009.06.23 -
Comodo 1401 2009.06.23 -
DrWeb 5.0.0.12182 2009.06.23 -
eSafe 7.0.17.0 2009.06.23 -
eTrust-Vet 31.6.6575 2009.06.23 -
F-Prot 4.4.4.56 2009.06.23 -
F-Secure 8.0.14470.0 2009.06.23 -
Fortinet 3.117.0.0 2009.06.23 -
GData 19 2009.06.23 -
Ikarus T3.1.1.59.0 2009.06.23 -
Jiangmin 11.0.706 2009.06.23 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.23 -
McAfee 5655 2009.06.23 -
McAfee+Artemis 5655 2009.06.23 -
McAfee-GW-Edition 6.7.6 2009.06.23 -
Microsoft 1.4803 2009.06.23 -
NOD32 4181 2009.06.23 -
Norman 6.01.09 2009.06.23 -
nProtect 2009.1.8.0 2009.06.23 -
Panda 10.0.0.16 2009.06.23 -
PCTools 4.4.2.0 2009.06.22 -
Prevx 3.0 2009.06.23 -
Rising 21.35.14.00 2009.06.23 -
Sophos 4.42.0 2009.06.23 -
Sunbelt 3.2.1858.2 2009.06.23 -
Symantec 1.4.4.12 2009.06.23 -
TheHacker 6.3.4.3.351 2009.06.22 -
TrendMicro 8.950.0.1094 2009.06.23 -
VBA32 3.12.10.7 2009.06.23 -
ViRobot 2009.6.23.1800 2009.06.23 -
VirusBuster 4.6.5.0 2009.06.23 -
Additional information
File size: 77312 bytes
MD5...: de02c4d04088b69e64ecc30a3d9e22e5
SHA1..: a5f66d420b6a6ebb04242fb85ca462a99dbf89b6
SHA256: c9d28800e740a1569aec8fe27df10ef186d883f94cec15a5c228826b45a24f9d
ssdeep: 1536:hZ7jJ13iy8Z781A9kJrVLaIYJqsghgRQquctDhyquYVuTXHze8I:i7OrUIe
qZqu1TTex
PEiD..: -
TrID..: File type identification
Clipper DOS Executable (33.4%)
Generic Win/DOS Executable (33.2%)
DOS Executable Generic (33.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x6cf6
timedatestamp.....: 0x430f3821 (Fri Aug 26 15:41:21 2005)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
AUTO 0x1000 0x0 0xee00 6.65 9919be0855ebc5731184cca52b4d4aac
.idata 0x10000 0x0 0x1000 4.95 a80fa01e532e5237dd7bae73e872f805
DGROUP 0x11000 0x0 0x1000 3.75 2a7439ec839dbad8f4f642dfef6bf6c0
.bss 0x12000 0x0 0x34a00 6.54 de02c4d04088b69e64ecc30a3d9e22e5
.edata 0x47000 0x0 0x200 2.23 322771581092c5b256f8a96e154198e3
.reloc 0x48000 0x0 0x1400 6.49 6f792a8b852804d81f3ee38dd74623f7
.rsrc 0x4a000 0x0 0x600 2.62 b9f4f644cae3209616e8ab915aa8a7b7

( 5 imports )
> SHELL32.DLL: ShellExecuteA, ShellExecuteExA
> KERNEL32.DLL: AllocConsole, CloseHandle, CreateDirectoryA, CreateFileA, CreateProcessA, DeleteFileA, DeviceIoControl, DisableThreadLibraryCalls, DosDateTimeToFileTime, ExitProcess, ExitThread, FileTimeToDosDateTime, FileTimeToLocalFileTime, FileTimeToSystemTime, FillConsoleOutputAttribute, FillConsoleOutputCharacterA, FindClose, FindFirstFileA, FindNextFileA, FlushFileBuffers, FreeConsole, GetCommandLineA, GetConsoleCursorInfo, GetConsoleScreenBufferInfo, GetCurrentDirectoryA, GetCurrentProcess, GetDiskFreeSpaceA, GetDriveTypeA, GetEnvironmentStrings, GetEnvironmentVariableA, GetExitCodeProcess, GetFileAttributesA, GetFileInformationByHandle, GetFileTime, GetFileType, GetFullPathNameA, GetLastError, GetLocalTime, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, GetShortPathNameA, GetStartupInfoA, GetStdHandle, GetSystemTime, GetTempPathA, GetTimeZoneInformation, GetVersion, GetVolumeInformationA, GlobalMemoryStatus, HeapAlloc, HeapCreate, HeapDestroy, HeapFree, HeapReAlloc, HeapSize, LCMapStringA, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, PeekConsoleInputA, ReadConsoleInputA, ReadConsoleOutputAttribute, ReadConsoleOutputA, ReadFile, RemoveDirectoryA, ScrollConsoleScreenBufferA, SearchPathA, SetConsoleCtrlHandler, SetConsoleCursorInfo, SetConsoleCursorPosition, SetConsoleScreenBufferSize, SetConsoleWindowInfo, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetFileAttributesA, SetFilePointer, SetFileTime, SetHandleCount, SetStdHandle, Sleep, SystemTimeToFileTime, TerminateProcess, VirtualAlloc, VirtualFree, WaitForSingleObject, WriteConsoleOutputA, WriteConsoleOutputCharacterA, WriteFile
> ADVAPI32.DLL: RegCloseKey, RegCreateKeyA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA
> GDI32.DLL: CreateFontA, DeleteObject
> USER32.DLL: CharToOemBuffA, CreateDialogParamA, DestroyWindow, DialogBoxParamA, DispatchMessageA, EnableWindow, EndDialog, GetDlgItem, GetDlgItemTextA, GetKeyState, GetWindowTextA, KillTimer, LoadBitmapA, LoadCursorA, LoadIconA, LoadImageA, MessageBeep, MessageBoxA, OemToCharBuffA, PeekMessageA, SendDlgItemMessageA, SetCursor, SetDlgItemTextA, SetFocus, SetTimer, SetWindowTextA, ShowCursor, ShowWindow, TranslateMessage

( 6 exports )
ACEExtract, ACEInitDll, ACEList, ACEReadArchiveData, ACETest, ___DllMainCRTStartup@12
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=de02c4d04088b69e64ecc30a3d9e22e5' target='_blank'>http://www.threatexpert.com/report.aspx?md5=de02c4d04088b69e64ecc30a3d9e22e5</a>
nick1983
Icrontic Convert
nick1983
13 Posts
23 Jun 2009, 7:57pm
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:22:38, on 24/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CF21392.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [HDInspector.exe] E:\temp isnat\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrojanScanner] V:\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\temp isnat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: Download with GetRight Pro - L:\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - L:\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1203789450693
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1229261617109
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5035/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B889F46D-6AFE-432C-9141-C85E9AF3F995}: NameServer = 203.94.227.70,203.94.243.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{D534BEB4-EFA3-40D9-99A4-4CCC13222E08}: NameServer = 203.94.227.70,203.94.243.70
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Just Flight Limited License Service - Just Flight Limited - C:\Program Files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7699 bytes
==============================
======================
========================

ComboFix 09-06-19.01 - Nishant 24/06/2009 0:11.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1715 [GMT 5.5:30]
Running from: c:\documents and settings\Nishant\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nishant\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-21 19:31 . 2009-06-21 19:30 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-21 19:30 . 2009-06-21 19:30 -------- d-----w- c:\program files\Java
2009-06-21 19:17 . 2009-06-21 19:17 -------- d-s---w- c:\documents and settings\Nishant\UserData
2009-06-21 19:11 . 2009-06-21 19:11 130796 ----a-w- C:\MGlogs.zip
2009-06-21 19:10 . 2009-06-21 19:11 -------- d-----w- C:\MGtools
2009-06-21 19:06 . 2009-06-16 02:43 1342377 ----a-w- C:\MGtools.exe
2009-06-20 18:29 . 2009-06-20 18:29 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-20 14:12 . 2009-06-20 14:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-18 20:27 . 2009-06-18 20:27 -------- d-----w- c:\program files\Western Digital Corporation
2009-06-17 16:58 . 2009-06-17 16:58 -------- d-----w- c:\program files\Trend Micro
2009-06-15 21:15 . 2006-06-19 07:31 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-06-15 21:15 . 2006-05-25 10:22 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-06-15 21:15 . 2005-08-25 20:20 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-06-15 21:15 . 2003-02-02 14:36 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-06-15 21:15 . 2002-03-05 19:30 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-06-15 21:15 . 2009-06-15 21:15 -------- d-----w- c:\documents and settings\Nishant\Application Data\Simply Super Software
2009-06-15 21:15 . 2009-06-15 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-06-15 06:51 . 2009-06-17 05:57 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 06:51 . 2009-06-17 05:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 08:28 . 2009-06-12 08:28 -------- d-----w- C:\rsit
2009-06-10 12:59 . 2005-05-03 13:13 69632 ------r- c:\windows\Alcmtr.exe
2009-06-10 11:59 . 2006-02-03 08:29 11264 ----a-w- c:\windows\nvoclk64.sys
2009-06-10 11:59 . 2006-01-11 05:50 45056 ----a-w- c:\windows\NTuneGpu.dll
2009-06-10 11:59 . 2006-01-11 05:50 380928 ----a-w- c:\windows\nvsulib.dll
2009-06-10 11:59 . 2005-09-22 20:03 499712 ----a-w- c:\windows\msvcp71.dll
2009-06-10 11:59 . 2005-09-22 20:03 348160 ----a-w- c:\windows\msvcr71.dll
2009-06-10 11:59 . 2005-09-22 20:03 1060864 ----a-w- c:\windows\MFC71.dll
2009-06-10 11:59 . 2005-09-09 03:02 53248 ----a-w- c:\windows\nvgpio.dll
2009-06-10 09:21 . 2009-06-10 09:22 -------- d-----w- C:\4441c714b033426b91e26085f5
2009-06-10 09:17 . 2009-06-10 09:17 -------- d-----w- c:\windows\5DF3D1BB894E4DCD8275159AC9829B43.TMP
2009-06-10 09:07 . 2004-08-04 01:07 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-06-10 09:06 . 2004-08-04 01:07 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2009-06-10 09:04 . 2004-08-04 01:07 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-06-10 08:51 . 2009-06-10 08:51 -------- d-----w- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2009-06-10 08:44 . 2004-08-04 01:07 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-06-10 08:44 . 2004-08-04 01:07 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-06-10 08:44 . 2004-08-04 01:07 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-06-10 08:44 . 2004-08-04 01:07 13312 ----a-w- c:\windows\system32\irclass.dll
2009-06-10 08:42 . 2009-06-10 08:43 -------- d-s---w- c:\windows\system32\config\systemprofile\History
2009-06-07 15:29 . 2009-06-07 15:29 -------- d-----w- c:\documents and settings\Nishant\Local Settings\Application Data\salvation
2009-06-07 15:29 . 2009-06-07 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\salvation
2009-06-04 17:45 . 2008-12-03 19:55 120832 ----a-w- c:\documents and settings\Nishant\Application Data\Mozilla\Firefox\Profiles\bvdwgfse.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-03 16:56 . 2009-06-03 16:56 390664 ----a-w- c:\documents and settings\Nishant\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-26 20:20 . 2009-05-26 20:20 -------- d-----w- c:\documents and settings\Nishant\Application Data\ValuSoft
2009-05-26 10:40 . 2009-05-26 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages
2009-05-26 10:11 . 2009-05-26 10:11 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-05-26 10:11 . 2009-05-26 10:11 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 17:52 . 2009-05-24 11:46 -------- d-----w- c:\documents and settings\Nishant\Application Data\Skype
2009-06-23 17:51 . 2009-05-24 11:49 -------- d-----w- c:\documents and settings\Nishant\Application Data\skypePM
2009-06-15 18:23 . 2007-12-14 20:09 72720 ----a-w- c:\documents and settings\Nishant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-15 07:19 . 2008-05-31 15:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-10 11:59 . 2008-04-30 17:21 -------- d-----w- c:\program files\MSI
2009-06-10 09:03 . 2007-12-14 19:36 23392 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-10 08:51 . 2007-12-15 19:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-07 14:11 . 2007-12-14 19:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-29 13:54 . 2008-09-14 19:37 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-24 11:49 . 2009-05-24 11:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-24 11:45 . 2009-05-24 11:45 -------- d-----w- c:\program files\Common Files\Skype
2009-05-24 11:45 . 2009-05-24 11:45 -------- d-----r- c:\program files\Skype
2009-05-24 11:45 . 2009-05-24 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-15 16:54 . 2008-01-25 18:57 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-05-15 16:44 . 2009-05-15 16:44 -------- d-----w- c:\program files\Common Files\Corel
2009-05-15 16:44 . 2008-01-23 15:01 -------- d-----w- c:\program files\Corel
2009-04-29 15:41 . 2008-12-15 16:11 -------- d-----w- c:\documents and settings\Nishant\Application Data\TeamViewer
2009-04-27 15:47 . 2009-04-27 15:47 7168 ----a-w- c:\documents and settings\Nishant\Application Data\Thinstall\Your Uninstaller! 2008 Version 6.0\400000d400002i\unins000.exe
2009-04-27 15:47 . 2008-05-05 14:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2002-09-11 14:26 . 2007-12-14 19:55 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
2006-05-06 16:42 . 2008-01-17 19:10 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 1079296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-15 1510640]
"DAEMON Tools"="e:\temp isnat\DAEMON Tools\daemon.exe" [2007-04-03 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\program files\Vtune\TBPanel.exe" [2007-03-23 2158592]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-05 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-06-14 149024]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"HDInspector.exe"="e:\temp isnat\Hard Drive Inspector\HDInspector.exe" [2008-01-09 1002248]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-29 32768]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-04-20 385024]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"TrojanScanner"="v:\trojan remover\Trjscan.exe" [2009-06-01 1059720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-21 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-01-29 16859648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2009-6-10 928256]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 08:11 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Nimbuzz\\Nimbuzz.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\softs\\P._LimeWire_4.16.6_by_yerdenizden.exe"=
"c:\\Documents and Settings\\Nishant\\Desktop\\Foxit PDF Editor.exe"=
"e:\\temp isnat\\dc++\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:q
"6346:UDP"= 6346:UDP:as
"67:UDP"= 67:UDPHCP Discovery Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [15/12/2007 01:40 58016]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 dsnpfdeskSoft Service;c:\windows\system32\drivers\dsnpfd.sys [05/01/2008 23:40 16896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [13/05/2008 12:43 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/05/2008 12:43 55024]
S2 copylock;Copylock NT Driver;c:\windows\system32\COPYLOCK.SYS [26/01/2009 17:20 5248]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 13:13 38144]
S2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [23/07/2008 23:07 8440]
S3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [26/06/2008 21:38 69632]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23/04/2007 14:11 287232]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [13/05/2008 12:44 7408]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [11/05/2008 14:31 157696]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 13:50]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Download with GetRight Pro - l:\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Pro Browser - l:\getright\GRbrowse.htm
TCP: {B889F46D-6AFE-432C-9141-C85E9AF3F995} = 203.94.227.70,203.94.243.70
TCP: {D534BEB4-EFA3-40D9-99A4-4CCC13222E08} = 203.94.227.70,203.94.243.70
DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 00:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1123561945-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:77,e4,8f,61,27,ce,15,b3,52,4c,92,45,da,f7,00,5a,57,a5,93,77,1f,34,d7,
c1,d3,26,fb,b1,9e,b3,d6,57,f8,ff,4e,71,07,5f,7f,1b,63,68,e3,21,7b,de,ef,f7,\
"??"=hex:cc,dd,2e,e0,49,43,a1,d5,bc,2e,56,92,33,03,71,bb

[HKEY_USERS\S-1-5-21-1078081533-1123561945-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:a3,a3,61,c1,92,6f,71,2d,53,8c,6c,ce,93,44,aa,96,fb,21,31,19,b4,
07,b1,87,1b,6f,32,8d,53,d2,e9,7d,98,ca,2a,d1,bb,52,68,54,c7,da,d9,ef,16,ce,\
"rkeysecu"=hex:52,5d,16,0d,b7,39,a2,46,ad,ad,80,41,40,a9,b0,8b

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="AE904F227ABD92F2477D4748799FBFA1F591184845D5D4C93C316D1C90F01797135E68DDF65B1DD770BA1C74023F0ABFD1E00587C4C3D495DC80A54D7B9CA79C8CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A9C6AECB7A5D14075D575E7D6A3B9808E12D41E6D77530D199A370D07F639619CE7854CBB8D21B279B5403D0E9B38A39D879DF423DF7471EBDD2DF1CB2643BDF5E95A6227303930765F7EAAA0B1ED5652C6FB173D744C1762686D6095DE9FBCD08BAE1BCE38E1394DAF332ACDC78CC99C2857858A303CCEFB03FF9C68E747C18490F2F3EC1E95147B6B8280CE2D3DCB0B313C557157C2AE2F2DC428BC126723AD31E0ECC38341BDAE89A6EFD196585C4C8D601D8121FB0ED34287D13EBC52CF08CD64E94E7AB51CD9251FCC0E8065EB68272E7C972FB4BF0F3C9CA18733E063F0D8C1742E4B4E7628BFA1E9236B20FAA95E8889A06C9F791DF529F5F349FF4EAA277E18A3856E622DC16F037D48BD50967A6C8BF8EE2C83ADD32442C7A1B7F7ECF337B235CBD6BD5C50868768DD7837D94775EB14244639507C0D6488C0841C749BD8746C1B9A38D3898C99B1EFC7CF86C0DD5EDC910041625B64782A061E85978FAF9B3CBBED59CDB7531F6370A3C2E73FC0EF4460C76F0BBB45A2CDF47BA89FBB31EAC5464591A8AAD8DDBFEB04E17DF40BC4AC5A39E20FDBC281A6B7A0D71A41190F826E61BE052B621A18B4354EE9DB4E7F651E171DF55359E2756E34C70F6A4446202279B11776783256CBD0435CB9BEB88E17AFA315C67FDAFA58CF6A7AEE0FC381AA66D8C6E7E9DC4A2B9A5AE3F1A798FE444585865025B17D6A5A0FDB71C574D980F3A7B629AAF63A1FA98E37EB9139F3DB6BBE075189FC0D7806F9CB393BEF7192C3EC732C04DEAD3E44BA0C4E890D241726C96439F86988A1420F2796676912AECC922F0595B46950145F482771F44B936C30A3CF3A20B477A8133119613FB51E6417DE3AF94E4B87B1FB5DA1BBC16E5EA319000D1D60AD8F4F652B70D7E1687D09C8F07F50AB88125067A266E3E6CF618B445E45DDC0AFE64F78BDF14F7C9B50667D387401CBCA8F3BA9FED6E4BEE13ED6603F19BC187EBD08EDBAFDB8FFE3E87C28AC806036ADB8113C3F2FADECB55BC706B64F7E4FC46E45B867FF62CA674F8E237DF24C8C03C88794DA85BCAB2C9FA1164AB407DEE29EE11905EDD07322122901F995ACCC65E6A69E3B7B730D8F4429A176E2712E0A46377C50BEB2D187F6F26CEF24E427F4CACF372F99D88F54A50F1EF84C180DC3BD669337D5F82D43F6F17159F88ADFA80F7C0AAFE7F9FC735081420788C7971E205D52B5F5CBAE38457E4050473EBC4EE9A867F8B32940E14ED8C1D8C65803009CE41"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-06-23 0:16
ComboFix-quarantined-files.txt 2009-06-23 18:46
ComboFix2.txt 2009-06-20 14:27

Pre-Run: 30,575,140,864 bytes free
Post-Run: 30,553,743,360 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
205 --- E O F --- 2009-03-14 13:23
Trogan
Malware Remover
Trogan
7,405 Posts
24 Jun 2009, 10:18pm
Hi,

Please do the following...

1. Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt

2. Post the Malwarebytes log, and let me know how the computer is running.
nick1983
Icrontic Convert
nick1983
13 Posts
30 Jun 2009, 5:56pm
Malwarebytes' Anti-Malware 1.38
Database version: 2333
Windows 5.1.2600 Service Pack 2

25/06/2009 19:52:47
mbam-log-2009-06-25 (19-52-47).txt

Scan type: Full Scan (C:\|D:\|E:\|V:\|)
Objects scanned: 186933
Time elapsed: 1 hour(s), 7 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
d:\cracks all\cracks temp\activistxp\activate_xp_vista\Vista.exe (Trojan.VB) -> Quarantined and deleted successfully.
d:\softs\VL807.EXE (Spyware.Agent) -> Quarantined and deleted successfully.
d:\softs\activate_xp_vista\Vista.exe (Trojan.VB) -> Quarantined and deleted successfully.
d:\softs\antivirus soft setups\all avg\avg.internet.security.v8.0.169.incl.keymaker-embrace\keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.
d:\softs\window xp n vista cracks\windows genuine 100% works all xp and vista\windows vista all versions x86 x64\VistaCheck.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
d:\softs\window xp n vista cracks\windows genuine 100% works all xp and vista\windows vista all versions x86 x64\VistaCrack.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
d:\softs\window xp n vista cracks\windows genuine 100% works all xp and vista\windows vista all versions x86 x64\VistaValidate.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
d:\softs\window xp n vista cracks\windows genuine 100% works all xp and vista\windows vista all versions x86 x64 - copy\VistaValidate.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
d:\softs\winrar v3.70 beta 1\patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
d:\softs\sony.sound.forge.7.0 + keygen + mp3.plugin.2.0 + patch.fr(1)\KeyGen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
d:\system volume information\_restore{daf1f644-bf83-4a9b-9c83-a84172707454}\rp7\A0005294.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
d:\system volume information\_restore{daf1f644-bf83-4a9b-9c83-a84172707454}\rp7\A0005296.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
d:\system volume information\_restore{daf1f644-bf83-4a9b-9c83-a84172707454}\rp7\A0005297.exe (Trojan.Vundo) -> Quarantined and deleted successfully.


my system is running fine however for the following things are still not accessible
1. cant defragment
2. chkdsk /r doesnt get performed at restart
Trogan
Malware Remover
Trogan
7,405 Posts
3 Jul 2009, 1:46pm
Hi,

The Malwarebytes log shows you have many cracks.

d:\cracks all\cracks temp\activistxp\activate_xp_vista\Vista.exe
d:\softs\VL807.EXE (Spyware.Agent)
d:\softs\activate_xp_vista\Vista.exe
d:\softs\antivirus soft setups\all avg\avg.internet.security.v8.0.169.incl.keymaker-embrace\keygen.exe (Malware.Tool)
d:\softs\window xp n vista cracks\windows genuine 100% works all xp and vista\windows vista all versions x86 x64\VistaCheck.exe (Trojan.Vundo)
d:\softs\window xp n vista cracks\windows genuine 100% works all xp and vista\windows vista all versions x86 x64\VistaCrack.exe (Trojan.Vundo)
d:\softs\window xp n vista cracks\windows genuine 100% works all xp and vista\windows vista all versions x86 x64\VistaValidate.exe (Trojan.Vundo)
d:\softs\window xp n vista cracks\windows genuine 100% works all xp and vista\windows vista all versions x86 x64 - copy\VistaValidate.exe (Trojan.Vundo)
d:\softs\winrar v3.70 beta 1\patch.exe (Trojan.Downloader)
d:\softs\sony.sound.forge.7.0 + keygen + mp3.plugin.2.0 + patch.fr(1)\KeyGen\keygen.exe (Trojan.Downloader)

We do not help individuals who download or use cracks as this is normally the source for infections and illegal.

As for the problems you mentioned, they may due to the crack copy.
nick1983
Icrontic Convert
nick1983
13 Posts
3 Jul 2009, 9:45pm
fyi
these things are there on my pc from a long time
these cracks didnt get caught in scans until i updated my mcafee
never used them coz never needed, coz i have multi user licenses for everything


its just bcoz of this virus which has caused so much mayhem on my machine

its upon u to help or not...
please do reply so that i can continue with the thread and description of the issues with my pc
Trogan
Malware Remover
Trogan
7,405 Posts
9 Jul 2009, 10:20pm
Hi,

Apologies for the delay.

I will only help you on the condition that there is no other cracks on the computer. If you agree, please post a new HijackThis log.
Katana
MRU Expert
Katana
1,682 Posts
31 Jul 2009, 2:31pm
Quoting Trogan
I will only help you on the condition that there is no other cracks on the computer. If you agree, please post a new HijackThis log.
Since you have not replied, I assume you do not wish to remove the Cracks.


Cracks/Kegens/Warez etc.

As you have admitted to, or the log(s) you've posted indicate that, you've used one or more of the above, we can not provide you with any help.

We do NOT knowingly provide help for anyone using any form of cracked software and/or Operating Systems.

In using the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product concerned.
The distribution and use of cracked software is illegal in almost every developed country.
They are also one of the biggest causes of infection.

This applies to Cracks, Keygens and Warez

As most other forums have the same policy, your best option is to format and re-install your operating system and programs from legitimate sources.

In the future I strongly suggest you stay away from using cracks and/or Keygens.

This topic will be closed and archived.
Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows hangs anonymously nick1983 Operating Systems 3 11 Jun 2009 7:34pm
System boot hangs at agpcpq.sys zachj General Hardware 5 27 Oct 2007 8:52pm
System Profiler Tools (AIDA 32 Alternative) osaddict General Software 7 24 Sep 2007 1:17pm
Windows XP system process hangs aaronc General Hardware 2 30 Mar 2006 6:51am
System hangs up at detecting IDE drives Mountainjack General Hardware 6 12 Oct 2005 1:11am

Go Back   Icrontic Forums > Malware Help > Spyware & Virus Removal > Resolved / Inactive
Reload this Page windows hangs anonymously; system n sypware tools diabled
Jump to
This Thread Search this Thread
Search this Thread:

Advanced Search

Today's Posts - Mark All Read - Contact Us - Icrontic.com - Archive - Top

Current time: 4:37pm (GMT)
Powered by vBulletin®
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Get Vanilla instead. Trust me.