windows hangs anonymously; system n sypware tools diabled

nick1983nick1983 india
edited July 2009 in Spyware & Virus Removal
hi
i am facing problem with my windows which hangs at uneven intervals leaving me with no option but restart the system

i tried repairing windows installation where i had an error " dsnpfd.sys" file missing but that i guess shouldnt be a problem

i have monitored my cpu/gpu /hdd temperature, all seem normal

problems...
1. computer hangs
2. cant defragment, update windows
3. super anti spyware and malware bytes are not working (doesnt run even in safe mode)
5. microsoft .com doesnt open!!! rest all sites work fine
6. chkdsk /r doesnt get performed at restart

i have scanned my pc (using Mcafee) but no viruses

system spec
4300 core 2 duo
2 x 1 gb 800mhz transcend ram
160gb toshiba sata hdd
samsung dvd writer
p965 neo MSI mobo
nvidia 8500gt 512mb graphic card

hjsplit gets installed but doesnt run even in safe mode
even did renaming the mbam files but no use
please help


now i cud run RSIT tool and the logs are as follows

INFO log
=================================
info.txt logfile of random's system information tool 1.06 2009-06-12 13:58:45

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0009 -removeonly
-->MsiExec /X{64F67489-76BB-4CDD-A236-F954BE774B35}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.45 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
American Classics (Shared Components)-->C:\Program Files\Common Files\Just Flight Limited Shared\Uninstall\American Classics\B566F000\UninstApplet.exe /uninstall
ApexDC++ 1.1.0-->E:\temp isnat\dc++\ApexDC++\uninst.exe
Ashampoo Movie Shrink & Burn 3.01-->"E:\temp isnat\Ashampoo Movie Shrink & Burn 3\unins000.exe"
Bully Scholarship Edition-->"C:\Program Files\InstallShield Installation Information\{A724605D-B399-4304-B8C7-33B3EF7D4677}\setup.exe" -runfromtemp -l0x0409 -removeonly
Bully Scholarship Edition-->MsiExec.exe /X{A724605D-B399-4304-B8C7-33B3EF7D4677}
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Canon MP Navigator 3.1-->"C:\Program Files\Canon\MP Navigator 3.1\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.1\uninst.ini
Canon MP140 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series /L0x0009
Canon Utilities Easy-LayoutPrint-->C:\Program Files\Canon\Easy-LayoutPrint\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CircleSurround II Plugin for Windows Media Player-->MsiExec.exe /I{135BFFD7-D9C1-4374-B18C-BEB64FC7851C}
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertXtoDVD 3.0.0.7-->"E:\temp isnat\3\unins000.exe"
Core Center-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Core Center\Uninst.isu"
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Creative WebCam Vista User's Guide (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Vista\Creative WebCam Vista User's Guide\English\CTManual.isu"
Creative WebCam Vista/Live! Cam Chat Driver (1.11.01.00)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0330.uns -unsext NT -plugin V0330Pin.dll -pluginres CtCamPin.crl
Daily Astrology Explorer-->"E:\temp isnat\Daily Astrolgy Explorer\unins000.exe"
Data Doctor Recovery FAT+NTFS 3.0.1.5-->V:\datarecovery\Data Doctor Recovery FAT+NTFS\Uninstall.exe
E-Kundli - 2002-->C:\WINDOWS\ST5UNST.EXE -n "e:\temp isnat\kundli soft inst\ST5UNST.LOG"
Google Earth Pro-->MsiExec.exe /X{9578C0CD-8108-4379-9026-4601F59859A0}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Goravani Group-->E:\temp isnat\Omni imntall\Unstall.exe
Guitar Hero III-->MsiExec.exe /I{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hard Drive Inspector Professional 2.62 build # 447-->E:\temp isnat\Hard Drive Inspector\Uninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Horoscope Explorer Pro 3.6-->"E:\temp isnat\HoroExPro\unins000.exe"
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JRAID-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\Setup.exe" -l0x9 -removeonly
Kane and Lynch: Dead Men-->MsiExec.exe /X{A66C4716-7E10-4A53-8101-00C3C11D6A9C}
Kundli for Windows (Professional Edition)-->C:\WINDOWS\uninst.exe -f"e:\temp isnat\kundliproinstall\DeIsL1.isu" -c"e:\temp isnat\kundliproinstall\_ISREG32.DLL"
LAN Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB15BACA-8F2E-421C-A214-F9065EA15A92}\Setup.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft DirectX SDK (June 2007)-->MsiExec.exe /I{BBF84B6A-DA3E-4302-997A-00D5490D70B0}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI Live Update 3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Naevius YouTube Converter 1.8-->"E:\temp isnat\Naevius YouTube Converter\unins000.exe"
NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409
Network Magic-->C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
Nimbuzz 0.18.17-->C:\Program Files\Nimbuzz\Uninstall.exe
Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Nokia_PC_Suite_rel_6_86_9_0_eng_web.exe
Nokia PC Suite-->MsiExec.exe /I{0FC76B71-2534-4354-B255-3468578E3F47}
Nokia Video Manager-->MsiExec.exe /X{54CE40CB-EEF3-4BB8-B5FA-C2B1F2C1C639}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA PhysX-->MsiExec.exe /X{64F67489-76BB-4CDD-A236-F954BE774B35}
NVIDIA PureVideo Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
O&O Defrag Professional Edition-->MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Parashara's Light - Personal Edition-->"E:\temp isnat\Parashara light inst\Parashara's Light 7.0 inst\Uninstall_Parashara's Light - Personal Edition\Uninstall Parashara's Light - Personal Edition.exe"
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PDF Password Remover v3.0-->"E:\temp isnat\PDF Password Remover v3.0\unins000.exe"
PerformanceTest v6.1-->"C:\Program Files\PerformanceTest\unins000.exe"
Photo To Color Sketch 6.51-->"E:\temp isnat\Photo To Color Sketch\unins000.exe"
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
ScanSoft OmniPage SE 4-->MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sketch-->"C:\Program Files\AKVIS\Sketch\Uninstall\Uninstall.exe" "C:\Program Files\AKVIS\Sketch\Uninstall\install.log" -u
Skypeâ„¢ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Sound Forge 7.0-->MsiExec.exe /I{0712667C-A171-49AE-A098-4ACDA28625F8}
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
USB Vibration Joystick-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\setup.exe" -l0x9
VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Vtune 5.0-->"C:\Program Files\Vtune\unins000.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Live Sign-in Assistant-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

66.98.148.65 auto.search.msn.com
66.98.148.65 auto.search.msn.es

======System event log======

Computer Name: NISHANTPC
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 1929
Source Name: W32Time
Time Written: 20090519203226.000000+330
Event Type: error
User:

Computer Name: NISHANTPC
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 1928
Source Name: W32Time
Time Written: 20090519203226.000000+330
Event Type: error
User:

Computer Name: NISHANTPC
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 60 minutes.
NtpClient has no source of accurate time.

Record Number: 1925
Source Name: W32Time
Time Written: 20090519194953.000000+330
Event Type: error
User:

Computer Name: NISHANTPC
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 1924
Source Name: W32Time
Time Written: 20090519194953.000000+330
Event Type: error
User:

Computer Name: NISHANTPC
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Record Number: 1921
Source Name: W32Time
Time Written: 20090519191953.000000+330
Event Type: error
User:

=====Application event log=====

Computer Name: NISHANTPC
Event Code: 2
Message: Title GTAIV.exe (1, 0, 0, 0)
XLive 2.0.0672.0 (PANORAMA_V2.00_RTM.081022-0447) C:\WINDOWS\system32\xlive.dll


0x80004005

Games for Windows - LIVE DLL
C:\WINDOWS\system32\msidcrl40.dll 5.000.737.6

Record Number: 8409
Source Name: XLive
Time Written: 20090314182834.000000+330
Event Type: warning
User:

Computer Name: NISHANTPC
Event Code: 1000
Message: Faulting application GTAIV.exe, version 1.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0xe89d001d.

Record Number: 8408
Source Name: Application Error
Time Written: 20090314182831.000000+330
Event Type: error
User:

Computer Name: NISHANTPC
Event Code: 1000
Message: Faulting application gtaiv.exe, version 1.0.1.0, faulting module gtaiv.exe, version 1.0.1.0, fault address 0x005c301c.

Record Number: 8407
Source Name: Application Error
Time Written: 20090314182609.000000+330
Event Type: error
User:

Computer Name: NISHANTPC
Event Code: 1000
Message: Faulting application gtaiv.exe, version 1.0.1.0, faulting module gtaiv.exe, version 1.0.1.0, fault address 0x005edfec.

Record Number: 8400
Source Name: Application Error
Time Written: 20090313164815.000000+330
Event Type: error
User:

Computer Name: NISHANTPC
Event Code: 1000
Message: Faulting application gtaiv.exe, version 1.0.0.0, faulting module gtaiv.exe, version 1.0.0.0, fault address 0x007819fd.

Record Number: 8399
Source Name: Application Error
Time Written: 20090313163923.000000+330
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\PC Connectivity Solution\;C:\Program Files\PC Connectivity Solution;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
EOF
==================================

Comments

  • nick1983nick1983 india
    edited June 2009
    "LOG" log

    ===============
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Nishant at 2009-06-12 13:58:02
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 27 GB (55%) free of 50 GB
    Total RAM: 2046 MB (65% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:58:43, on 12/06/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\WINDOWS\system32\HDDSvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Vtune\TBPanel.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\V0330Mon.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\MSI\Core Center\CoreCenter.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Nishant\Desktop\Bandwidth_Meter_Pro_v2.6.603.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exe
    C:\Documents and Settings\Nishant\Desktop\RSIT.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\trend micro\Nishant.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O1 - Hosts: 66.98.148.65 auto.search.msn.com
    O1 - Hosts: 66.98.148.65 auto.search.msn.es
    O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
    O2 - BHO: {b469fc15-9da0-3acb-b134-be90f7d209d4} - {4d902d7f-09eb-431b-bca3-0ad951cf964b} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {BF29159E-5626-4757-8E4A-D12B68ADD6D4} - (no file)
    O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [HDInspector.exe] E:\temp isnat\Hard Drive Inspector\HDInspector.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "E:\temp isnat\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
    O8 - Extra context menu item: Download with GetRight Pro - L:\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Pro Browser - L:\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203789450693
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229261617109
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5AA2D13D-53DE-4934-98C4-B2239942D240}: NameServer = 202.56.230.6 202.56.250.5
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6DC402DB-A2C4-413C-A96A-C54E209E8AB5}: NameServer = 85.255.112.176,85.255.112.189
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B889F46D-6AFE-432C-9141-C85E9AF3F995}: NameServer = 203.94.227.70,203.94.243.70
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D534BEB4-EFA3-40D9-99A4-4CCC13222E08}: NameServer = 203.94.227.70,203.94.243.70
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.176,85.255.112.189
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5AA2D13D-53DE-4934-98C4-B2239942D240}: NameServer = 202.56.230.6 202.56.250.5
    O17 - HKLM\System\CS8\Services\Tcpip\Parameters: NameServer = 85.255.112.176,85.255.112.189
    O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 85.255.112.176,85.255.112.189
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.176,85.255.112.189
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Just Flight Limited License Service - Just Flight Limited - C:\Program Files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 10629 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\At1.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d902d7f-09eb-431b-bca3-0ad951cf964b}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF29159E-5626-4757-8E4A-D12B68ADD6D4}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Gainward"=C:\Program Files\Vtune\TBPanel.exe [2007-03-23 2158592]
    "nwiz"=nwiz.exe /install []
    "ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-08-18 94208]
    "McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]
    "Network Associates Error Reporting Service"=C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
    "Acronis Scheduler2 Service"=C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2007-06-14 149024]
    "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
    "HDInspector.exe"=E:\temp isnat\Hard Drive Inspector\HDInspector.exe [2008-01-09 1002248]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-03 185896]
    "V0330Mon.exe"=C:\WINDOWS\V0330Mon.exe [2007-04-30 32768]
    "JMB36X Configure"=C:\WINDOWS\system32\JMRaidTool.exe [2006-04-20 385024]
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-03-20 86960]
    "nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-09-14 648488]
    "nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2009-03-15 705832]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-01-29 16859648]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
    "PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-03-28 1079296]
    "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-05-13 1510640]
    "DAEMON Tools"=E:\temp isnat\DAEMON Tools\daemon.exe [2007-04-04 165784]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    WgaLogon.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    C:\WINDOWS\system32\ssqro
    "notification packages"=
    scecli
    scecli
    scecli
    scecli

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
    "H:\game installed\heli strike force\game.exe"="H:\game installed\heli strike force\game.exe:*:Disabled:game"
    "C:\Program Files\Nimbuzz\Nimbuzz.exe"="C:\Program Files\Nimbuzz\Nimbuzz.exe:*:Enabled:Nimbuzz"
    "C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "D:\softs\P._LimeWire_4.16.6_by_yerdenizden.exe"="D:\softs\P._LimeWire_4.16.6_by_yerdenizden.exe:*:Enabled:LimeWire"
    "V:\P._LimeWire_4.16.6_by_yerdenizden.exe"="V:\P._LimeWire_4.16.6_by_yerdenizden.exe:*:Enabled:LimeWire"
    "C:\Documents and Settings\Nishant\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Nishant\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
    "C:\Documents and Settings\Nishant\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Nishant\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
    "C:\Documents and Settings\Nishant\Desktop\Foxit PDF Editor.exe"="C:\Documents and Settings\Nishant\Desktop\Foxit PDF Editor.exe:*:Disabled:-Portabled By rain_drop-"
    "E:\temp isnat\dc++\ApexDC++\ApexDC.exe"="E:\temp isnat\dc++\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing"
    "E:\temp isnat\PFPortChecker\PFPortChecker.exe"="E:\temp isnat\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded."
    "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
    "V:\dark sectorinstall\DS.exe"="V:\dark sectorinstall\DS.exe:*:Enabled:Dark Sector"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0570e351-6d30-11dd-bc49-001617b3efc9}]
    shell\AutoRun\command - AutoRun\AutoStart.exe
    shell\Explore\command - AutoRun\AutoStart.exe
    shell\Open\command - AutoRun\AutoStart.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16f1a8cf-aaa7-11dc-9762-806d6172696f}]
    shell\AutoRun\command - G:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49766c5c-c52e-11dc-bc4b-001617b3efc9}]
    shell\AutoRun\command - M:\m1t8ta.com
    shell\explore\command - M:\m1t8ta.com
    shell\open\command - M:\m1t8ta.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdc0ca0-5d75-11dd-bc25-001617b3efc9}]
    shell\AutoRun\command - 9yqusig.bat
    shell\explore\command - 9yqusig.bat
    shell\open\command - 9yqusig.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86a45ed8-e560-11dc-bc8e-001617b3efc9}]
    shell\AutoRun\command - G:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0673953-6ba3-11dd-bc44-001617b3efc9}]
    shell\AutoRun\command - L:\AutoRun\AutoStart.exe
    shell\Explore\command - L:\AutoRun\AutoStart.exe
    shell\Open\command - L:\AutoRun\AutoStart.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e78a0b8c-6dfe-11dd-bc4c-001617b3efc9}]
    shell\AutoRun\command - L:\AutoRun\AutoStart.exe
    shell\Explore\command - L:\AutoRun\AutoStart.exe
    shell\Open\command - L:\AutoRun\AutoStart.exe


    ======List of files/folders created in the last 1 months======

    2009-06-12 13:58:02 ----D---- C:\rsit
    2009-06-12 13:32:42 ----D---- C:\Program Files\Trend Micro
    2009-06-12 13:10:08 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-06-10 18:29:29 ----R---- C:\WINDOWS\Alcmtr.exe
    2009-06-10 17:29:14 ----A---- C:\WINDOWS\nvsulib.dll
    2009-06-10 17:29:14 ----A---- C:\WINDOWS\nvgpio.dll
    2009-06-10 17:29:14 ----A---- C:\WINDOWS\NTuneGpu.dll
    2009-06-10 17:29:14 ----A---- C:\WINDOWS\msvcr71.dll
    2009-06-10 17:29:14 ----A---- C:\WINDOWS\msvcp71.dll
    2009-06-10 17:29:14 ----A---- C:\WINDOWS\MFC71.dll
    2009-06-10 17:21:23 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
    2009-06-10 15:32:29 ----A---- C:\WINDOWS\wininit.ini
    2009-06-10 14:53:50 ----N---- C:\WINDOWS\system32\spmsg.dll
    2009-06-10 14:53:48 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
    2009-06-10 14:51:57 ----D---- C:\4441c714b033426b91e26085f5
    2009-06-10 14:47:46 ----D---- C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP
    2009-06-10 14:41:40 ----D---- C:\WINDOWS\Prefetch
    2009-06-10 14:35:08 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
    2009-06-10 14:21:50 ----D---- C:\WINDOWS\A7E07C2B2220441587E3784D5814BC93.TMP
    2009-06-10 14:14:11 ----A---- C:\WINDOWS\system32\spxcoins.dll
    2009-06-10 14:14:11 ----A---- C:\WINDOWS\system32\irclass.dll
    2009-06-10 14:13:54 ----RA---- C:\WINDOWS\SETB4.tmp
    2009-06-10 14:13:51 ----RA---- C:\WINDOWS\SETA8.tmp
    2009-06-10 14:13:49 ----RA---- C:\WINDOWS\SETA5.tmp
    2009-06-07 20:59:19 ----D---- C:\Documents and Settings\All Users\Application Data\salvation
    2009-05-27 01:50:07 ----D---- C:\Documents and Settings\Nishant\Application Data\ValuSoft
    2009-05-26 16:12:25 ----A---- C:\WINDOWS\ModemLog_Nokia E51 USB Modem #4.txt
    2009-05-26 16:10:25 ----D---- C:\Documents and Settings\All Users\Application Data\Tages
    2009-05-24 17:19:28 ----D---- C:\Documents and Settings\Nishant\Application Data\skypePM
    2009-05-24 17:16:02 ----D---- C:\Documents and Settings\Nishant\Application Data\Skype
    2009-05-24 17:15:46 ----D---- C:\Program Files\Common Files\Skype
    2009-05-24 17:15:41 ----RD---- C:\Program Files\Skype
    2009-05-24 17:15:25 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
    2009-05-15 22:14:26 ----D---- C:\Program Files\Common Files\Corel

    ======List of files/folders modified in the last 1 months======

    2009-06-12 13:55:39 ----A---- C:\WINDOWS\DFC.INI
    2009-06-12 13:49:43 ----A---- C:\WINDOWS\ModemLog_Nokia E51 USB Modem.txt
    2009-06-12 13:49:32 ----D---- C:\WINDOWS\Temp
    2009-06-12 13:38:27 ----SD---- C:\WINDOWS\Tasks
    2009-06-12 13:36:57 ----D---- C:\Program Files\Mozilla Firefox
    2009-06-12 13:36:34 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-06-12 13:33:33 ----D---- C:\WINDOWS\system32\drivers
    2009-06-12 13:32:42 ----RD---- C:\Program Files
    2009-06-12 13:31:10 ----D---- C:\Documents and Settings
    2009-06-12 13:10:08 ----D---- C:\WINDOWS
    2009-06-12 13:09:12 ----D---- C:\WINDOWS\security
    2009-06-12 13:08:53 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-06-12 12:51:21 ----D---- C:\WINDOWS\system32
    2009-06-12 12:51:21 ----D---- C:\WINDOWS\nview
    2009-06-10 19:40:40 ----D---- C:\WINDOWS\system32\Setup
    2009-06-10 19:40:29 ----D---- C:\WINDOWS\system32\usmt
    2009-06-10 19:40:09 ----D---- C:\WINDOWS\mui
    2009-06-10 19:40:09 ----D---- C:\WINDOWS\ime
    2009-06-10 19:40:09 ----D---- C:\WINDOWS\ehome
    2009-06-10 19:40:07 ----RSD---- C:\WINDOWS\Fonts
    2009-06-10 19:40:07 ----D---- C:\WINDOWS\Media
    2009-06-10 19:39:53 ----D---- C:\WINDOWS\PeerNet
    2009-06-10 19:39:37 ----D---- C:\WINDOWS\system32\npp
    2009-06-10 19:39:29 ----D---- C:\WINDOWS\msagent
    2009-06-10 19:37:05 ----D---- C:\WINDOWS\twain_32
    2009-06-10 19:36:52 ----D---- C:\WINDOWS\system32\icsxml
    2009-06-10 19:36:22 ----D---- C:\WINDOWS\system32\ias
    2009-06-10 19:36:15 ----D---- C:\WINDOWS\system32\1033
    2009-06-10 19:34:52 ----D---- C:\WINDOWS\Driver Cache
    2009-06-10 18:51:48 ----SHD---- C:\WINDOWS\Installer
    2009-06-10 18:51:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-06-10 18:51:33 ----D---- C:\WINDOWS\Help
    2009-06-10 18:29:56 ----D---- C:\WINDOWS\system32\RTCOM
    2009-06-10 18:25:30 ----SHD---- C:\WINDOWS\CSC
    2009-06-10 17:29:14 ----D---- C:\Program Files\MSI
    2009-06-10 17:03:01 ----D---- C:\WINDOWS\AppPatch
    2009-06-10 16:38:09 ----D---- C:\WINDOWS\system32\LogFiles
    2009-06-10 16:38:09 ----D---- C:\WINDOWS\Debug
    2009-06-10 15:05:17 ----D---- C:\WINDOWS\SoftwareDistribution
    2009-06-10 15:04:58 ----HD---- C:\WINDOWS\inf
    2009-06-10 14:53:50 ----D---- C:\WINDOWS\system32\CatRoot
    2009-06-10 14:53:25 ----D---- C:\Program Files\Windows Media Player
    2009-06-10 14:46:43 ----D---- C:\Program Files\SUPERAntiSpyware
    2009-06-10 14:44:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-06-10 14:43:57 ----D---- C:\WINDOWS\Registration
    2009-06-10 14:42:47 ----D---- C:\WINDOWS\system32\Restore
    2009-06-10 14:41:04 ----D---- C:\WINDOWS\system32\inetsrv
    2009-06-10 14:41:04 ----D---- C:\WINDOWS\system32\config
    2009-06-10 14:35:52 ----A---- C:\WINDOWS\ODBCINST.INI
    2009-06-10 14:35:10 ----RD---- C:\WINDOWS\Web
    2009-06-10 14:35:03 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
    2009-06-10 14:34:52 ----A---- C:\WINDOWS\WIN.INI
    2009-06-10 14:34:46 ----D---- C:\WINDOWS\system32\oobe
    2009-06-10 14:34:45 ----D---- C:\WINDOWS\srchasst
    2009-06-10 14:34:37 ----D---- C:\Program Files\Movie Maker
    2009-06-10 14:34:27 ----D---- C:\Program Files\NetMeeting
    2009-06-10 14:34:23 ----D---- C:\Program Files\Outlook Express
    2009-06-10 14:34:23 ----D---- C:\Program Files\Common Files\System
    2009-06-10 14:34:08 ----D---- C:\Program Files\Internet Explorer
    2009-06-10 14:33:30 ----D---- C:\WINDOWS\system32\Com
    2009-06-10 14:33:01 ----D---- C:\WINDOWS\system32\wbem
    2009-06-10 14:32:58 ----D---- C:\Program Files\Windows NT
    2009-06-10 14:27:41 ----SH---- C:\boot.ini
    2009-06-10 14:21:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2009-06-10 14:14:16 ----A---- C:\WINDOWS\system.ini
    2009-06-10 14:14:11 ----D---- C:\WINDOWS\system
    2009-06-10 14:13:59 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
    2009-06-10 02:29:51 ----D---- C:\OEMSettings
    2009-06-10 01:53:32 ----D---- C:\our folders
    2009-06-10 01:25:04 ----D---- C:\movies 1
    2009-06-07 20:12:48 ----HD---- C:\WINDOWS\msdownld.tmp
    2009-06-07 19:41:30 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-06-02 18:16:39 ----D---- C:\quarantine
    2009-05-29 19:27:13 ----D---- C:\WINDOWS\system32\DirectX
    2009-05-29 19:26:54 ----RSD---- C:\WINDOWS\assembly
    2009-05-29 19:24:37 ----D---- C:\Program Files\AGEIA Technologies
    2009-05-24 17:15:46 ----D---- C:\Program Files\Common Files
    2009-05-15 22:14:26 ----D---- C:\Program Files\Corel

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
    R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-08-18 58016]
    R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\system32\Drivers\nvport.sys []
    R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-09-10 21035]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-05-26 279712]
    R2 copylock;Copylock NT Driver; \??\C:\WINDOWS\system32\copylock.sys []
    R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
    R2 LANPkt;Realtek LANPkt Protocol; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 8440]
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-05-26 25888]
    R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-09-14 23992]
    R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-09-14 25272]
    R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
    R3 dsnpfd;DeskSoft Service; C:\WINDOWS\system32\DRIVERS\dsnpfd.sys [2008-01-05 16896]
    R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-30 4725760]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
    R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-08-18 108256]
    R3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
    R3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
    R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
    R3 PCAlertDriver;PCAlertDriver; \??\C:\Program Files\MSI\Core Center\NTGLM7X.sys []
    R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-15 47360]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-03-29 9856]
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
    R3 RushTopDevice;RushTopDevice; \??\C:\Program Files\MSI\Core Center\RushTop.sys []
    R3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 25600]
    R3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
    R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    R3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
    S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
    S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
    S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
    S3 RT73;54M USB Wireless Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]
    S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-12-28 287232]
    S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    S3 V0330VID;WebCam Vista/Live! Cam Chat; C:\WINDOWS\system32\DRIVERS\V0330Vid.sys [2007-08-08 157696]
    S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
    S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\system32\ZDCndis5.SYS []
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2007-06-14 411168]
    R2 HDDSvc;HDD Information Service; C:\WINDOWS\system32\HDDSvc.exe [2008-01-06 189704]
    R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
    R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-08-18 221191]
    R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-08-18 28672]
    R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-09-14 648488]
    R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
    R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-02-15 707344]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
    S3 Just Flight Limited License Service;Just Flight Limited License Service; C:\Program Files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2008-06-26 69632]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
    EOF
    ===============
  • TroganTrogan London, UK
    edited June 2009
    Hi, Apologies for the delay. Since it has been several days, I'd like to see a new HijackThis log. Download HJTInstall.exe to your Desktop.
    • Doubleclick HJTInstall.exe to install it.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Save the log to a convenient location as you'll need to post it soon.
    • Don't use the Analyse This button, its findings are dangerous if misinterpreted.
    • Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
  • nick1983nick1983 india
    edited June 2009
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:28:27, on 17/06/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\WINDOWS\system32\HDDSvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Vtune\TBPanel.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\V0330Mon.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\MSI\Core Center\CoreCenter.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Documents and Settings\Nishant\Desktop\Bandwidth_Meter_Pro_v2.6.603.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O1 - Hosts: 66.98.148.65 auto.search.msn.com
    O1 - Hosts: 66.98.148.65 auto.search.msn.es
    O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
    O2 - BHO: {b469fc15-9da0-3acb-b134-be90f7d209d4} - {4d902d7f-09eb-431b-bca3-0ad951cf964b} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {BF29159E-5626-4757-8E4A-D12B68ADD6D4} - (no file)
    O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [HDInspector.exe] E:\temp isnat\Hard Drive Inspector\HDInspector.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TrojanScanner] V:\Trojan Remover\Trjscan.exe /boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "E:\temp isnat\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
    O8 - Extra context menu item: Download with GetRight Pro - L:\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Pro Browser - L:\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203789450693
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229261617109
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B889F46D-6AFE-432C-9141-C85E9AF3F995}: NameServer = 203.94.227.70,203.94.243.70
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D534BEB4-EFA3-40D9-99A4-4CCC13222E08}: NameServer = 203.94.227.70,203.94.243.70
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Just Flight Limited License Service - Just Flight Limited - C:\Program Files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 9355 bytes
  • TroganTrogan London, UK
    edited June 2009
    Hi,

    Please do the following...

    1. Open HijackThis
    - Click the Do a system scan only button
    - Check the following entries (below)

    O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
    O2 - BHO: {b469fc15-9da0-3acb-b134-be90f7d209d4} - {4d902d7f-09eb-431b-bca3-0ad951cf964b} - (no file)
    O2 - BHO: (no name) - {BF29159E-5626-4757-8E4A-D12B68ADD6D4} - (no file)

    - Close ALL open windows (especially Internet Explorer!)
    - Click Fix Checked
    Close HiajckThis

    2. Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT!!! Save ComboFix.exe to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    RcAuto1.gif

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • nick1983nick1983 india
    edited June 2009
    removed those keys with hijack

    couldnt run combofix in normal mode so done in safemode
    ====================================================================
    ComboFix 09-06-19.01 - Nishant 20/06/2009 19:54.2 - NTFSx86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1749 [GMT 5.5:30]
    Running from: c:\documents and settings\Nishant\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    \Service_gxvxcserv.sys


    ((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
    .

    2009-06-20 14:12 . 2009-06-20 14:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-06-18 20:27 . 2009-06-18 20:27
    d
    w- c:\program files\Western Digital Corporation
    2009-06-17 16:58 . 2009-06-17 16:58
    d
    w- c:\program files\Trend Micro
    2009-06-15 21:15 . 2006-06-19 07:31 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2009-06-15 21:15 . 2006-05-25 10:22 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2009-06-15 21:15 . 2005-08-25 20:20 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2009-06-15 21:15 . 2003-02-02 14:36 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2009-06-15 21:15 . 2002-03-05 19:30 75264 ----a-w- c:\windows\system32\unacev2.dll
    2009-06-15 21:15 . 2009-06-15 21:15
    d
    w- c:\documents and settings\Nishant\Application Data\Simply Super Software
    2009-06-15 21:15 . 2009-06-15 21:15
    d
    w- c:\documents and settings\All Users\Application Data\Simply Super Software
    2009-06-15 06:51 . 2009-05-26 07:50 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-15 06:51 . 2009-05-26 07:49 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-12 08:28 . 2009-06-12 08:28
    d
    w- C:\rsit
    2009-06-10 12:59 . 2005-05-03 13:13 69632
    r- c:\windows\Alcmtr.exe
    2009-06-10 11:59 . 2006-02-03 08:29 11264 ----a-w- c:\windows\nvoclk64.sys
    2009-06-10 11:59 . 2006-01-11 05:50 45056 ----a-w- c:\windows\NTuneGpu.dll
    2009-06-10 11:59 . 2006-01-11 05:50 380928 ----a-w- c:\windows\nvsulib.dll
    2009-06-10 11:59 . 2005-09-22 20:03 499712 ----a-w- c:\windows\msvcp71.dll
    2009-06-10 11:59 . 2005-09-22 20:03 348160 ----a-w- c:\windows\msvcr71.dll
    2009-06-10 11:59 . 2005-09-22 20:03 1060864 ----a-w- c:\windows\MFC71.dll
    2009-06-10 11:59 . 2005-09-09 03:02 53248 ----a-w- c:\windows\nvgpio.dll
    2009-06-10 09:21 . 2009-06-10 09:22
    d
    w- C:\4441c714b033426b91e26085f5
    2009-06-10 09:17 . 2009-06-10 09:17
    d
    w- c:\windows\5DF3D1BB894E4DCD8275159AC9829B43.TMP
    2009-06-10 09:07 . 2004-08-04 01:07 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
    2009-06-10 09:06 . 2004-08-04 01:07 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
    2009-06-10 09:04 . 2004-08-04 01:07 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2009-06-10 08:51 . 2009-06-10 08:51
    d
    w- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
    2009-06-10 08:44 . 2004-08-04 01:07 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2009-06-10 08:44 . 2004-08-04 01:07 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2009-06-10 08:44 . 2004-08-04 01:07 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2009-06-10 08:44 . 2004-08-04 01:07 13312 ----a-w- c:\windows\system32\irclass.dll
    2009-06-10 08:42 . 2009-06-10 08:43
    d-s---w- c:\windows\system32\config\systemprofile\History
    2009-06-07 15:29 . 2009-06-07 15:29
    d
    w- c:\documents and settings\Nishant\Local Settings\Application Data\salvation
    2009-06-07 15:29 . 2009-06-07 15:29
    d
    w- c:\documents and settings\All Users\Application Data\salvation
    2009-06-04 17:45 . 2008-12-03 19:55 120832 ----a-w- c:\documents and settings\Nishant\Application Data\Mozilla\Firefox\Profiles\bvdwgfse.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
    2009-06-03 16:56 . 2009-06-03 16:56 390664 ----a-w- c:\documents and settings\Nishant\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
    2009-05-26 20:20 . 2009-05-26 20:20
    d
    w- c:\documents and settings\Nishant\Application Data\ValuSoft
    2009-05-26 10:40 . 2009-05-26 11:08
    d
    w- c:\documents and settings\All Users\Application Data\Tages
    2009-05-26 10:11 . 2009-05-26 10:11 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
    2009-05-26 10:11 . 2009-05-26 10:11 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
    2009-05-24 11:49 . 2009-05-24 11:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2009-05-24 11:49 . 2009-06-10 10:30
    d
    w- c:\documents and settings\Nishant\Application Data\skypePM
    2009-05-24 11:46 . 2009-06-10 11:24
    d
    w- c:\documents and settings\Nishant\Application Data\Skype
    2009-05-24 11:45 . 2009-05-24 11:45
    d
    w- c:\program files\Common Files\Skype
    2009-05-24 11:45 . 2009-05-24 11:45
    d
    r- c:\program files\Skype
    2009-05-24 11:45 . 2009-05-24 11:45
    d
    w- c:\documents and settings\All Users\Application Data\Skype

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-15 18:23 . 2007-12-14 20:09 72720 ----a-w- c:\documents and settings\Nishant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-06-15 07:19 . 2008-05-31 15:05
    d
    w- c:\program files\SUPERAntiSpyware
    2009-06-10 11:59 . 2008-04-30 17:21
    d
    w- c:\program files\MSI
    2009-06-10 09:03 . 2007-12-14 19:36 23392 ----a-w- c:\windows\system32\emptyregdb.dat
    2009-06-10 08:51 . 2007-12-15 19:41
    d
    w- c:\program files\Common Files\Wise Installation Wizard
    2009-06-07 14:11 . 2007-12-14 19:50
    d--h--w- c:\program files\InstallShield Installation Information
    2009-05-29 13:54 . 2008-09-14 19:37
    d
    w- c:\program files\AGEIA Technologies
    2009-05-15 16:54 . 2008-01-25 18:57 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2009-05-15 16:44 . 2009-05-15 16:44
    d
    w- c:\program files\Common Files\Corel
    2009-05-15 16:44 . 2008-01-23 15:01
    d
    w- c:\program files\Corel
    2009-04-29 15:41 . 2008-12-15 16:11
    d
    w- c:\documents and settings\Nishant\Application Data\TeamViewer
    2009-04-27 15:47 . 2009-04-27 15:47 7168 ----a-w- c:\documents and settings\Nishant\Application Data\Thinstall\Your Uninstaller! 2008 Version 6.0\400000d400002i\unins000.exe
    2009-04-27 15:47 . 2008-05-05 14:36
    d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-04-23 09:56 . 2009-04-23 09:56
    d
    w- c:\documents and settings\Nishant\Application Data\Disney Interactive Studios
    2002-09-11 14:26 . 2007-12-14 19:55 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
    2006-05-06 16:42 . 2008-01-17 19:10 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 1079296]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-15 1510640]
    "DAEMON Tools"="e:\temp isnat\DAEMON Tools\daemon.exe" [2007-04-03 165784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Gainward"="c:\program files\Vtune\TBPanel.exe" [2007-03-23 2158592]
    "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
    "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-05 139320]
    "Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-06-14 149024]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "HDInspector.exe"="e:\temp isnat\Hard Drive Inspector\HDInspector.exe" [2008-01-09 1002248]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-03 185896]
    "V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-29 32768]
    "JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-04-20 385024]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
    "TrojanScanner"="v:\trojan remover\Trjscan.exe" [2009-06-01 1059720]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-01-29 16859648]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2009-6-10 928256]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2007-04-19 08:11 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Nimbuzz\\Nimbuzz.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "d:\\softs\\P._LimeWire_4.16.6_by_yerdenizden.exe"=
    "c:\\Documents and Settings\\Nishant\\Desktop\\Foxit PDF Editor.exe"=
    "e:\\temp isnat\\dc++\\ApexDC++\\ApexDC.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:q
    "6346:UDP"= 6346:UDP:as
    "67:UDP"= 67:UDP:DHCP Discovery Service

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundRouterRequest"= 1 (0x1)

    R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [15/12/2007 01:40 58016]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
    R3 dsnpfd;DeskSoft Service;c:\windows\system32\drivers\dsnpfd.sys [05/01/2008 23:40 16896]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [13/05/2008 12:43 8944]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/05/2008 12:43 55024]
    S2 copylock;Copylock NT Driver;c:\windows\system32\COPYLOCK.SYS [26/01/2009 17:20 5248]
    S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 13:13 38144]
    S2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [23/07/2008 23:07 8440]
    S3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [26/06/2008 21:38 69632]
    S3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\Core Center\NTGLM7X.sys [10/06/2009 17:29 27648]
    S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23/04/2007 14:11 287232]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [13/05/2008 12:44 7408]
    S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [11/05/2008 14:31 157696]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-20 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 13:50]
    .
    .
    Supplementary Scan
    .
    uStart Page = about:blank
    IE: Download with GetRight Pro - l:\getright\GRdownload.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Open with GetRight Pro Browser - l:\getright\GRbrowse.htm
    TCP: {B889F46D-6AFE-432C-9141-C85E9AF3F995} = 203.94.227.70,203.94.243.70
    TCP: {D534BEB4-EFA3-40D9-99A4-4CCC13222E08} = 203.94.227.70,203.94.243.70
    DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-20 19:56
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    LOCKED REGISTRY KEYS

    [HKEY_USERS\S-1-5-21-1078081533-1123561945-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:77,e4,8f,61,27,ce,15,b3,52,4c,92,45,da,f7,00,5a,57,a5,93,77,1f,34,d7,
    c1,d3,26,fb,b1,9e,b3,d6,57,f8,ff,4e,71,07,5f,7f,1b,63,68,e3,21,7b,de,ef,f7,\
    "??"=hex:cc,dd,2e,e0,49,43,a1,d5,bc,2e,56,92,33,03,71,bb

    [HKEY_USERS\S-1-5-21-1078081533-1123561945-725345543-1003\Software\SecuROM\License information*]
    "datasecu"=hex:a3,a3,61,c1,92,6f,71,2d,53,8c,6c,ce,93,44,aa,96,fb,21,31,19,b4,
    07,b1,87,1b,6f,32,8d,53,d2,e9,7d,98,ca,2a,d1,bb,52,68,54,c7,da,d9,ef,16,ce,\
    "rkeysecu"=hex:52,5d,16,0d,b7,39,a2,46,ad,ad,80,41,40,a9,b0,8b

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG08.00.00.01WORKSTATION"="AE904F227ABD92F2477D4748799FBFA1F591184845D5D4C93C316D1C90F01797135E68DDF65B1DD770BA1C74023F0ABFD1E00587C4C3D495DC80A54D7B9CA79C8CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A9C6AECB7A5D14075D575E7D6A3B9808E12D41E6D77530D199A370D07F639619CE7854CBB8D21B279B5403D0E9B38A39D879DF423DF7471EBDD2DF1CB2643BDF5E95A6227303930765F7EAAA0B1ED5652C6FB173D744C1762686D6095DE9FBCD08BAE1BCE38E1394DAF332ACDC78CC99C2857858A303CCEFB03FF9C68E747C18490F2F3EC1E95147B6B8280CE2D3DCB0B313C557157C2AE2F2DC428BC126723AD31E0ECC38341BDAE89A6EFD196585C4C8D601D8121FB0ED34287D13EBC52CF08CD64E94E7AB51CD9251FCC0E8065EB68272E7C972FB4BF0F3C9CA18733E063F0D8C1742E4B4E7628BFA1E9236B20FAA95E8889A06C9F791DF529F5F349FF4EAA277E18A3856E622DC16F037D48BD50967A6C8BF8EE2C83ADD32442C7A1B7F7ECF337B235CBD6BD5C50868768DD7837D94775EB14244639507C0D6488C0841C749BD8746C1B9A38D3898C99B1EFC7CF86C0DD5EDC910041625B64782A061E85978FAF9B3CBBED59CDB7531F6370A3C2E73FC0EF4460C76F0BBB45A2CDF47BA89FBB31EAC5464591A8AAD8DDBFEB04E17DF40BC4AC5A39E20FDBC281A6B7A0D71A41190F826E61BE052B621A18B4354EE9DB4E7F651E171DF55359E2756E34C70F6A4446202279B11776783256CBD0435CB9BEB88E17AFA315C67FDAFA58CF6A7AEE0FC381AA66D8C6E7E9DC4A2B9A5AE3F1A798FE444585865025B17D6A5A0FDB71C574D980F3A7B629AAF63A1FA98E37EB9139F3DB6BBE075189FC0D7806F9CB393BEF7192C3EC732C04DEAD3E44BA0C4E890D241726C96439F86988A1420F2796676912AECC922F0595B46950145F482771F44B936C30A3CF3A20B477A8133119613FB51E6417DE3AF94E4B87B1FB5DA1BBC16E5EA319000D1D60AD8F4F652B70D7E1687D09C8F07F50AB88125067A266E3E6CF618B445E45DDC0AFE64F78BDF14F7C9B50667D387401CBCA8F3BA9FED6E4BEE13ED6603F19BC187EBD08EDBAFDB8FFE3E87C28AC806036ADB8113C3F2FADECB55BC706B64F7E4FC46E45B867FF62CA674F8E237DF24C8C03C88794DA85BCAB2C9FA1164AB407DEE29EE11905EDD07322122901F995ACCC65E6A69E3B7B730D8F4429A176E2712E0A46377C50BEB2D187F6F26CEF24E427F4CACF372F99D88F54A50F1EF84C180DC3BD669337D5F82D43F6F17159F88ADFA80F7C0AAFE7F9FC735081420788C7971E205D52B5F5CBAE38457E4050473EBC4EE9A867F8B32940E14ED8C1D8C65803009CE41"
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'winlogon.exe'(832)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    Completion time: 2009-06-20 19:57
    ComboFix-quarantined-files.txt 2009-06-20 14:27

    Pre-Run: 30,874,882,048 bytes free
    Post-Run: 30,856,900,608 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

    Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
    215 --- E O F --- 2009-03-14 13:23
    ===============================================================================
  • TroganTrogan London, UK
    edited June 2009
    Hi,

    Please do the following...

    1.
    • Go to VirusTotal
    • Copy and paste the following file path into the Search Box in the middle of the page:
      • c:\windows\system32\ztvcabinet.dll
    • Now click on the Send File button
        NOTE:
      • If you come to the "File has already been analysed:" page, select "Reanalyse file now" to get a fresh scan.
      [*]Save a copy of the Anti-Virus results only. Post the results in your next reply.
      Please do the same for the following files:

      c:\windows\system32\ztvunrar36.dll
      c:\windows\system32\ztvunace26.dll
      c:\windows\system32\UNRAR3.dll
      c:\windows\system32\irclass.dll
      c:\windows\system32\ezsidmv.dat

      2. Open Notepad and copy/paste the text in the Quote Box below into it:
      Registry::
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
      "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

      Save this as CFScript.txt to your Desktop

      CFScript.gif

      Referring to the picture above, drag CFScript.txt into ComboFix.exe

      This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log and the VirusTotal results.
    • nick1983nick1983 india
      edited June 2009
      c:\windows\system32\ztvcabinet.dll
      ======================================
      Antivirus Version Last Update Result
      a-squared 4.5.0.18 2009.06.23 -
      AhnLab-V3 5.0.0.2 2009.06.23 -
      AntiVir 7.9.0.193 2009.06.23 -
      Antiy-AVL 2.0.3.1 2009.06.23 -
      Authentium 5.1.2.4 2009.06.23 -
      Avast 4.8.1335.0 2009.06.23 -
      AVG 8.5.0.339 2009.06.23 -
      BitDefender 7.2 2009.06.23 -
      CAT-QuickHeal 10.00 2009.06.22 -
      ClamAV 0.94.1 2009.06.23 -
      Comodo 1401 2009.06.23 -
      DrWeb 5.0.0.12182 2009.06.23 -
      eSafe 7.0.17.0 2009.06.23 -
      eTrust-Vet 31.6.6575 2009.06.23 -
      F-Prot 4.4.4.56 2009.06.23 -
      F-Secure 8.0.14470.0 2009.06.23 -
      Fortinet 3.117.0.0 2009.06.23 -
      GData 19 2009.06.23 -
      Ikarus T3.1.1.59.0 2009.06.23 -
      Jiangmin 11.0.706 2009.06.23 -
      K7AntiVirus 7.10.768 2009.06.19 -
      Kaspersky 7.0.0.125 2009.06.23 -
      McAfee 5655 2009.06.23 -
      McAfee+Artemis 5655 2009.06.23 -
      McAfee-GW-Edition 6.7.6 2009.06.23 -
      Microsoft 1.4803 2009.06.23 -
      NOD32 4181 2009.06.23 -
      Norman 6.01.09 2009.06.23 -
      nProtect 2009.1.8.0 2009.06.23 -
      Panda 10.0.0.16 2009.06.23 -
      PCTools 4.4.2.0 2009.06.22 -
      Prevx 3.0 2009.06.23 -
      Rising 21.35.14.00 2009.06.23 -
      Sophos 4.42.0 2009.06.23 -
      Sunbelt 3.2.1858.2 2009.06.23 -
      Symantec 1.4.4.12 2009.06.23 -
      TheHacker 6.3.4.3.351 2009.06.22 -
      TrendMicro 8.950.0.1094 2009.06.23 -
      VBA32 3.12.10.7 2009.06.23 -
      ViRobot 2009.6.23.1800 2009.06.23 -
      VirusBuster 4.6.5.0 2009.06.23 -
      Additional information
      File size: 69632 bytes
      MD5...: 9ec7cf498f3f71e807629577c7bc2d19
      SHA1..: d47d985cedaac980d18ff446687edc0f9c5f2f1f
      SHA256: ed3407eeaccc1718e0b2bc27fd3301bb3d4213821533412b2fe0f2149d0f7a8b
      ssdeep: 1536:DX/7+7mbdhpb6aooPzvO5J98baeGFyQyuzxvHZ8KdkroUj:DPC7mb/pb6sv
      MJ98baByqiKdkroUj
      PEiD..: -
      TrID..: File type identification
      Win32 Dynamic Link Library (generic) (65.4%)
      Generic Win/DOS Executable (17.2%)
      DOS Executable Generic (17.2%)
      Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x0
      timedatestamp.....: 0x39403bed (Fri Jun 09 00:35:57 2000)
      machinetype.......: 0x14c (I386)

      ( 4 sections )
      name viradd virsiz rawdsiz ntrpy md5
      .text 0x1000 0xc74d 0xd000 6.47 16485af7c8f11d33cc0d33815943b39f
      .data 0xe000 0x2818 0x1000 0.56 47de7854fbfd6247387b4f524684f06b
      .rsrc 0x11000 0x3c8 0x1000 1.04 a672e0b885ac0f9fcc95799429d43e4a
      .reloc 0x12000 0x3f8 0x1000 2.10 a9188d5764c12576263581259dd17eca

      ( 2 imports )
      > KERNEL32.dll: CreateDirectoryA, ReadFile, WriteFile, CloseHandle, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, lstrcatA, lstrcpyA, lstrlenA, CreateFileA, SetFileAttributesA, lstrcmpiA, GetLastError, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, DeleteFileA
      > ole32.dll: CoTaskMemFree, CoTaskMemAlloc

      ( 14 exports )
      DeleteExtractedFiles, DllGetVersion, Extract, FCIAddFile, FCICreate, FCIDestroy, FCIFlushCabinet, FCIFlushFolder, FDICopy, FDICreate, FDIDestroy, FDIIsCabinet, FDITruncateCabinet, GetDllVersion
      PDFiD.: -
      RDS...: NSRL Reference Data Set

      ( Sony )

      > Sony System Recovery CD - Sony Driver Recovery CD - Sony Application Recovery CD: 69632_559a562c8!
      > Sony System Recover CD: Cabinet.dll

      ( Microsoft )

      > msdn Internet Explorer/ windows2000 Server: cabinet.dll
      > Windows: cabinet.dll
      > MSDN Disc 0527.1: cabinet.dll
      > Windows Me: cabinet.dll
      > MSDN Disc 0527.2: cabinet.dll
      > Windows DDks: cabinet.dll
      > MSDN Disc 2427.1: cabinet.dll
      > Platforms, Servers, Applications: cabinet.dll
      > MSDN Development Platform Disc2: cabinet.dll
      =========================================================
      ===========================================================
      ===========================================================


      Antivirus Version Last Update Result
      a-squared 4.5.0.18 2009.06.23 -
      AhnLab-V3 5.0.0.2 2009.06.23 -
      AntiVir 7.9.0.193 2009.06.23 -
      Antiy-AVL 2.0.3.1 2009.06.23 -
      Authentium 5.1.2.4 2009.06.23 -
      Avast 4.8.1335.0 2009.06.23 -
      AVG 8.5.0.339 2009.06.23 -
      BitDefender 7.2 2009.06.23 -
      CAT-QuickHeal 10.00 2009.06.22 -
      ClamAV 0.94.1 2009.06.23 -
      Comodo 1401 2009.06.23 -
      DrWeb 5.0.0.12182 2009.06.23 -
      eSafe 7.0.17.0 2009.06.23 -
      eTrust-Vet 31.6.6575 2009.06.23 -
      F-Prot 4.4.4.56 2009.06.23 -
      F-Secure 8.0.14470.0 2009.06.23 -
      Fortinet 3.117.0.0 2009.06.23 -
      GData 19 2009.06.23 -
      Ikarus T3.1.1.59.0 2009.06.23 -
      Jiangmin 11.0.706 2009.06.23 -
      K7AntiVirus 7.10.768 2009.06.19 -
      Kaspersky 7.0.0.125 2009.06.23 -
      McAfee 5655 2009.06.23 -
      McAfee+Artemis 5655 2009.06.23 -
      McAfee-GW-Edition 6.7.6 2009.06.23 -
      Microsoft 1.4803 2009.06.23 -
      NOD32 4181 2009.06.23 -
      Norman 6.01.09 2009.06.23 -
      nProtect 2009.1.8.0 2009.06.23 -
      Panda 10.0.0.16 2009.06.23 -
      PCTools 4.4.2.0 2009.06.22 -
      Prevx 3.0 2009.06.23 -
      Rising 21.35.14.00 2009.06.23 -
      Sophos 4.42.0 2009.06.23 -
      Sunbelt 3.2.1858.2 2009.06.23 -
      Symantec 1.4.4.12 2009.06.23 -
      TheHacker 6.3.4.3.351 2009.06.22 -
      TrendMicro 8.950.0.1094 2009.06.23 -
      VBA32 3.12.10.7 2009.06.23 -
      ViRobot 2009.6.23.1800 2009.06.23 -
      VirusBuster 4.6.5.0 2009.06.23 -
      Additional information
      File size: 162304 bytes
      MD5...: eea6103d96b51e41c058ad2676cdf53e
      SHA1..: 5b189298039b67df653c62db5d5c490472ccbef7
      SHA256: db4c1d956c6350ba8f7899ba046f71d135b6f7b73ed0b5ec237eea2060a3277e
      ssdeep: 3072:lwIKRLhMEH4W1/Ybb1sU0lIyxE16QCL7QcomrpIjiHvHpqPQxhXypCO:aIi
      LhME/gbW7/K16QCxHpqYxhXy
      PEiD..: -
      TrID..: File type identification
      Win32 Dynamic Link Library - Borland C/C++ (86.9%)
      DOS Executable Borland C++ (5.1%)
      Win32 Executable Generic (3.3%)
      Win32 Dynamic Link Library (generic) (2.9%)
      Generic Win/DOS Executable (0.7%)
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x1000
      timedatestamp.....: 0x44758c7e (Thu May 25 10:52:46 2006)
      machinetype.......: 0x14c (I386)

      ( 7 sections )
      name viradd virsiz rawdsiz ntrpy md5
      .text 0x1000 0x22000 0x21400 6.55 d6d8db6367da62b3ea4421864cc3b844
      .data 0x23000 0xb000 0x3e00 4.07 2b6cd3c20974809fbe3788cba61eb35c
      .tls 0x2e000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
      .idata 0x2f000 0x1000 0xa00 4.60 f00458d33043d8896c97389e2b5b1155
      .edata 0x30000 0x1000 0x200 4.17 8107f75977acee10365276997b2a6296
      .rsrc 0x31000 0x1000 0x400 2.00 a4bcd1db03cf6bf822a9b5f3ea9cf239
      .reloc 0x32000 0x1000 0x1000 6.60 92aff816ba265b0d0c61f3421916c64d

      ( 3 imports )
      > ADVAPI32.DLL: AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, SetFileSecurityW
      > KERNEL32.DLL: CloseHandle, CompareStringA, CompareStringW, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, DeviceIoControl, ExitProcess, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FreeEnvironmentStringsA, FreeLibrary, GetACP, GetCPInfo, GetCurrentProcess, GetCurrentThreadId, GetEnvironmentStrings, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocalTime, GetModuleFileNameA, GetModuleHandleA, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoA, GetStdHandle, GetStringTypeW, GetVersion, GetVersionExA, GlobalMemoryStatus, HeapAlloc, HeapFree, IsDBCSLeadByte, LCMapStringA, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, MultiByteToWideChar, RaiseException, ReadFile, RtlUnwind, SetConsoleCtrlHandler, SetEndOfFile, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetHandleCount, Sleep, SystemTimeToFileTime, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, WideCharToMultiByte, WriteFile
      > USER32.DLL: CharLowerA, CharLowerW, CharToOemA, CharToOemBuffA, CharUpperA, CharUpperW, EnumThreadWindows, MessageBoxA, OemToCharA, OemToCharBuffA, wsprintfA

      ( 13 exports )
      RARCloseArchive, RARGetDllVersion, RAROpenArchive, RAROpenArchiveEx, RARProcessFile, RARProcessFileW, RARReadHeader, RARReadHeaderEx, RARSetCallback, RARSetChangeVolProc, RARSetPassword, RARSetProcessDataProc, ___CPPdebugHook
      PDFiD.: -
      RDS...: NSRL Reference Data Set
      -
      ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=eea6103d96b51e41c058ad2676cdf53e' target='_blank'>http://www.threatexpert.com/report.aspx?md5=eea6103d96b51e41c058ad2676cdf53e</a&gt;

      =========================================================
      ===========================================================
      ===========================================================


      File UNRAR3.dll received on 2009.06.23 18:33:09 (UTC)
      Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
      Result: 0/40 (0%)
      Loading server information...
      Your file is queued in position: 1.
      Estimated start time is between 38 and 55 seconds.
      Do not close the window until scan is complete.
      The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
      If you are waiting for more than five minutes you have to resend your file.
      Your file is being scanned by VirusTotal in this moment,
      results will be shown as they're generated.
      Compact Compact
      Print results Print results
      Your file has expired or does not exists.
      Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

      You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
      Email:

      Antivirus Version Last Update Result
      a-squared 4.5.0.18 2009.06.23 -
      AhnLab-V3 5.0.0.2 2009.06.23 -
      AntiVir 7.9.0.193 2009.06.23 -
      Antiy-AVL 2.0.3.1 2009.06.23 -
      Authentium 5.1.2.4 2009.06.23 -
      Avast 4.8.1335.0 2009.06.23 -
      AVG 8.5.0.339 2009.06.23 -
      BitDefender 7.2 2009.06.23 -
      CAT-QuickHeal 10.00 2009.06.22 -
      ClamAV 0.94.1 2009.06.23 -
      Comodo 1401 2009.06.23 -
      DrWeb 5.0.0.12182 2009.06.23 -
      eSafe 7.0.17.0 2009.06.23 -
      eTrust-Vet 31.6.6575 2009.06.23 -
      F-Prot 4.4.4.56 2009.06.23 -
      Fortinet 3.117.0.0 2009.06.23 -
      GData 19 2009.06.23 -
      Ikarus T3.1.1.59.0 2009.06.23 -
      Jiangmin 11.0.706 2009.06.23 -
      K7AntiVirus 7.10.768 2009.06.19 -
      Kaspersky 7.0.0.125 2009.06.23 -
      McAfee 5655 2009.06.23 -
      McAfee+Artemis 5655 2009.06.23 -
      McAfee-GW-Edition 6.7.6 2009.06.23 -
      Microsoft 1.4803 2009.06.23 -
      NOD32 4181 2009.06.23 -
      Norman 6.01.09 2009.06.23 -
      nProtect 2009.1.8.0 2009.06.23 -
      Panda 10.0.0.16 2009.06.23 -
      PCTools 4.4.2.0 2009.06.22 -
      Prevx 3.0 2009.06.23 -
      Rising 21.35.14.00 2009.06.23 -
      Sophos 4.42.0 2009.06.23 -
      Sunbelt 3.2.1858.2 2009.06.23 -
      Symantec 1.4.4.12 2009.06.23 -
      TheHacker 6.3.4.3.351 2009.06.22 -
      TrendMicro 8.950.0.1094 2009.06.23 -
      VBA32 3.12.10.7 2009.06.23 -
      ViRobot 2009.6.23.1800 2009.06.23 -
      VirusBuster 4.6.5.0 2009.06.23 -
      Additional information
      File size: 153088 bytes
      MD5...: 5a495e481bf7f5feafc8238dff493af5
      SHA1..: d4ba78c8794328859506dc05eb9e6cb7619dad96
      SHA256: d951f13927ddfcee6477838ef34ffc1bea4dc05e1f9ee70152a4ccf7d40f1750
      ssdeep: 3072:FUAD6LCZpzwPKg4nKjcsNbNj1T+YCcTpyojUlP1UN7Vs2uyKwEWfSqOXMwU
      wqB:OOjZpzIr4KjpbSYCc9yoolMEWfSqO7Uz
      PEiD..: -
      TrID..: File type identification
      Win32 Dynamic Link Library - Borland C/C++ (86.9%)
      DOS Executable Borland C++ (5.1%)
      Win32 Executable Generic (3.3%)
      Win32 Dynamic Link Library (generic) (2.9%)
      Generic Win/DOS Executable (0.7%)
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x1000
      timedatestamp.....: 0x3e3d41ea (Sun Feb 02 16:06:02 2003)
      machinetype.......: 0x14c (I386)

      ( 7 sections )
      name viradd virsiz rawdsiz ntrpy md5
      .text 0x1000 0x20000 0x1f200 6.55 34f2fab2130aa949d5a2a06032659fa5
      .data 0x21000 0xa000 0x3e00 4.04 b4dec636b4fc5b6d6b7723ad8901e505
      .tls 0x2b000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
      .idata 0x2c000 0x1000 0xa00 4.54 e0785cf4f48671e153e70b377ff47f7f
      .edata 0x2d000 0x1000 0x200 4.12 7a2571d9fcdb31e8ddde5bd63ae3b403
      .rsrc 0x2e000 0x1000 0x200 0.95 9591d537206c397d4e5e960545ec3ed2
      .reloc 0x2f000 0x1000 0x1000 6.50 c7c22096ef6c07fb307ae2f58d111ef2

      ( 3 imports )
      > ADVAPI32.DLL: AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, SetFileSecurityW
      > KERNEL32.DLL: CloseHandle, CompareStringA, CompareStringW, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, DosDateTimeToFileTime, ExitProcess, FileTimeToDosDateTime, FileTimeToLocalFileTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FreeEnvironmentStringsA, FreeLibrary, GetACP, GetCPInfo, GetCurrentProcess, GetCurrentThreadId, GetEnvironmentStrings, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocalTime, GetModuleFileNameA, GetModuleHandleA, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoA, GetStdHandle, GetStringTypeW, GetVersion, GetVersionExA, GlobalMemoryStatus, HeapAlloc, HeapFree, IsDBCSLeadByte, LCMapStringA, LoadLibraryA, LocalFileTimeToFileTime, MultiByteToWideChar, RaiseException, ReadFile, RtlUnwind, SetConsoleCtrlHandler, SetEndOfFile, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetHandleCount, Sleep, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, WideCharToMultiByte, WriteFile
      > USER32.DLL: CharLowerA, CharLowerW, CharToOemA, CharToOemBuffA, CharUpperA, CharUpperW, EnumThreadWindows, MessageBoxA, OemToCharA, OemToCharBuffA, wsprintfA

      ( 12 exports )
      RARCloseArchive, RARGetDllVersion, RAROpenArchive, RAROpenArchiveEx, RARProcessFile, RARReadHeader, RARReadHeaderEx, RARSetCallback, RARSetChangeVolProc, RARSetPassword, RARSetProcessDataProc, ___CPPdebugHook
      PDFiD.: -
      RDS...: NSRL Reference Data Set

      ( Electronic Arts Ltd )

      > Nascar Thunder 2004: unrar.dll

      ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=5a495e481bf7f5feafc8238dff493af5' target='_blank'>http://www.threatexpert.com/report.aspx?md5=5a495e481bf7f5feafc8238dff493af5</a&gt;


      =========================================================
      ===========================================================
      ===========================================================

      File irclass.dll received on 2009.06.23 18:33:10 (UTC)
      Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
      Result: 0/40 (0%)
      Loading server information...
      Your file is queued in position: 1.
      Estimated start time is between 38 and 55 seconds.
      Do not close the window until scan is complete.
      The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
      If you are waiting for more than five minutes you have to resend your file.
      Your file is being scanned by VirusTotal in this moment,
      results will be shown as they're generated.
      Compact Compact
      Print results Print results
      Your file has expired or does not exists.
      Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

      You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
      Email:

      Antivirus Version Last Update Result
      a-squared 4.5.0.18 2009.06.23 -
      AhnLab-V3 5.0.0.2 2009.06.23 -
      AntiVir 7.9.0.193 2009.06.23 -
      Antiy-AVL 2.0.3.1 2009.06.23 -
      Authentium 5.1.2.4 2009.06.23 -
      Avast 4.8.1335.0 2009.06.23 -
      AVG 8.5.0.339 2009.06.23 -
      BitDefender 7.2 2009.06.23 -
      CAT-QuickHeal 10.00 2009.06.22 -
      ClamAV 0.94.1 2009.06.23 -
      Comodo 1401 2009.06.23 -
      DrWeb 5.0.0.12182 2009.06.23 -
      eSafe 7.0.17.0 2009.06.23 -
      eTrust-Vet 31.6.6575 2009.06.23 -
      F-Prot 4.4.4.56 2009.06.23 -
      Fortinet 3.117.0.0 2009.06.23 -
      GData 19 2009.06.23 -
      Ikarus T3.1.1.59.0 2009.06.23 -
      Jiangmin 11.0.706 2009.06.23 -
      K7AntiVirus 7.10.768 2009.06.19 -
      Kaspersky 7.0.0.125 2009.06.23 -
      McAfee 5655 2009.06.23 -
      McAfee+Artemis 5655 2009.06.23 -
      McAfee-GW-Edition 6.7.6 2009.06.23 -
      Microsoft 1.4803 2009.06.23 -
      NOD32 4181 2009.06.23 -
      Norman 6.01.09 2009.06.23 -
      nProtect 2009.1.8.0 2009.06.23 -
      Panda 10.0.0.16 2009.06.23 -
      PCTools 4.4.2.0 2009.06.22 -
      Prevx 3.0 2009.06.23 -
      Rising 21.35.14.00 2009.06.23 -
      Sophos 4.42.0 2009.06.23 -
      Sunbelt 3.2.1858.2 2009.06.23 -
      Symantec 1.4.4.12 2009.06.23 -
      TheHacker 6.3.4.3.351 2009.06.22 -
      TrendMicro 8.950.0.1094 2009.06.23 -
      VBA32 3.12.10.7 2009.06.23 -
      ViRobot 2009.6.23.1800 2009.06.23 -
      VirusBuster 4.6.5.0 2009.06.23 -
      Additional information
      File size: 13312 bytes
      MD5...: facef4325fe4795647149dec6ff728c7
      SHA1..: 50d325710173145f9f0ec65790d6d279da254cd9
      SHA256: 9b10a0ec1c16f396f36fcf8b85c42c45a3ca3f3a45e71dd5e77cddd417d1af4f
      ssdeep: 192:RLeMYLNVNVmUPtqVxwoF7FZHN5URAoWlUWh0cLjQf:RLeMYLNVDJPtq375FZ
      HN5UnWlUWh0
      PEiD..: -
      TrID..: File type identification
      Win32 Dynamic Link Library (generic) (65.4%)
      Generic Win/DOS Executable (17.2%)
      DOS Executable Generic (17.2%)
      Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x12e0
      timedatestamp.....: 0x3b7dfed9 (Sat Aug 18 05:36:25 2001)
      machinetype.......: 0x14c (I386)

      ( 4 sections )
      name viradd virsiz rawdsiz ntrpy md5
      .text 0x1000 0x16ba 0x1800 6.00 167ff1be7da9b2c41e26bb3b9d54ffc8
      .data 0x3000 0x4f0 0x200 0.63 0289fe426d2814fb9850855337f7f404
      .rsrc 0x4000 0x1058 0x1200 3.46 5ec52ce77075d15f4b92dfe7edaea0da
      .reloc 0x6000 0x21a 0x400 2.32 87eb91615923354a11c63477cdb5a871

      ( 6 imports )
      > msvcrt.dll: _wtol
      > ADVAPI32.dll: RegQueryValueExW, RegCloseKey, RegEnumValueW, RegSetValueExW, RegOpenKeyExW
      > COMCTL32.dll: CreatePropertySheetPageW, DestroyPropertySheetPage
      > KERNEL32.dll: lstrlenW, DisableThreadLibraryCalls, LocalAlloc, LocalFree, GetLastError, lstrcpyW
      > SETUPAPI.dll: SetupFindFirstLineW, SetupCloseInfFile, SetupDiOpenDevRegKey, SetupDiGetDeviceRegistryPropertyW, SetupDiCallClassInstaller, SetupDiSetDeviceInstallParamsW, SetupDiGetDeviceInstallParamsW, SetupDiSetClassInstallParamsW, SetupDiSetDeviceRegistryPropertyW, SetupDiGetClassInstallParamsW, SetupGetIntField, SetupDiGetActualSectionToInstallW, SetupOpenInfFileW, SetupDiGetDriverInfoDetailW, SetupDiGetSelectedDriverW, SetupGetMultiSzFieldW
      > USER32.dll: GetWindowLongW, LoadStringW, MessageBoxW, GetFocus, SendDlgItemMessageW, ShowWindow, GetDlgItem, SetDlgItemTextW, WinHelpW, EnableWindow, PostMessageW, SendMessageW, GetParent, EndDialog, SetWindowLongW

      ( 3 exports )
      IrSIRClassCoInstaller, IrSIRPortPropPageProvider, LibMain
      PDFiD.: -
      RDS...: NSRL Reference Data Set

      ( Microsoft )

      > Operating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: irclass.dll
      > Virtual PC for Mac Windows XP Home Edition: irclass.dll
      > MSDN Disc 2428: irclass.dll
      > MSDN Disc2428.3: irclass.dll
      > Platforms, SDK/DDK, Developer Tools: irclass.dll
      > Windows XP: irclass.dll
      > 2262A: Supporting Users Running Applications on a Microsoft Windows XP Operating System: irclass.dll
      > Windows XP Home Edition: irclass.dll
      > Microsoft TechNet Trial Software 2002 Volume 1: irclass.dll
      > 2261A: Supporting Users Running the Microsoft Windows XP Operating System: irclass.dll
      > Windows CE .NET Evaluation Software: irclass.dll
      > MSDN Disc 2041: irclass.dll
      > MSDN Disc 2307: irclass.dll
      > Microsoft Security Resource Kit: irclass.dll
      > Windows XP Tablet PC Edition: irclass.dll
      > Windows XP Professional: irclass.dll
      > Implementing and Supporting Microsoft Windows XP Professional: irclass.dll
      > Windows XP Professional 2002 Service Pack 1: irclass.dll
      > Windows XP eMbedded Evaluation Software: irclass.dll
      > MSDN Disc 3264: irclass.dll
      > MSDN Disc 2428.1: irclass.dll
      > MSDN Disc 2428.2: irclass.dll
      > MSDN Disc 2428.5: irclass.dll
      > MSDN Disc 2428.4: irclass.dll
      > MSDN Disc 2428.8: irclass.dll
      > Platforms, SDK/DDK: irclass.dll
      > Virtual PC for Mac Windows XP Professional Edition: irclass.dll
      > Microsoft Windows XP Professional: irclass.dll
      > Platforms SDKs/DDKs: irclass.dll

      ( Compaq )

      > Compaq Operating System CD: irclass.dll

      ( Dell )

      > Reinstallation CD Microsoft Windows XP Professional: irclass.dll

      ( Gateway )

      > Gateway Operating System Windows XP Pro Edition SP2: irclass.dll


      =========================================================
      ===========================================================
      ===========================================================


      File ezsidmv.dat received on 2009.06.23 18:33:37 (UTC)
      Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
      Result: 0/41 (0%)
      Loading server information...
      Your file is queued in position: 1.
      Estimated start time is between 38 and 55 seconds.
      Do not close the window until scan is complete.
      The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
      If you are waiting for more than five minutes you have to resend your file.
      Your file is being scanned by VirusTotal in this moment,
      results will be shown as they're generated.
      Compact Compact
      Print results Print results
      Your file has expired or does not exists.
      Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

      You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
      Email:

      Antivirus Version Last Update Result
      a-squared 4.5.0.18 2009.06.23 -
      AhnLab-V3 5.0.0.2 2009.06.23 -
      AntiVir 7.9.0.193 2009.06.23 -
      Antiy-AVL 2.0.3.1 2009.06.23 -
      Authentium 5.1.2.4 2009.06.23 -
      Avast 4.8.1335.0 2009.06.23 -
      AVG 8.5.0.339 2009.06.23 -
      BitDefender 7.2 2009.06.23 -
      CAT-QuickHeal 10.00 2009.06.22 -
      ClamAV 0.94.1 2009.06.23 -
      Comodo 1401 2009.06.23 -
      DrWeb 5.0.0.12182 2009.06.23 -
      eSafe 7.0.17.0 2009.06.23 -
      eTrust-Vet 31.6.6575 2009.06.23 -
      F-Prot 4.4.4.56 2009.06.23 -
      F-Secure 8.0.14470.0 2009.06.23 -
      Fortinet 3.117.0.0 2009.06.23 -
      GData 19 2009.06.23 -
      Ikarus T3.1.1.59.0 2009.06.23 -
      Jiangmin 11.0.706 2009.06.23 -
      K7AntiVirus 7.10.768 2009.06.19 -
      Kaspersky 7.0.0.125 2009.06.23 -
      McAfee 5655 2009.06.23 -
      McAfee+Artemis 5655 2009.06.23 -
      McAfee-GW-Edition 6.7.6 2009.06.23 -
      Microsoft 1.4803 2009.06.23 -
      NOD32 4181 2009.06.23 -
      Norman 6.01.09 2009.06.23 -
      nProtect 2009.1.8.0 2009.06.23 -
      Panda 10.0.0.16 2009.06.23 -
      PCTools 4.4.2.0 2009.06.22 -
      Prevx 3.0 2009.06.23 -
      Rising 21.35.14.00 2009.06.23 -
      Sophos 4.42.0 2009.06.23 -
      Sunbelt 3.2.1858.2 2009.06.23 -
      Symantec 1.4.4.12 2009.06.23 -
      TheHacker 6.3.4.3.351 2009.06.22 -
      TrendMicro 8.950.0.1094 2009.06.23 -
      VBA32 3.12.10.7 2009.06.23 -
      ViRobot 2009.6.23.1800 2009.06.23 -
      VirusBuster 4.6.5.0 2009.06.23 -
      Additional information
      File size: 56 bytes
      MD5...: 9c714175156afa89a1c0c98e9f51a319
      SHA1..: f65558239942fcac0a0ae57dacf7ada551414b11
      SHA256: 064d3df55cacca1ae8f4eaaeb7387523815f9a078c5fc3c70a7d5b5465f43240
      ssdeep: 3:AvnprKzNUHkRUO:LNUER
      PEiD..: -
      TrID..: File type identification
      Unknown!
      PEInfo: -
      PDFiD.: -
      RDS...: NSRL Reference Data Set
      -

      =========================================================
      ===========================================================
      ===========================================================
      File ztvunace26.dll received on 2009.06.23 18:32:46 (UTC)
      Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
      Result: 0/41 (0%)
      Loading server information...
      Your file is queued in position: ___.
      Estimated start time is between ___ and ___ .
      Do not close the window until scan is complete.
      The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
      If you are waiting for more than five minutes you have to resend your file.
      Your file is being scanned by VirusTotal in this moment,
      results will be shown as they're generated.
      Compact Compact
      Print results Print results
      Your file has expired or does not exists.
      Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

      You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
      Email:

      Antivirus Version Last Update Result
      a-squared 4.5.0.18 2009.06.23 -
      AhnLab-V3 5.0.0.2 2009.06.23 -
      AntiVir 7.9.0.193 2009.06.23 -
      Antiy-AVL 2.0.3.1 2009.06.23 -
      Authentium 5.1.2.4 2009.06.23 -
      Avast 4.8.1335.0 2009.06.23 -
      AVG 8.5.0.339 2009.06.23 -
      BitDefender 7.2 2009.06.23 -
      CAT-QuickHeal 10.00 2009.06.22 -
      ClamAV 0.94.1 2009.06.23 -
      Comodo 1401 2009.06.23 -
      DrWeb 5.0.0.12182 2009.06.23 -
      eSafe 7.0.17.0 2009.06.23 -
      eTrust-Vet 31.6.6575 2009.06.23 -
      F-Prot 4.4.4.56 2009.06.23 -
      F-Secure 8.0.14470.0 2009.06.23 -
      Fortinet 3.117.0.0 2009.06.23 -
      GData 19 2009.06.23 -
      Ikarus T3.1.1.59.0 2009.06.23 -
      Jiangmin 11.0.706 2009.06.23 -
      K7AntiVirus 7.10.768 2009.06.19 -
      Kaspersky 7.0.0.125 2009.06.23 -
      McAfee 5655 2009.06.23 -
      McAfee+Artemis 5655 2009.06.23 -
      McAfee-GW-Edition 6.7.6 2009.06.23 -
      Microsoft 1.4803 2009.06.23 -
      NOD32 4181 2009.06.23 -
      Norman 6.01.09 2009.06.23 -
      nProtect 2009.1.8.0 2009.06.23 -
      Panda 10.0.0.16 2009.06.23 -
      PCTools 4.4.2.0 2009.06.22 -
      Prevx 3.0 2009.06.23 -
      Rising 21.35.14.00 2009.06.23 -
      Sophos 4.42.0 2009.06.23 -
      Sunbelt 3.2.1858.2 2009.06.23 -
      Symantec 1.4.4.12 2009.06.23 -
      TheHacker 6.3.4.3.351 2009.06.22 -
      TrendMicro 8.950.0.1094 2009.06.23 -
      VBA32 3.12.10.7 2009.06.23 -
      ViRobot 2009.6.23.1800 2009.06.23 -
      VirusBuster 4.6.5.0 2009.06.23 -
      Additional information
      File size: 77312 bytes
      MD5...: de02c4d04088b69e64ecc30a3d9e22e5
      SHA1..: a5f66d420b6a6ebb04242fb85ca462a99dbf89b6
      SHA256: c9d28800e740a1569aec8fe27df10ef186d883f94cec15a5c228826b45a24f9d
      ssdeep: 1536:hZ7jJ13iy8Z781A9kJrVLaIYJqsghgRQquctDhyquYVuTXHze8I:i7OrUIe
      qZqu1TTex
      PEiD..: -
      TrID..: File type identification
      Clipper DOS Executable (33.4%)
      Generic Win/DOS Executable (33.2%)
      DOS Executable Generic (33.1%)
      Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x6cf6
      timedatestamp.....: 0x430f3821 (Fri Aug 26 15:41:21 2005)
      machinetype.......: 0x14c (I386)

      ( 7 sections )
      name viradd virsiz rawdsiz ntrpy md5
      AUTO 0x1000 0x0 0xee00 6.65 9919be0855ebc5731184cca52b4d4aac
      .idata 0x10000 0x0 0x1000 4.95 a80fa01e532e5237dd7bae73e872f805
      DGROUP 0x11000 0x0 0x1000 3.75 2a7439ec839dbad8f4f642dfef6bf6c0
      .bss 0x12000 0x0 0x34a00 6.54 de02c4d04088b69e64ecc30a3d9e22e5
      .edata 0x47000 0x0 0x200 2.23 322771581092c5b256f8a96e154198e3
      .reloc 0x48000 0x0 0x1400 6.49 6f792a8b852804d81f3ee38dd74623f7
      .rsrc 0x4a000 0x0 0x600 2.62 b9f4f644cae3209616e8ab915aa8a7b7

      ( 5 imports )
      > SHELL32.DLL: ShellExecuteA, ShellExecuteExA
      > KERNEL32.DLL: AllocConsole, CloseHandle, CreateDirectoryA, CreateFileA, CreateProcessA, DeleteFileA, DeviceIoControl, DisableThreadLibraryCalls, DosDateTimeToFileTime, ExitProcess, ExitThread, FileTimeToDosDateTime, FileTimeToLocalFileTime, FileTimeToSystemTime, FillConsoleOutputAttribute, FillConsoleOutputCharacterA, FindClose, FindFirstFileA, FindNextFileA, FlushFileBuffers, FreeConsole, GetCommandLineA, GetConsoleCursorInfo, GetConsoleScreenBufferInfo, GetCurrentDirectoryA, GetCurrentProcess, GetDiskFreeSpaceA, GetDriveTypeA, GetEnvironmentStrings, GetEnvironmentVariableA, GetExitCodeProcess, GetFileAttributesA, GetFileInformationByHandle, GetFileTime, GetFileType, GetFullPathNameA, GetLastError, GetLocalTime, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, GetShortPathNameA, GetStartupInfoA, GetStdHandle, GetSystemTime, GetTempPathA, GetTimeZoneInformation, GetVersion, GetVolumeInformationA, GlobalMemoryStatus, HeapAlloc, HeapCreate, HeapDestroy, HeapFree, HeapReAlloc, HeapSize, LCMapStringA, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, PeekConsoleInputA, ReadConsoleInputA, ReadConsoleOutputAttribute, ReadConsoleOutputA, ReadFile, RemoveDirectoryA, ScrollConsoleScreenBufferA, SearchPathA, SetConsoleCtrlHandler, SetConsoleCursorInfo, SetConsoleCursorPosition, SetConsoleScreenBufferSize, SetConsoleWindowInfo, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetFileAttributesA, SetFilePointer, SetFileTime, SetHandleCount, SetStdHandle, Sleep, SystemTimeToFileTime, TerminateProcess, VirtualAlloc, VirtualFree, WaitForSingleObject, WriteConsoleOutputA, WriteConsoleOutputCharacterA, WriteFile
      > ADVAPI32.DLL: RegCloseKey, RegCreateKeyA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA
      > GDI32.DLL: CreateFontA, DeleteObject
      > USER32.DLL: CharToOemBuffA, CreateDialogParamA, DestroyWindow, DialogBoxParamA, DispatchMessageA, EnableWindow, EndDialog, GetDlgItem, GetDlgItemTextA, GetKeyState, GetWindowTextA, KillTimer, LoadBitmapA, LoadCursorA, LoadIconA, LoadImageA, MessageBeep, MessageBoxA, OemToCharBuffA, PeekMessageA, SendDlgItemMessageA, SetCursor, SetDlgItemTextA, SetFocus, SetTimer, SetWindowTextA, ShowCursor, ShowWindow, TranslateMessage

      ( 6 exports )
      ACEExtract, ACEInitDll, ACEList, ACEReadArchiveData, ACETest, ___DllMainCRTStartup@12
      PDFiD.: -
      RDS...: NSRL Reference Data Set
      -
      ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=de02c4d04088b69e64ecc30a3d9e22e5' target='_blank'>http://www.threatexpert.com/report.aspx?md5=de02c4d04088b69e64ecc30a3d9e22e5</a&gt;
    • nick1983nick1983 india
      edited June 2009
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 00:22:38, on 24/06/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Safe mode with network support

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\CF21392.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      O1 - Hosts: 66.98.148.65 auto.search.msn.com
      O1 - Hosts: 66.98.148.65 auto.search.msn.es
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
      O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [HDInspector.exe] E:\temp isnat\Hard Drive Inspector\HDInspector.exe
      O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
      O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [TrojanScanner] V:\Trojan Remover\Trjscan.exe /boot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
      O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKCU\..\Run: [DAEMON Tools] "E:\temp isnat\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
      O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
      O8 - Extra context menu item: Download with GetRight Pro - L:\GetRight\GRdownload.htm
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Open with GetRight Pro Browser - L:\GetRight\GRbrowse.htm
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
      O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203789450693
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229261617109
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B889F46D-6AFE-432C-9141-C85E9AF3F995}: NameServer = 203.94.227.70,203.94.243.70
      O17 - HKLM\System\CCS\Services\Tcpip\..\{D534BEB4-EFA3-40D9-99A4-4CCC13222E08}: NameServer = 203.94.227.70,203.94.243.70
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
      O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Just Flight Limited License Service - Just Flight Limited - C:\Program Files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

      --
      End of file - 7699 bytes
      ==============================
      ======================
      ========================

      ComboFix 09-06-19.01 - Nishant 24/06/2009 0:11.1 - NTFSx86 NETWORK
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1715 [GMT 5.5:30]
      Running from: c:\documents and settings\Nishant\Desktop\ComboFix.exe
      Command switches used :: c:\documents and settings\Nishant\Desktop\CFScript.txt
      .

      ((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
      .

      2009-06-21 19:31 . 2009-06-21 19:30 410984 ----a-w- c:\windows\system32\deploytk.dll
      2009-06-21 19:30 . 2009-06-21 19:30
      d
      w- c:\program files\Java
      2009-06-21 19:17 . 2009-06-21 19:17
      d-s---w- c:\documents and settings\Nishant\UserData
      2009-06-21 19:11 . 2009-06-21 19:11 130796 ----a-w- C:\MGlogs.zip
      2009-06-21 19:10 . 2009-06-21 19:11
      d
      w- C:\MGtools
      2009-06-21 19:06 . 2009-06-16 02:43 1342377 ----a-w- C:\MGtools.exe
      2009-06-20 18:29 . 2009-06-20 18:29 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
      2009-06-20 14:12 . 2009-06-20 14:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
      2009-06-18 20:27 . 2009-06-18 20:27
      d
      w- c:\program files\Western Digital Corporation
      2009-06-17 16:58 . 2009-06-17 16:58
      d
      w- c:\program files\Trend Micro
      2009-06-15 21:15 . 2006-06-19 07:31 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
      2009-06-15 21:15 . 2006-05-25 10:22 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
      2009-06-15 21:15 . 2005-08-25 20:20 77312 ----a-w- c:\windows\system32\ztvunace26.dll
      2009-06-15 21:15 . 2003-02-02 14:36 153088 ----a-w- c:\windows\system32\UNRAR3.dll
      2009-06-15 21:15 . 2002-03-05 19:30 75264 ----a-w- c:\windows\system32\unacev2.dll
      2009-06-15 21:15 . 2009-06-15 21:15
      d
      w- c:\documents and settings\Nishant\Application Data\Simply Super Software
      2009-06-15 21:15 . 2009-06-15 21:15
      d
      w- c:\documents and settings\All Users\Application Data\Simply Super Software
      2009-06-15 06:51 . 2009-06-17 05:57 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-06-15 06:51 . 2009-06-17 05:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-06-12 08:28 . 2009-06-12 08:28
      d
      w- C:\rsit
      2009-06-10 12:59 . 2005-05-03 13:13 69632
      r- c:\windows\Alcmtr.exe
      2009-06-10 11:59 . 2006-02-03 08:29 11264 ----a-w- c:\windows\nvoclk64.sys
      2009-06-10 11:59 . 2006-01-11 05:50 45056 ----a-w- c:\windows\NTuneGpu.dll
      2009-06-10 11:59 . 2006-01-11 05:50 380928 ----a-w- c:\windows\nvsulib.dll
      2009-06-10 11:59 . 2005-09-22 20:03 499712 ----a-w- c:\windows\msvcp71.dll
      2009-06-10 11:59 . 2005-09-22 20:03 348160 ----a-w- c:\windows\msvcr71.dll
      2009-06-10 11:59 . 2005-09-22 20:03 1060864 ----a-w- c:\windows\MFC71.dll
      2009-06-10 11:59 . 2005-09-09 03:02 53248 ----a-w- c:\windows\nvgpio.dll
      2009-06-10 09:21 . 2009-06-10 09:22
      d
      w- C:\4441c714b033426b91e26085f5
      2009-06-10 09:17 . 2009-06-10 09:17
      d
      w- c:\windows\5DF3D1BB894E4DCD8275159AC9829B43.TMP
      2009-06-10 09:07 . 2004-08-04 01:07 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
      2009-06-10 09:06 . 2004-08-04 01:07 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
      2009-06-10 09:04 . 2004-08-04 01:07 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
      2009-06-10 08:51 . 2009-06-10 08:51
      d
      w- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
      2009-06-10 08:44 . 2004-08-04 01:07 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
      2009-06-10 08:44 . 2004-08-04 01:07 24661 ----a-w- c:\windows\system32\spxcoins.dll
      2009-06-10 08:44 . 2004-08-04 01:07 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
      2009-06-10 08:44 . 2004-08-04 01:07 13312 ----a-w- c:\windows\system32\irclass.dll
      2009-06-10 08:42 . 2009-06-10 08:43
      d-s---w- c:\windows\system32\config\systemprofile\History
      2009-06-07 15:29 . 2009-06-07 15:29
      d
      w- c:\documents and settings\Nishant\Local Settings\Application Data\salvation
      2009-06-07 15:29 . 2009-06-07 15:29
      d
      w- c:\documents and settings\All Users\Application Data\salvation
      2009-06-04 17:45 . 2008-12-03 19:55 120832 ----a-w- c:\documents and settings\Nishant\Application Data\Mozilla\Firefox\Profiles\bvdwgfse.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
      2009-06-03 16:56 . 2009-06-03 16:56 390664 ----a-w- c:\documents and settings\Nishant\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
      2009-05-26 20:20 . 2009-05-26 20:20
      d
      w- c:\documents and settings\Nishant\Application Data\ValuSoft
      2009-05-26 10:40 . 2009-05-26 11:08
      d
      w- c:\documents and settings\All Users\Application Data\Tages
      2009-05-26 10:11 . 2009-05-26 10:11 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
      2009-05-26 10:11 . 2009-05-26 10:11 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-06-23 17:52 . 2009-05-24 11:46
      d
      w- c:\documents and settings\Nishant\Application Data\Skype
      2009-06-23 17:51 . 2009-05-24 11:49
      d
      w- c:\documents and settings\Nishant\Application Data\skypePM
      2009-06-15 18:23 . 2007-12-14 20:09 72720 ----a-w- c:\documents and settings\Nishant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-06-15 07:19 . 2008-05-31 15:05
      d
      w- c:\program files\SUPERAntiSpyware
      2009-06-10 11:59 . 2008-04-30 17:21
      d
      w- c:\program files\MSI
      2009-06-10 09:03 . 2007-12-14 19:36 23392 ----a-w- c:\windows\system32\emptyregdb.dat
      2009-06-10 08:51 . 2007-12-15 19:41
      d
      w- c:\program files\Common Files\Wise Installation Wizard
      2009-06-07 14:11 . 2007-12-14 19:50
      d--h--w- c:\program files\InstallShield Installation Information
      2009-05-29 13:54 . 2008-09-14 19:37
      d
      w- c:\program files\AGEIA Technologies
      2009-05-24 11:49 . 2009-05-24 11:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat
      2009-05-24 11:45 . 2009-05-24 11:45
      d
      w- c:\program files\Common Files\Skype
      2009-05-24 11:45 . 2009-05-24 11:45
      d
      r- c:\program files\Skype
      2009-05-24 11:45 . 2009-05-24 11:45
      d
      w- c:\documents and settings\All Users\Application Data\Skype
      2009-05-15 16:54 . 2008-01-25 18:57 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys
      2009-05-15 16:44 . 2009-05-15 16:44
      d
      w- c:\program files\Common Files\Corel
      2009-05-15 16:44 . 2008-01-23 15:01
      d
      w- c:\program files\Corel
      2009-04-29 15:41 . 2008-12-15 16:11
      d
      w- c:\documents and settings\Nishant\Application Data\TeamViewer
      2009-04-27 15:47 . 2009-04-27 15:47 7168 ----a-w- c:\documents and settings\Nishant\Application Data\Thinstall\Your Uninstaller! 2008 Version 6.0\400000d400002i\unins000.exe
      2009-04-27 15:47 . 2008-05-05 14:36
      d---a-w- c:\documents and settings\All Users\Application Data\TEMP
      2002-09-11 14:26 . 2007-12-14 19:55 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
      2006-05-06 16:42 . 2008-01-17 19:10 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
      "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
      "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 1079296]
      "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-15 1510640]
      "DAEMON Tools"="e:\temp isnat\DAEMON Tools\daemon.exe" [2007-04-03 165784]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Gainward"="c:\program files\Vtune\TBPanel.exe" [2007-03-23 2158592]
      "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
      "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-05 139320]
      "Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
      "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
      "Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-06-14 149024]
      "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
      "HDInspector.exe"="e:\temp isnat\Hard Drive Inspector\HDInspector.exe" [2008-01-09 1002248]
      "V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-29 32768]
      "JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-04-20 385024]
      "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
      "TrojanScanner"="v:\trojan remover\Trjscan.exe" [2009-06-01 1059720]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-21 148888]
      "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]
      "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-01-29 16859648]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2009-6-10 928256]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2007-04-19 08:11 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
      @=&quot;Service"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
      "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
      "c:\\Program Files\\Nimbuzz\\Nimbuzz.exe"=
      "c:\\WINDOWS\\system32\\dpnsvr.exe"=
      "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
      "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
      "d:\\softs\\P._LimeWire_4.16.6_by_yerdenizden.exe"=
      "c:\\Documents and Settings\\Nishant\\Desktop\\Foxit PDF Editor.exe"=
      "e:\\temp isnat\\dc++\\ApexDC++\\ApexDC.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "6346:TCP"= 6346:TCP:q
      "6346:UDP"= 6346:UDP:as
      "67:UDP"= 67:UDP:DHCP Discovery Service

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
      "AllowInboundRouterRequest"= 1 (0x1)

      R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [15/12/2007 01:40 58016]
      R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
      R3 dsnpfd;DeskSoft Service;c:\windows\system32\drivers\dsnpfd.sys [05/01/2008 23:40 16896]
      S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [13/05/2008 12:43 8944]
      S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/05/2008 12:43 55024]
      S2 copylock;Copylock NT Driver;c:\windows\system32\COPYLOCK.SYS [26/01/2009 17:20 5248]
      S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 13:13 38144]
      S2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [23/07/2008 23:07 8440]
      S3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [26/06/2008 21:38 69632]
      S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23/04/2007 14:11 287232]
      S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [13/05/2008 12:44 7408]
      S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [11/05/2008 14:31 157696]
      S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]
      .
      Contents of the 'Scheduled Tasks' folder

      2009-06-23 c:\windows\Tasks\MP Scheduled Scan.job
      - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 13:50]
      .
      .
      Supplementary Scan
      .
      uStart Page = about:blank
      IE: Download with GetRight Pro - l:\getright\GRdownload.htm
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      IE: Open with GetRight Pro Browser - l:\getright\GRbrowse.htm
      TCP: {B889F46D-6AFE-432C-9141-C85E9AF3F995} = 203.94.227.70,203.94.243.70
      TCP: {D534BEB4-EFA3-40D9-99A4-4CCC13222E08} = 203.94.227.70,203.94.243.70
      DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab
      FF - ProfilePath -
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-06-24 00:15
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      LOCKED REGISTRY KEYS

      [HKEY_USERS\S-1-5-21-1078081533-1123561945-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
      "??"=hex:77,e4,8f,61,27,ce,15,b3,52,4c,92,45,da,f7,00,5a,57,a5,93,77,1f,34,d7,
      c1,d3,26,fb,b1,9e,b3,d6,57,f8,ff,4e,71,07,5f,7f,1b,63,68,e3,21,7b,de,ef,f7,\
      "??"=hex:cc,dd,2e,e0,49,43,a1,d5,bc,2e,56,92,33,03,71,bb

      [HKEY_USERS\S-1-5-21-1078081533-1123561945-725345543-1003\Software\SecuROM\License information*]
      "datasecu"=hex:a3,a3,61,c1,92,6f,71,2d,53,8c,6c,ce,93,44,aa,96,fb,21,31,19,b4,
      07,b1,87,1b,6f,32,8d,53,d2,e9,7d,98,ca,2a,d1,bb,52,68,54,c7,da,d9,ef,16,ce,\
      "rkeysecu"=hex:52,5d,16,0d,b7,39,a2,46,ad,ad,80,41,40,a9,b0,8b

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
      "OODEFRAG08.00.00.01WORKSTATION"="AE904F227ABD92F2477D4748799FBFA1F591184845D5D4C93C316D1C90F01797135E68DDF65B1DD770BA1C74023F0ABFD1E00587C4C3D495DC80A54D7B9CA79C8CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A9C6AECB7A5D14075D575E7D6A3B9808E12D41E6D77530D199A370D07F639619CE7854CBB8D21B279B5403D0E9B38A39D879DF423DF7471EBDD2DF1CB2643BDF5E95A6227303930765F7EAAA0B1ED5652C6FB173D744C1762686D6095DE9FBCD08BAE1BCE38E1394DAF332ACDC78CC99C2857858A303CCEFB03FF9C68E747C18490F2F3EC1E95147B6B8280CE2D3DCB0B313C557157C2AE2F2DC428BC126723AD31E0ECC38341BDAE89A6EFD196585C4C8D601D8121FB0ED34287D13EBC52CF08CD64E94E7AB51CD9251FCC0E8065EB68272E7C972FB4BF0F3C9CA18733E063F0D8C1742E4B4E7628BFA1E9236B20FAA95E8889A06C9F791DF529F5F349FF4EAA277E18A3856E622DC16F037D48BD50967A6C8BF8EE2C83ADD32442C7A1B7F7ECF337B235CBD6BD5C50868768DD7837D94775EB14244639507C0D6488C0841C749BD8746C1B9A38D3898C99B1EFC7CF86C0DD5EDC910041625B64782A061E85978FAF9B3CBBED59CDB7531F6370A3C2E73FC0EF4460C76F0BBB45A2CDF47BA89FBB31EAC5464591A8AAD8DDBFEB04E17DF40BC4AC5A39E20FDBC281A6B7A0D71A41190F826E61BE052B621A18B4354EE9DB4E7F651E171DF55359E2756E34C70F6A4446202279B11776783256CBD0435CB9BEB88E17AFA315C67FDAFA58CF6A7AEE0FC381AA66D8C6E7E9DC4A2B9A5AE3F1A798FE444585865025B17D6A5A0FDB71C574D980F3A7B629AAF63A1FA98E37EB9139F3DB6BBE075189FC0D7806F9CB393BEF7192C3EC732C04DEAD3E44BA0C4E890D241726C96439F86988A1420F2796676912AECC922F0595B46950145F482771F44B936C30A3CF3A20B477A8133119613FB51E6417DE3AF94E4B87B1FB5DA1BBC16E5EA319000D1D60AD8F4F652B70D7E1687D09C8F07F50AB88125067A266E3E6CF618B445E45DDC0AFE64F78BDF14F7C9B50667D387401CBCA8F3BA9FED6E4BEE13ED6603F19BC187EBD08EDBAFDB8FFE3E87C28AC806036ADB8113C3F2FADECB55BC706B64F7E4FC46E45B867FF62CA674F8E237DF24C8C03C88794DA85BCAB2C9FA1164AB407DEE29EE11905EDD07322122901F995ACCC65E6A69E3B7B730D8F4429A176E2712E0A46377C50BEB2D187F6F26CEF24E427F4CACF372F99D88F54A50F1EF84C180DC3BD669337D5F82D43F6F17159F88ADFA80F7C0AAFE7F9FC735081420788C7971E205D52B5F5CBAE38457E4050473EBC4EE9A867F8B32940E14ED8C1D8C65803009CE41"
      .
      DLLs Loaded Under Running Processes

      - - - - - - - > 'winlogon.exe'(832)
      c:\program files\SUPERAntiSpyware\SASWINLO.dll
      .
      Completion time: 2009-06-23 0:16
      ComboFix-quarantined-files.txt 2009-06-23 18:46
      ComboFix2.txt 2009-06-20 14:27

      Pre-Run: 30,575,140,864 bytes free
      Post-Run: 30,553,743,360 bytes free

      Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
      205 --- E O F --- 2009-03-14 13:23
    • TroganTrogan London, UK
      edited June 2009
      Hi,

      Please do the following...

      1. Please download Malwarebytes' Anti-Malware to your desktop.
      • Double-click mbam-setup.exe and follow the prompts to install the program.
      • At the end, be sure a checkmark is placed next to
        • Update Malwarebytes' Anti-Malware
        • and Launch Malwarebytes' Anti-Malware
      • then click Finish.
      • If an update is found, it will download and install the latest version.
      • Once the program has loaded, select Perform full scan, then click Scan.
      • When the scan is complete, click OK, then Show Results to view the results.
      • Be sure that everything is checked, and click Remove Selected.
      • When completed, a log will open in Notepad. please copy and paste the log into your next reply
        • If you accidently close it, the log file is saved here and will be named like this:
        • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt

      2. Post the Malwarebytes log, and let me know how the computer is running.
    • nick1983nick1983 india
      edited June 2009
      Malwarebytes' Anti-Malware 1.38
      Database version: 2333
      Windows 5.1.2600 Service Pack 2

      25/06/2009 19:52:47
      mbam-log-2009-06-25 (19-52-47).txt

      Scan type: Full Scan (C:\|D:\|E:\|V:\|)
      Objects scanned: 186933
      Time elapsed: 1 hour(s), 7 minute(s), 50 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 13

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      d:\cracks all\cracks temp\activistxp\activate_xp_vista\Vista.exe (Trojan.VB) -> Quarantined and deleted successfully.
      d:\softs\VL807.EXE (Spyware.Agent) -> Quarantined and deleted successfully.
      d:\softs\activate_xp_vista\Vista.exe (Trojan.VB) -> Quarantined and deleted successfully.
      d:\softs\antivirus soft setups\all avg\avg.internet.security.v8.0.169.incl.keymaker-embrace\keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.
      d:\softs\window xp n vista cracks\windows genuine 100% works all xp and vista\windows vista all versions x86 x64\VistaCheck.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
      d:\softs\window xp n vista cracks\windows genuine 100% works all xp and vista\windows vista all versions x86 x64\VistaCrack.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
      d:\softs\window xp n vista cracks\windows genuine 100% works all xp and vista\windows vista all versions x86 x64\VistaValidate.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
      d:\softs\window xp n vista cracks\windows genuine 100% works all xp and vista\windows vista all versions x86 x64 - copy\VistaValidate.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
      d:\softs\winrar v3.70 beta 1\patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      d:\softs\sony.sound.forge.7.0 + keygen + mp3.plugin.2.0 + patch.fr(1)\KeyGen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      d:\system volume information\_restore{daf1f644-bf83-4a9b-9c83-a84172707454}\rp7\A0005294.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
      d:\system volume information\_restore{daf1f644-bf83-4a9b-9c83-a84172707454}\rp7\A0005296.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
      d:\system volume information\_restore{daf1f644-bf83-4a9b-9c83-a84172707454}\rp7\A0005297.exe (Trojan.Vundo) -> Quarantined and deleted successfully.


      my system is running fine however for the following things are still not accessible
      1. cant defragment
      2. chkdsk /r doesnt get performed at restart
    • TroganTrogan London, UK
      edited July 2009
      Hi,

      The Malwarebytes log shows you have many cracks.

      d:\cracks all\cracks temp\activistxp\activate_xp_vista\Vista.exe
      d:\softs\VL807.EXE (Spyware.Agent)
      d:\softs\activate_xp_vista\Vista.exe
      d:\softs\antivirus soft setups\all avg\avg.internet.security.v8.0.169.incl.keymaker-embrace\keygen.exe (Malware.Tool)
      d:\softs\window xp n vista cracks\windows genuine 100% works all xp and vista\windows vista all versions x86 x64\VistaCheck.exe (Trojan.Vundo)
      d:\softs\window xp n vista cracks\windows genuine 100% works all xp and vista\windows vista all versions x86 x64\VistaCrack.exe (Trojan.Vundo)
      d:\softs\window xp n vista cracks\windows genuine 100% works all xp and vista\windows vista all versions x86 x64\VistaValidate.exe (Trojan.Vundo)
      d:\softs\window xp n vista cracks\windows genuine 100% works all xp and vista\windows vista all versions x86 x64 - copy\VistaValidate.exe (Trojan.Vundo)
      d:\softs\winrar v3.70 beta 1\patch.exe (Trojan.Downloader)
      d:\softs\sony.sound.forge.7.0 + keygen + mp3.plugin.2.0 + patch.fr(1)\KeyGen\keygen.exe (Trojan.Downloader)

      We do not help individuals who download or use cracks as this is normally the source for infections and illegal.

      As for the problems you mentioned, they may due to the crack copy.
    • nick1983nick1983 india
      edited July 2009
      fyi
      these things are there on my pc from a long time
      these cracks didnt get caught in scans until i updated my mcafee
      never used them coz never needed, coz i have multi user licenses for everything


      its just bcoz of this virus which has caused so much mayhem on my machine

      its upon u to help or not...
      please do reply so that i can continue with the thread and description of the issues with my pc
    • TroganTrogan London, UK
      edited July 2009
      Hi,

      Apologies for the delay.

      I will only help you on the condition that there is no other cracks on the computer. If you agree, please post a new HijackThis log.
    • KatanaKatana
      edited July 2009
      Trogan wrote:
      I will only help you on the condition that there is no other cracks on the computer. If you agree, please post a new HijackThis log.

      Since you have not replied, I assume you do not wish to remove the Cracks.


      Cracks/Kegens/Warez etc.

      As you have admitted to, or the log(s) you've posted indicate that, you've used one or more of the above, we can not provide you with any help.

      We do NOT knowingly provide help for anyone using any form of cracked software and/or Operating Systems.

      In using the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product concerned.
      The distribution and use of cracked software is illegal in almost every developed country.
      They are also one of the biggest causes of infection.

      This applies to Cracks, Keygens and Warez

      As most other forums have the same policy, your best option is to format and re-install your operating system and programs from legitimate sources.

      In the future I strongly suggest you stay away from using cracks and/or Keygens.

      This topic will be closed and archived.
    This discussion has been closed.