Jump to content


Photo

Strange rootkit or malware in my system


  • This topic is locked This topic is locked
19 replies to this topic

#1 Saji

Saji

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 19 January 2010 - 06:29 AM

Hi All geeks

Whenever I start My System after login process . Random instances of My documents + desktop items started loading and there comes allot of failure messages of missing files like Explorer.exe , userinit.exe , and few others on my screen and I have to close each instance like 240 my documents openeed by ALT+F4 , I have installed kaspersky Antivirus 6 and its not finding anything .

Here is the log of Hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:30 PM, on 1/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\KACE\KBOX\KBOXSMMPService.exe
C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
D:\data\soft\HijackThis_001.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\KUsrInit.exe,
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1506047364-1172942490-3056777903-33143\..\Run: [msnmsgr] "C:\Documents and Settings\saji\My Documents\My Received Files\MSN\Messenger\living8.exe" /background (User 'saji')
O4 - HKUS\S-1-5-21-1506047364-1172942490-3056777903-33143\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User 'saji')
O4 - HKUS\S-1-5-21-1506047364-1172942490-3056777903-33143\..\Run: [ccleaner] "D:\data\soft\ccsetup220\CCleaner.exe" /AUTO (User 'saji')
O4 - HKUS\S-1-5-21-1506047364-1172942490-3056777903-33143\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'saji')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1506047364-1172942490-3056777903-33143 Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE (User 'saji')
O4 - S-1-5-21-1506047364-1172942490-3056777903-33143 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'saji')
O4 - S-1-5-21-1506047364-1172942490-3056777903-33143 User Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE (User 'saji')
O4 - S-1-5-21-1506047364-1172942490-3056777903-33143 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'saji')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://lenovo.live.com
O15 - Trusted IP range: 10.1.4.183 (HKLM)
O15 - Trusted IP range: http://10.1.4.183 (HKLM)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = myofficesite.com.tk
O17 - HKLM\Software\..\Telephony: DomainName = myofficesite.com.tk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = myofficesite.com.tk
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KBOX SMMP Management Service (KBOXSMMP) - KACE Networks, Inc. - C:\Program Files\KACE\KBOX\KBOXSMMPService.exe
O23 - Service: Kaspersky Network Agent (klnagent) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 16289 bytes

#2 Saji

Saji

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 21 January 2010 - 12:56 AM

Also whenever I login these messages failure text box appears and i have to click every one of it and then mydocuments and desktop items start opening


---------------------------
kusrinit.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
CorelIOMonitor.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
cssauth.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
Explorer.EXE - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------


---------------------------
Reader_sl.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
AdobeARM.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
Explorer.EXE - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
br_funcs.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
br_funcs.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
Explorer.EXE - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 21 January 2010 - 06:39 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 24 January 2010 - 10:54 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Nothing suspicious was found on your log.

The application failed to initialize properly (0xc0000142).


This article will explain some of the reasons of this message.
How to Fix Application Error 0xc0000142

All the files that failed to start are program files. Not to say that they are not infected.

You may be able to submit the some of the files following link for a scan, then post the results in your next message for me to see.
http://virusscan.jotti.org/
===

From the DOS prompt execute this command.

sfc /scannow <- make sure you have a space before the / (back slash)

===

What did you install last that could have caused a wrong version of a DLL to be installed.

One more thing

this file kusrinit.exe - Application Error is part of the KACE Networks, Inc.; and is normally setup with this command.

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\KUsrInit.exe,

Which I do not see in your HijackThis log.

Can you relate to it?
Is the file KUsrInit.exe on your computer.

If you open the System.ini file with NotePad do you see a reference to it in the text?

Keep me posted.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 Saji

Saji

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 26 January 2010 - 12:59 PM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Nothing suspicious was found on your log.

The application failed to initialize properly (0xc0000142).


This article will explain some of the reasons of this message.
How to Fix Application Error 0xc0000142

All the files that failed to start are program files. Not to say that they are not infected.

You may be able to submit the some of the files following link for a scan, then post the results in your next message for me to see.
http://virusscan.jotti.org/
===

From the DOS prompt execute this command.

sfc /scannow <- make sure you have a space before the / (back slash)

===

What did you install last that could have caused a wrong version of a DLL to be installed.

One more thing

this file kusrinit.exe - Application Error is part of the KACE Networks, Inc.; and is normally setup with this command.

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\KUsrInit.exe,

Which I do not see in your HijackThis log.

Can you relate to it?
Is the file KUsrInit.exe on your computer.

If you open the System.ini file with NotePad do you see a reference to it in the text?

Keep me posted.



Dear Nasdaq Thanks for your reply

I have done Sfc/scannow and also checked that KUSrinite.exe is present in C:\Windows\system32 but in the system.ini files its enteires are not present see

system.ini

; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON

and for the malware online scan here are its results


kusrinit.exe
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Tue 26 Jan 2010 18:49:00


Also now several files are displying the same error message , which runs smoothly on my system , Explorer behavour is more changge and now its display windows is like this see attach picture.

new errors for the current applications is


---------------------------
TpScrex.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
wweb32.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
AwaySch.EXE - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
Amsg.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
NSLauncher.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
Explorer.EXE - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------


---------------------------
communicator.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------


---------------------------
ACWLIcon.exe - Application Error
---------------------------
The exception unknown software exception (0xe06d7363) occurred in the application at location 0x7c812afb.


---------------------------
OK Cancel
---------------------------


---------------------------
ACTray.exe - Application Error
---------------------------
The exception unknown software exception (0xe06d7363) occurred in the application at location 0x7c812afb.


---------------------------
OK Cancel
---------------------------

---------------------------
realsched.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
jusched.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
Corel Photo Downloader.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------


---------------------------
PCSync2.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
PCSync2.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
ctfmon.exe - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

---------------------------
ONENOTEM.EXE - Application Error
---------------------------
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
---------------------------
OK
---------------------------

Attached Thumbnails

  • 1-26-2010 10-57-00 PM.jpg


#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 26 January 2010 - 04:50 PM

Not sure what you have been infected from. Hope it's no a file infector.

Download GMER Rootkit Scanner from here.

Uninstall any CD emulation software before you run GMER, such as DAEMON Tools or Alcohol. These can be reinstalled later.
  • Extract the contents of the zipped file to your Desktop.
  • Double-click on GMER.exe to run it.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan, click NO, and then use the following settings.
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED:
    • Sections
    • IAT/EAT
    • Drives/Partition other than your Systemdrive (the drive you have Windows installed on)
    • Show All (don't miss unchecking this one)
  • Then click the Scan button & wait for it to finish.
  • When its finished, click on the Save button, and in the File name area, type in "gmer.txt".
  • Save it to a convenient location such as your Desktop and post the contents of the log.

p.s.
Please when replying us this Posted Image Add Reply button. I do not need to see my previous instructions.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 Saji

Saji

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 27 January 2010 - 01:30 AM

Dear Nasdaq

I started Gmer and followed the instructions given above but this messages comes and gmers quits

---------------------------
gmer.exe - Application Error
---------------------------
The instruction at "0x0040c4b1" referenced memory at "0x81407522". The memory could not be "read".


Click on OK to terminate the program
Click on CANCEL to debug the program
---------------------------
OK Cancel
---------------------------

#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 27 January 2010 - 09:39 AM

Try to run GMER in Safe Mode.

[*]Restart your computer in Safe Mode, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you see the Boot Menu.
[*]When the Windows Advanced Options menu appears, select an option, and then press ENTER.
[*]When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.
[/list]
Let me see the results of this additional scan.

Download and run this DDS Program.

Posted Image
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.
-----------------------------------------------------

Please post the following logs in your next thread:
  • Contents of the DDS.txt and Attach.txt in your reply.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 Saji

Saji

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 31 January 2010 - 09:00 AM

here are the logs of DDS.SCR


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/26/2010 12:06:49 AM
System Uptime: 1/28/2010 9:28:45 AM (2 hours ago)

Motherboard: LENOVO | | 7659V22
Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz | None | 1994/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 29 GiB total, 5.114 GiB free.
D: is FIXED (NTFS) - 76 GiB total, 2.337 GiB free.
E: is CDROM (CDFS)
P: is NetworkDisk (NTFS) - 5 GiB total, 1437.277 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 5310 XpressMusic
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6300
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


2007 Microsoft Office Suite Service Pack 2 (SP2)
Access Help
ACDSee Pro 3
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Cisco Systems VPN Client 5.0.03.0560
CISSP 4th ED AIO Demo
Client Security Solution
Corel Paint Shop Pro Photo X2
EASEUS Data Recovery Wizard Professional 4.3.6
EasyPaisa
Google Talk Plugin
Google Update Helper
Help Center
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Integrated Camera
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless WiFi Software
Java 2 Runtime Environment Standard Edition v1.3.1_10
Java™ 6 Update 17
Java™ 6 Update 8
Kaspersky Anti-Virus 6.0 for Windows Workstations
Kaspersky Network Agent
KBOX
Maintenance Help
Maintenance Manager
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007 R2
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project Professional 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mProSafe
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
Nero 6 Demo
Nokia Connectivity Cable Driver
Nokia MTP driver
Nokia Multimedia Common Components 2.4
Nokia PC Suite
Nokia Software Launcher
OGA Notifier 2.0.0048.0
On Screen Display
On Screen Help
Outlook Sensitivity Add-in
PC Connectivity Solution
PDFCreator
Presentation Director
Productivity Center Supplement for ThinkPad
RealPlayer
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Skype web features
Skype™ 4.1
Snagit 9.1.3
Sonic DLA
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
System Migration Assistant
System Requirements Lab
System Update
TestOut Navigator (Stand-Alone Version)
Think Pa Power Cost
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VobSub v2.23 (Remove Only)
Wallpapers
WebFldrs XP
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
WinZip 11.1
WordWeb
XP Themes

==== Event Viewer Messages From Past Week ========

1/28/2010 9:31:36 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ServiceLayer service to connect.
1/28/2010 9:31:36 AM, error: Service Control Manager [7000] - The ServiceLayer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/28/2010 9:31:36 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service ServiceLayer with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
1/27/2010 4:28:05 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
1/27/2010 10:07:29 PM, error: Dhcp [1002] - The IP address lease 10.7.14.120 for the Network Card with network address 001E378E7474 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/26/2010 12:41:54 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
1/26/2010 12:02:33 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
1/26/2010 1:37:37 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the System Update service to connect.
1/26/2010 1:37:37 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Access Connections Main Service service to connect.
1/26/2010 1:37:37 AM, error: Service Control Manager [7000] - The System Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/26/2010 1:37:37 AM, error: Service Control Manager [7000] - The Access Connections Main Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/25/2010 9:49:16 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
1/25/2010 9:37:40 AM, error: NETLOGON [5783] - The session setup to the Windows NT or Windows 2000 Domain Controller \\dc01.office1.com for the domain MyOffice is not responsive. The current RPC call from Netlogon on \\mysystem to \\dc01.office1.com has been cancelled.
1/25/2010 9:21:54 AM, error: Dhcp [1002] - The IP address lease 192.168.1.128 for the Network Card with network address 001E378E7474 has been denied by the DHCP server 10.8.1.57 (The DHCP Server sent a DHCPNACK message).
1/25/2010 11:53:15 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
1/25/2010 11:53:15 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
1/25/2010 10:51:07 PM, error: Service Control Manager [7023] - The uclvsihy service terminated with the following error: The system cannot find the file specified.
1/25/2010 10:51:07 PM, error: Service Control Manager [7023] - The Driver Manager service terminated with the following error: The specified module could not be found.
1/25/2010 10:50:12 AM, error: NETLOGON [5719] - No Domain Controller is available for domain MyOffice due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
1/25/2010 10:49:38 PM, error: NETLOGON [5719] - No Domain Controller is available for domain MyOffice due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
1/25/2010 10:14:31 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
1/25/2010 1:17:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/25/2010 1:16:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ANC Fips IBMTPCHK intelppm IPSec kl1 klif MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip TPHKDRV TPPWRIF TSMAPIP
1/25/2010 1:16:15 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2010 1:16:15 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2010 1:16:15 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2010 1:16:15 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2010 1:16:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/25/2010 1:07:23 PM, error: NETLOGON [5783] - The session setup to the Windows NT or Windows 2000 Domain Controller \\dc02.office1.com for the domain MyOffice is not responsive. The current RPC call from Netlogon on \\mysystem to \\dc02.office1.com has been cancelled.
1/25/2010 1:02:57 PM, error: NETLOGON [5719] - No Domain Controller is available for domain MyOffice due to the following: The remote procedure call was cancelled. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
1/25/2010 1:02:56 PM, error: NETLOGON [5783] - The session setup to the Windows NT or Windows 2000 Domain Controller \\dc03.office1.com for the domain MyOffice is not responsive. The current RPC call from Netlogon on \\mysystem to \\dc03.office1.com has been cancelled.
1/24/2010 10:37:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/22/2010 9:14:57 AM, error: NetBT [4321] - The name "MyOffice :1d" could not be registered on the Interface with IP address 10.8.13.29. The machine with the IP address 10.8.1.57 did not allow the name to be claimed by this machine.
1/21/2010 9:23:30 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{1BD9A8F2-74EB-4C48-86D3-8D80C361B7B6} because another computer on the network has the same name. The server could not start.
1/21/2010 11:05:54 PM, error: Service Control Manager [7034] - The KBOX SMMP Management Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================



DDS (Ver_09-09-29.01) - NTFSx86
Run by sajjad.haider at 11:58:41.69 on Thu 01/28/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.845 [GMT 5:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\vsnp2uvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office Communicator\communicator.exe
D:\data\portable\FirefoxPortable\FirefoxPortable.exe
D:\data\portable\FirefoxPortable\App\firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
D:\data\soft\Malware removal\2010\dds.com

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by myoffice Pakistan Pvt. Ltd.
uStart Page = hxxp://portal.office.com/index.htm
uDefault_Page_URL = hxxp://portal.office.com/index.htm
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\KUsrInit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [ccleaner] "d:\data\soft\ccsetup220\CCleaner.exe" /AUTO
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe"
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
mExplorerRun: [NoActiveDesktopChanges] 00000000
mExplorerRun: [NoActiveDesktop] 0 (0x0)
mExplorerRun: [NoSaveSettings] 0 (0x0)
mExplorerRun: [ClassicShell] 0 (0x0)
StartupFolder: c:\docume~1\sajjad~1.hai\startm~1\programs\startup\wallpe~1.lnk - d:\data\portable\wallperizer\wallperizer\Wallperizer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
uPolicies-explorer: ForceActiveDesktopOn = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-system: Wallpaper = c:\program files\kace\kbox\\packages\kbots\405\EPWallpaper.bmp
uPolicies-system: TileWallpaper = 0
uPolicies-system: WallpaperStyle = 2
uPolicies-system: HideLegacyLogonScripts = 1 (0x1)
mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\SCIEPlgn.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: com.pk\crm.myoffice
Trusted Zone: com.pk\cxpress.myoffice
Trusted Zone: com.pk\hrsurvey.myoffice
Trusted Zone: com.pk\catalist.myoffice
Trusted Zone: com.pk\pos.myoffice
Trusted Zone: com.pk\sps.myoffice
Trusted Zone: com.pk\tpptestdb.bss.myoffice
Trusted Zone: com.pk\webmail.myoffice
Trusted Zone: crm
Trusted Zone: pos
Trusted Zone: myoffice.com\cicas
Trusted Zone: myoffice.no\icas
Trusted Zone: myoffice.no\portal.transitt
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264448284609
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.3.1/jinstall-1_3_1_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-7-18 112144]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-17 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-17 19504]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-3-12 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-3-12 4224]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-11-9 201504]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-3-12 4442]
R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe [2007-11-19 231952]
R2 KBOXSMMP;KBOX SMMP Management Service;c:\program files\kace\kbox\KBOXSMMPService.exe [2009-7-27 1718784]
R2 klnagent;Kaspersky Network Agent;c:\program files\kaspersky lab\networkagent\klnagent.exe [2008-9-22 94544]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-5-30 24344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-23 30336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-2 135664]
S2 sflwgasj;Driver Manager;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 uclvsihy;uclvsihy;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-9 569344]

=============== Created Last 30 ================

2010-01-26 00:56 4,221,952 a------- c:\windows\system32\drivers\NETw5x32.sys
2010-01-26 00:56 2,756,608 a------- c:\windows\system32\NETw5r32.dll
2010-01-26 00:56 663,552 a------- c:\windows\system32\NETw5c32.dll
2010-01-26 00:56 <DIR> --d----- c:\program files\common files\Intel
2010-01-26 00:50 172,032 a------- c:\windows\system32\igfxres.dll
2010-01-26 00:45 <DIR> --d----- c:\program files\SystemRequirementsLab
2010-01-26 00:41 <DIR> --d----- c:\docume~1\sajjad~1.hai\applic~1\Intel
2010-01-26 00:38 356,352 a------- c:\windows\system32\AegisI5Installer.exe
2010-01-26 00:01 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2010-01-26 00:01 749 a---hr-- c:\windows\WindowsShell.Manifest
2010-01-26 00:01 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2010-01-26 00:01 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2010-01-26 00:01 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2010-01-26 00:01 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2010-01-25 23:54 4,444 a------- c:\windows\system32\pid.PNF
2010-01-25 23:39 24,661 a------- c:\windows\system32\spxcoins.dll
2010-01-25 23:39 13,312 a------- c:\windows\system32\irclass.dll
2010-01-25 23:39 16,535 a----r-- c:\windows\SETDF.tmp
2010-01-25 23:39 1,088,840 a----r-- c:\windows\SETD3.tmp
2010-01-25 23:39 1,296,669 a----r-- c:\windows\SETD0.tmp
2010-01-25 11:21 <DIR> --d----- c:\windows\pss
2010-01-24 23:01 <DIR> --d----- C:\Combo-Fix14676C
2010-01-24 02:25 3,140 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-01-24 02:25 8 ---shr-- c:\docume~1\alluse~1\applic~1\9FB5A16522.sys
2010-01-24 02:18 <DIR> --d----- c:\program files\common files\Protexis
2010-01-24 02:18 <DIR> --d----- c:\program files\Corel
2010-01-24 02:18 <DIR> --d----- c:\program files\common files\Corel
2010-01-21 16:48 <DIR> --d----- C:\desktopclean
2010-01-21 11:01 <DIR> --d----- c:\program files\trend micro
2010-01-19 14:56 <DIR> --d----- c:\windows\ERUNT
2010-01-19 14:50 <DIR> --d----- C:\SDFix
2010-01-19 09:54 <DIR> --d----- C:\Combo-fix
2010-01-18 13:00 137,000 a------- c:\windows\system32\MSMAPI32.OCX
2010-01-18 13:00 23,552 a------- c:\windows\system32\MSMPIDE.DLL
2010-01-18 13:00 <DIR> --d----- c:\program files\PDFCreator
2010-01-16 23:00 261,632 a------- c:\windows\PEV.exe
2010-01-16 23:00 161,792 a------- c:\windows\SWREG.exe
2010-01-16 23:00 98,816 a------- c:\windows\sed.exe
2010-01-16 23:00 77,312 a------- c:\windows\MBR.exe
2010-01-13 23:17 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 23:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-13 23:17 19,160 a------- c:\windows\system32\drivers\mbam.sys
2010-01-13 23:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 11:05 378 a------- c:\windows\system32\mapisvc.inf
2010-01-13 11:00 <DIR> --d----- C:\ErdUndoCache
2010-01-12 16:58 81,736 a------- c:\windows\system32\lmdimon8.dll
2010-01-07 12:05 <DIR> --d----- C:\OutputFolder
2010-01-07 09:35 <DIR> --d----- c:\program files\AviSynth 2.5
2010-01-07 09:34 <DIR> --d----- c:\program files\AutoGK

==================== Find3M ====================

2010-01-28 09:28 50,081,056 a--sh--- c:\windows\system32\drivers\fidbox.dat
2010-01-28 09:28 2,241,056 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2010-01-28 09:28 659,012 a--sh--- c:\windows\system32\drivers\fidbox.idx
2010-01-28 09:28 194,600 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2010-01-26 00:00 23,444 a------- c:\windows\system32\emptyregdb.dat
2010-01-08 00:58 784 a------- c:\docume~1\sajjad~1.hai\applic~1\mpauth.dat
2009-12-22 10:20 81,920 -------- c:\windows\system32\ieencode.dll
2009-12-22 00:14 916,480 a------- c:\windows\system32\wininet.dll
2009-12-05 17:50 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-05 17:50 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-03 16:08 411,368 a------- c:\windows\system32\deploytk.dll
2009-11-21 20:51 471,552 a------- c:\windows\apppatch\aclayers.dll
2009-11-03 15:35 204,800 a------- c:\windows\system32\NetProvCredMan.dll
2009-11-03 15:28 16,896 a------- c:\windows\system32\S24NCfg.dll

============= FINISH: 11:59:19.18 ===============

#10 Saji

Saji

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 31 January 2010 - 10:32 AM

Dear Nasdaq

I treid to run gmer in safe mode and it did the same system reboot with page fault error blue screen of death message
so gmer is not supportive on my problomatic system :(

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 31 January 2010 - 04:25 PM

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply with a fresh HijackThis log.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingc...opic114351.html

Do not mouse click combofix's window while it's running. That may cause it to stall
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 14 February 2010 - 08:58 AM

Glad we could help. :)

[Reopened]

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#13 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 15 February 2010 - 03:42 PM

Reopened at request of topic owner.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 15 February 2010 - 04:25 PM

Hi Saji

I'm listening.

Please post a the ComboFix results. You may have to update the program do so.

Include a fresh HijackThis log.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#15 Saji

Saji

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 24 February 2010 - 07:39 AM

Sorry for the delay

I will scan combofix and hijack today and post the results here

Thanks again for reopening the thread on my request :)

#16 Saji

Saji

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 26 February 2010 - 04:39 AM

logs of both scans are here

ComboFix 10-02-24.01 - admin 02/25/2010 9:49.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.1399 [GMT 5:00]
Running from: c:\documents and settings\admin.mysystem\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.

2010-02-21 07:19 . 2009-02-23 12:38 35816424 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Nokia_PC_Suite_rel_7_0_7_0_eng_us_web.exe
2010-02-21 07:18 . 2010-02-21 07:18 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\UninstCCD.exe
2010-02-21 07:18 . 2010-02-21 07:18 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-02-21 07:18 . 2010-02-21 07:18 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\UninstPCS.exe
2010-02-18 09:53 . 2010-02-18 09:53 -------- d-----w- c:\program files\Common Files\Cisco Systems
2010-02-17 20:10 . 2010-02-17 20:10 -------- d-----w- c:\program files\MegaSpoof
2010-02-17 10:57 . 2010-02-17 10:57 -------- d-----w- c:\documents and settings\saji\Local Settings\Application Data\Xobni
2010-02-17 10:42 . 2010-02-17 10:42 -------- d-----w- c:\documents and settings\admin.mysystem\Local Settings\Application Data\Xobni
2010-02-17 10:41 . 2010-02-17 10:42 -------- d-----w- c:\program files\Xobni
2010-02-13 12:55 . 2010-02-13 12:55 -------- d-----w- c:\documents and settings\saji\Local Settings\Application Data\Apple Computer
2010-02-13 11:58 . 2010-02-13 11:58 -------- d-----w- c:\documents and settings\admin.mysystem\Application Data\CyberLink
2010-02-13 11:58 . 2010-02-13 11:58 -------- d-----w- c:\documents and settings\saji\Application Data\CyberLink
2010-02-13 11:54 . 2010-02-13 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-02-13 11:54 . 2010-02-13 11:54 -------- d-----w- c:\program files\Common Files\CyberLink
2010-02-13 11:53 . 2010-02-13 11:54 -------- d-----w- c:\program files\CyberLink
2010-02-13 11:53 . 2010-02-13 11:52 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-02-11 04:45 . 2010-02-11 04:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Digsby
2010-02-11 04:45 . 2010-02-11 04:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Digsby
2010-02-10 17:31 . 2010-02-10 17:38 -------- d-----w- C:\Combo-Fix6194C
2010-02-10 09:22 . 2010-02-10 09:22 -------- d-----w- c:\documents and settings\saji\Application Data\Ulead Systems
2010-02-10 07:56 . 2008-09-26 03:30 91176 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2010-02-10 07:56 . 2009-08-14 07:16 90016 ----a-w- c:\windows\system32\drivers\btserial.sys
2010-02-10 07:56 . 2009-05-11 09:45 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-02-10 07:56 . 2008-02-04 12:57 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2010-02-10 07:52 . 2010-02-10 07:52 -------- d-----w- C:\DRIVERS
2010-02-04 04:13 . 2010-02-04 04:13 -------- d-----w- c:\documents and settings\saji\Application Data\PCMM2009
2010-02-03 19:31 . 2010-02-03 19:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2010-02-03 13:22 . 2010-02-03 13:22 176968 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-03 05:51 . 2010-02-03 05:55 -------- d-----w- c:\program files\Registry Winner
2010-02-03 05:24 . 2010-02-03 05:30 -------- d-----w- c:\documents and settings\admin.mysystem\Application Data\licenses
2010-02-03 05:24 . 2010-02-03 05:25 -------- d-----w- c:\documents and settings\admin.mysystem\Application Data\PCMM2009
2010-02-03 05:24 . 2010-02-03 05:24 -------- d-----w- c:\documents and settings\admin.mysystem\Application Data\PCMM2010
2010-02-02 18:58 . 2010-02-02 19:05 -------- d-----w- c:\documents and settings\admin.mysystem\Application Data\Corel
2010-02-02 11:21 . 2010-02-02 19:03 88 --sh--r- c:\documents and settings\All Users\Application Data\B36810CBCE.sys
2010-02-02 10:12 . 2010-02-02 10:12 -------- d-----w- c:\documents and settings\admin.mysystem\Application Data\Ulead Systems
2010-02-02 10:09 . 2010-02-02 10:09 -------- d-----w- c:\program files\Common Files\Apple
2010-02-02 10:09 . 2010-02-02 10:09 -------- d-----w- c:\documents and settings\admin.mysystem\Local Settings\Application Data\Apple Computer
2010-02-02 10:09 . 2010-02-02 10:09 -------- d-----w- c:\windows\system32\windows media
2010-02-02 10:08 . 2010-02-02 10:09 -------- d--h--w- c:\windows\msdownld.tmp
2010-02-02 10:08 . 2010-02-02 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2010-02-02 10:01 . 2010-02-02 10:01 -------- d-----w- c:\program files\Common Files\Protexis
2010-02-02 09:54 . 2010-02-02 10:00 -------- d-----w- c:\program files\Common Files\Corel
2010-02-02 09:52 . 2010-02-02 09:52 -------- d-----w- c:\program files\Windows Media Components
2010-02-02 09:50 . 2007-01-24 10:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-02-01 11:06 . 2010-02-16 06:24 -------- d-----w- c:\documents and settings\saji\Application Data\Digsby
2010-02-01 11:06 . 2010-02-16 06:24 -------- d-----w- c:\documents and settings\saji\Local Settings\Application Data\Digsby
2010-01-31 15:17 . 2010-02-16 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Digsby
2010-01-31 15:17 . 2010-01-31 15:19 -------- d-----w- c:\documents and settings\admin.mysystem\Local Settings\Application Data\Digsby
2010-01-31 15:17 . 2010-01-31 15:17 -------- d-----w- c:\documents and settings\admin.mysystem\Application Data\Digsby
2010-01-31 15:16 . 2010-02-16 06:23 -------- d-----w- c:\program files\Digsby

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 04:52 . 2009-07-27 05:06 55897888 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-25 04:52 . 2009-07-27 05:06 2404128 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-25 04:39 . 2009-07-27 05:06 233408 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-02-25 04:39 . 2009-07-27 05:06 762344 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-25 04:18 . 2009-07-27 05:44 -------- d-----w- c:\documents and settings\saji\Application Data\SiteAdvisor
2010-02-24 18:51 . 2010-01-23 21:25 8976 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-02-24 18:51 . 2010-01-23 21:25 8976 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-02-24 18:41 . 2009-07-27 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-02-21 07:19 . 2009-07-29 11:04 -------- d-----w- c:\program files\Common Files\Nokia
2010-02-21 07:19 . 2008-04-15 14:57 -------- d-----w- c:\program files\Common Files\PCSuite
2010-02-21 07:19 . 2008-04-15 14:57 -------- d-----w- c:\program files\Nokia
2010-02-21 07:18 . 2009-07-29 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-02-18 09:53 . 2009-07-27 05:11 -------- d-----w- c:\program files\Common Files\Kaspersky Lab
2010-02-18 09:53 . 2009-07-27 05:06 -------- d-----w- c:\program files\Kaspersky Lab
2010-02-18 09:53 . 2008-03-12 00:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-10 17:45 . 2008-03-12 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-10 11:22 . 2009-08-13 19:48 -------- d-----w- c:\documents and settings\saji\Application Data\Nokia
2010-02-04 19:11 . 2009-10-06 01:29 784 ----a-w- c:\documents and settings\saji\Application Data\mpauth.dat
2010-02-02 18:59 . 2008-03-12 01:24 81680 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-02 11:28 . 2009-07-27 04:59 81680 ----a-w- c:\documents and settings\saji\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-02 11:21 . 2009-08-25 19:03 -------- d-----w- c:\documents and settings\saji\Application Data\Corel
2010-02-02 11:20 . 2010-02-02 09:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-02-02 10:10 . 2009-12-03 18:10 -------- d-----w- c:\program files\QuickTime
2010-02-02 10:09 . 2009-12-04 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-02 10:07 . 2010-02-02 09:51 -------- d-----w- c:\program files\Corel
2010-02-02 10:06 . 2009-08-25 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-02-02 09:51 . 2010-02-02 09:51 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-02-01 11:42 . 2009-08-17 03:47 -------- d-----w- c:\documents and settings\saji\Application Data\Skype
2010-01-31 17:49 . 2009-08-17 03:47 -------- d-----w- c:\documents and settings\saji\Application Data\skypePM
2010-01-31 15:11 . 2009-07-29 11:00 -------- d-----w- c:\documents and settings\admin.mysystem\Application Data\SiteAdvisor
2010-01-28 04:29 . 2009-07-27 04:43 -------- d-----w- c:\program files\Microsoft Office Communicator
2010-01-26 04:15 . 2009-09-16 03:17 664 ----a-w- c:\documents and settings\saji\Local Settings\Application Data\d3d9caps.dat
2010-01-25 19:57 . 2010-01-25 19:41 -------- d-----w- c:\documents and settings\saji\Application Data\Intel
2010-01-25 19:57 . 2010-01-25 19:41 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2010-01-25 19:57 . 2010-01-25 19:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2010-01-25 19:57 . 2010-01-25 19:41 -------- d-----w- c:\documents and settings\kboxadmin2\Application Data\Intel
2010-01-25 19:57 . 2010-01-25 19:41 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2010-01-25 19:57 . 2010-01-25 19:41 -------- d-----w- c:\documents and settings\aqeel.ahmed\Application Data\Intel
2010-01-25 19:57 . 2010-01-25 19:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2010-01-25 19:57 . 2010-01-25 19:41 -------- d-----w- c:\documents and settings\admin.mysystem\Application Data\Intel
2010-01-25 19:56 . 2010-01-25 19:56 -------- d-----w- c:\program files\Intel
2010-01-25 19:56 . 2010-01-25 19:56 -------- d-----w- c:\program files\Common Files\Intel
2010-01-25 19:56 . 2010-01-25 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2010-01-25 19:46 . 2010-01-25 19:45 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-25 19:45 . 2010-01-25 19:45 247296 ----a-w- c:\documents and settings\admin.mysystem\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll
2010-01-25 19:45 . 2010-01-25 19:45 247296 ----a-w- c:\documents and settings\admin.mysystem\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll
2010-01-25 19:45 . 2010-01-25 19:45 247296 ----a-w- c:\documents and settings\admin.mysystem\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll
2010-01-25 19:45 . 2010-01-25 19:45 247296 ----a-w- c:\documents and settings\admin.mysystem\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll
2010-01-25 19:45 . 2010-01-25 19:45 -------- d-----w- c:\documents and settings\admin.mysystem\Application Data\SystemRequirementsLab
2010-01-25 19:38 . 2010-01-25 19:38 356352 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-01-25 19:00 . 2006-04-30 07:10 23444 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-25 08:10 . 2010-01-25 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-25 07:33 . 2010-01-25 07:33 7680 ----a-w- c:\documents and settings\admin.mysystem\Application Data\Thinstall\RegistryFix v7.1\10000006600002i\regedit.exe
2010-01-25 07:28 . 2010-01-25 07:28 7680 ----a-w- c:\documents and settings\admin.mysystem\Application Data\Thinstall\RegistryFix v7.1\1000000b00002i\verclsid.exe
2010-01-25 07:26 . 2010-01-25 07:26 7680 ----a-w- c:\documents and settings\admin.mysystem\Application Data\Thinstall\RegistryFix v7.1\4000008000002i\Splash Screen.exe
2010-01-25 07:26 . 2009-08-11 19:16 -------- d-----w- c:\documents and settings\admin.mysystem\Application Data\Thinstall
2010-01-25 06:24 . 2010-01-07 04:35 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-25 06:19 . 2009-08-17 18:00 -------- d-----w- c:\program files\Vuze
2010-01-23 21:25 . 2010-01-23 21:25 8 --sh--r- c:\documents and settings\All Users\Application Data\9FB5A16522.sys
2010-01-23 21:25 . 2010-01-23 21:25 8 --sh--r- c:\documents and settings\All Users\Application Data\9FB5A16522.sys
2010-01-23 21:15 . 2008-03-12 01:07 -------- d-----w- c:\program files\Google
2010-01-23 21:13 . 2009-08-17 12:55 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-01-21 08:34 . 2010-01-21 08:34 -------- d-----w- c:\documents and settings\admin.mysystem\Application Data\ACD Systems
2010-01-21 08:12 . 2009-08-25 15:18 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-21 07:48 . 2009-08-11 19:15 -------- d-----w- c:\documents and settings\saji\Application Data\Thinstall
2010-01-21 06:02 . 2010-01-21 06:01 -------- d-----w- c:\program files\trend micro
2010-01-20 12:05 . 2009-10-19 06:14 99592 ----a-w- c:\windows\PSEXESVC.EXE
2010-01-18 08:03 . 2010-01-18 08:00 -------- d-----w- c:\program files\PDFCreator
2010-01-14 19:23 . 2009-10-22 13:48 12823 ----a-w- c:\documents and settings\saji\Application Data\Thinstall\Ultra Video Converter 4.4.1021\%ProgramFilesDir%\Ultra Video Converter\savedata.dll
2010-01-13 18:18 . 2010-01-13 18:18 -------- d-----w- c:\documents and settings\admin.mysystem\Application Data\Malwarebytes
2010-01-13 18:17 . 2010-01-13 18:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 18:17 . 2010-01-13 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-13 06:01 . 2008-03-12 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lenovo
2010-01-10 18:07 . 2009-07-29 04:35 -------- d-----w- c:\program files\TESTOUT
2010-01-08 20:48 . 2009-10-27 07:12 -------- d-----w- c:\program files\nLite
2010-01-08 20:47 . 2009-07-27 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-07 11:07 . 2010-01-13 18:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 11:07 . 2010-01-13 18:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 07:14 . 2010-01-07 07:14 7680 ----a-w- c:\documents and settings\saji\Application Data\Thinstall\Ultra Video Converter 4.4.1021\1000000ff00002i\explorer.exe
2010-01-07 07:04 . 2010-01-07 07:04 7680 ----a-w- c:\documents and settings\saji\Application Data\Thinstall\Ultra Video Converter 4.4.1021\400000f0f00003i\avm.exe
2010-01-07 07:04 . 2010-01-07 07:04 7680 ----a-w- c:\documents and settings\saji\Application Data\Thinstall\Ultra Video Converter 4.4.1021\1000000600002i\svchost.exe
2010-01-07 04:35 . 2010-01-07 04:34 -------- d-----w- c:\program files\AutoGK
2010-01-07 04:35 . 2010-01-07 04:35 -------- d-----w- c:\program files\Gabest
2010-01-07 04:28 . 2009-07-27 05:22 -------- d-----w- c:\program files\Xvid
2009-12-31 16:50 . 2008-04-13 19:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:20 . 2009-12-22 05:20 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-21 19:14 . 2008-04-14 00:42 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2006-04-30 07:09 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-04-14 00:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2008-04-13 19:54 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2008-04-14 00:01 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-04-13 19:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-03 11:08 . 2009-07-27 05:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 11:08 . 2009-11-05 06:23 152576 ----a-w- c:\documents and settings\admin.mysystem\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-03 11:05 . 2009-12-03 11:05 79488 ----a-w- c:\documents and settings\admin.mysystem\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-02 09:57 . 2009-08-31 09:32 69840 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 17:11 . 2008-04-14 05:42 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2008-04-14 00:42 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2001-08-23 22:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-02-10_17.37.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-25 04:40 . 2010-02-25 04:40 16384 c:\windows\Temp\Perflib_Perfdata_2c0.dat
+ 2008-04-14 00:42 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2008-04-14 00:42 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2010-02-04 04:13 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2006-04-30 06:55 . 2010-02-25 04:45 73146 c:\windows\system32\perfc009.dat
+ 2008-04-14 00:42 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
- 2008-04-14 00:42 . 2008-04-14 00:42 11264 c:\windows\system32\msrle32.dll
+ 2008-04-14 05:41 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2001-08-23 22:00 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2008-04-14 00:42 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
- 2008-04-14 00:42 . 2008-04-14 00:42 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2008-04-14 00:41 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2008-04-14 00:41 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2008-04-14 00:41 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2010-01-20 12:50 . 2010-02-24 12:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-20 12:50 . 2010-02-08 12:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-16 02:38 . 2010-02-24 12:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-16 02:38 . 2010-02-08 12:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-14 00:41 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
+ 2008-04-14 00:41 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 87552 c:\windows\Installer\ebe618f.msi
+ 2010-02-17 10:42 . 2010-02-17 10:42 87040 c:\windows\Installer\ebe6189.msi
+ 2009-07-27 05:03 . 2010-02-10 17:45 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-07-27 05:03 . 2010-01-13 17:23 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-07-27 05:03 . 2010-01-13 17:23 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-07-27 05:03 . 2010-02-10 17:45 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-07-27 05:03 . 2010-01-13 17:23 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-27 05:03 . 2010-02-10 17:45 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-02-18 09:54 . 2010-02-18 09:54 49152 c:\windows\Installer\{786A9F7E-CFEC-451F-B3C4-22EB11550FD8}\ARPPRODUCTICON.exe
+ 2010-02-13 11:54 . 2010-02-13 11:54 77211 c:\windows\Installer\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\ARPPRODUCTICON.exe
+ 2010-02-21 07:19 . 2010-02-21 07:19 15086 c:\windows\Installer\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\ARPPRODUCTICON.exe
- 2010-02-10 06:34 . 2010-02-10 06:34 15086 c:\windows\Installer\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\ARPPRODUCTICON.exe
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 43520 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\79f9abbdbc395eaf81381d8085ee9c3e\stdole.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 14848 c:\windows\assembly\GAC_MSIL\stdole\7.0.3300.0__6298d2d1fcfb5d85\stdole.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 57344 c:\windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop\11.0.0.0__6298d2d1fcfb5d85\Microsoft.Vbe.Interop.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 64512 c:\windows\assembly\GAC_MSIL\LinqBridge\1.0.0.0__c2b14eb747628076\LinqBridge.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 3072 c:\windows\assembly\GAC_MSIL\Extensibility\7.0.3300.0__6298d2d1fcfb5d85\extensibility.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 6144 c:\windows\assembly\GAC_MSIL\Antlr3.Utility\0.1.0.42154__3a9cab8f8d22bfb7\Antlr3.Utility.dll
- 2008-04-14 00:42 . 2008-04-14 00:42 474112 c:\windows\system32\shlwapi.dll
+ 2008-04-14 00:42 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
+ 2006-04-30 06:55 . 2010-02-25 04:45 446030 c:\windows\system32\perfh009.dat
+ 2008-04-14 00:41 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
- 2008-04-14 00:41 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2008-04-13 19:45 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
- 2008-04-14 00:42 . 2008-04-14 00:42 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-04-14 00:42 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2006-04-30 07:09 . 2008-04-14 00:42 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2006-04-30 07:09 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2010-01-25 19:59 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-04-14 00:41 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-04-14 00:41 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-03-12 01:14 . 2004-11-02 09:41 516832 c:\windows\system32\capicom.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 111104 c:\windows\Installer\ebe6195.msi
- 2009-07-27 05:03 . 2010-01-13 17:23 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-07-27 05:03 . 2010-02-10 17:45 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-07-27 05:03 . 2010-01-13 17:23 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-07-27 05:03 . 2010-02-10 17:45 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-07-27 05:03 . 2010-01-13 17:23 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-07-27 05:03 . 2010-02-10 17:45 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-07-27 05:03 . 2010-02-10 17:45 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-07-27 05:03 . 2010-01-13 17:23 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-07-27 05:03 . 2010-01-13 17:23 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-07-27 05:03 . 2010-02-10 17:45 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-07-27 05:03 . 2010-02-10 17:45 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-07-27 05:03 . 2010-01-13 17:23 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-07-27 05:03 . 2010-02-10 17:45 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-07-27 05:03 . 2010-01-13 17:23 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-02-24 18:38 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-24 18:38 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-24 18:38 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-01-25 19:59 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-02-17 10:50 . 2010-02-17 10:50 747520 c:\windows\assembly\NativeImages_v2.0.50727_32\ZedGraph\39b42c71ef2283d0e8c4ecd256008b4a\ZedGraph.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 632320 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniStatistics\38d78f883eb9b9252c21ada6c633a6f4\XobniStatistics.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 510976 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniPluginAPI\7f8d8dc1bb01aa82e712c7d933c6cb84\XobniPluginAPI.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 823808 c:\windows\assembly\NativeImages_v2.0.50727_32\Xobni.XMapiAccessor\ec7ec7c78212262537da8405681dc8e2\Xobni.XMapiAccessor.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 973312 c:\windows\assembly\NativeImages_v2.0.50727_32\Utilities\677a7a2103221f132cdd5a59b6f0f121\Utilities.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4\System.Runtime.Remoting.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 463360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SQLite\876695adc15d2ae0a8d07088d23d5537\System.Data.SQLite.ni.dll
+ 2010-02-17 10:49 . 2010-02-17 10:49 850432 c:\windows\assembly\NativeImages_v2.0.50727_32\ServerSync\270620a63e71d77a9055d9d1fe33fa8b\ServerSync.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 506880 c:\windows\assembly\NativeImages_v2.0.50727_32\office\38c3559e46f0eb0037e780fa10058ea0\office.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vbe.Inter#\ecea426b19a6836630547957abe6e125\Microsoft.Vbe.Interop.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 438272 c:\windows\assembly\NativeImages_v2.0.50727_32\LinqBridge\d75805f77136d8f58420864383c0431b\LinqBridge.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.shdocvw\d2bfc49788b5670ef3196e9f60011673\Interop.shdocvw.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\Antlr3.Runtime\bbeece0741c10109b5cad58e8a07ed1a\Antlr3.Runtime.ni.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 212992 c:\windows\assembly\GAC_MSIL\office\11.0.0.0__6298d2d1fcfb5d85\office.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 254976 c:\windows\assembly\GAC_MSIL\Newtonsoft.Json.Net20\3.5.0.0__6298d2d1fcfb5d85\Newtonsoft.Json.Net20.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Word\11.0.0.0__6298d2d1fcfb5d85\Microsoft.Office.Interop.Word.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 405504 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\11.0.0.0__6298d2d1fcfb5d85\Microsoft.Office.Interop.Outlook.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 589824 c:\windows\assembly\GAC_MSIL\Interop.XobniRdo\4.5.0.813__6298d2d1fcfb5d85\Interop.XobniRdo.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 131072 c:\windows\assembly\GAC_MSIL\Interop.shdocvw\1.1.0.0__6298d2d1fcfb5d85\Interop.shdocvw.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 117760 c:\windows\assembly\GAC_MSIL\Antlr3.Runtime\3.1.3.42154__3a9cab8f8d22bfb7\Antlr3.Runtime.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 216576 c:\windows\assembly\GAC_32\ZedGraph\4.3.4.0__02a83cbd123fcd60\ZedGraph.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 157184 c:\windows\assembly\GAC_32\XobniStatistics\1.9.0.9662__6298d2d1fcfb5d85\XobniStatistics.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 361984 c:\windows\assembly\GAC_32\XobniPluginAPI\1.9.0.9662__6298d2d1fcfb5d85\XobniPluginAPI.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 417792 c:\windows\assembly\GAC_32\Xobni.XMapiAccessor\1.0.3363.21656__6298d2d1fcfb5d85\Xobni.XMapiAccessor.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 188928 c:\windows\assembly\GAC_32\Utilities\1.9.0.9662__6298d2d1fcfb5d85\Utilities.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 851456 c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.63.0__db937bc2d44ff139\System.Data.SQLite.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 184832 c:\windows\assembly\GAC_32\ServerSync\1.2.0.0__6298d2d1fcfb5d85\ServerSync.dll
+ 2008-04-14 00:42 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
- 2010-01-25 20:00 . 2009-08-04 15:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-01-25 20:00 . 2009-12-08 19:27 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-01-25 20:00 . 2009-12-08 18:43 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2010-01-25 20:00 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-07 14:02 . 2009-12-08 18:43 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-07 14:02 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2010-01-25 20:00 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2010-01-25 20:00 . 2009-12-08 19:26 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2010-02-21 07:19 . 2010-02-21 07:19 2213376 c:\windows\Installer\4833b.msi
+ 2010-02-13 11:54 . 2010-02-13 11:54 6311424 c:\windows\Installer\427e370.msi
+ 2010-02-18 09:54 . 2010-02-18 09:54 5819904 c:\windows\Installer\13b82624.msi
+ 2010-01-14 16:26 . 2010-01-14 16:26 5027840 c:\windows\Installer\12e7cd.msp
+ 2009-07-27 05:03 . 2010-02-10 17:45 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-07-27 05:03 . 2010-01-13 17:23 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-07-27 05:03 . 2010-01-13 17:23 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-07-27 05:03 . 2010-02-10 17:45 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2010-01-25 20:00 . 2009-08-04 15:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-01-25 20:00 . 2009-12-08 19:27 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-01-25 20:00 . 2009-12-08 18:43 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2010-01-25 20:00 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-07 14:02 . 2009-12-08 18:43 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-07 14:02 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2010-01-25 20:00 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-01-25 20:00 . 2009-12-08 19:26 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-02-17 10:50 . 2010-02-17 10:50 2924544 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniFeeds\d00d134683bd92212976d06cd28b6b7f\XobniFeeds.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\ffa1018e8022964eb51025c2c6d8727a\System.Data.OracleClient.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 1099776 c:\windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\52b4b160905040b71972cced83bf929c\Newtonsoft.Json.Net20.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 1028608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\a45a1e3bb8ed85d57b13ed5c854a341f\Microsoft.Office.Interop.Outlook.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 1486336 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\2317d2e1ae6c6e51a5b984ef4ff0cd54\Microsoft.Office.Interop.Word.ni.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 1445888 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.XobniRdo\ddfbe2be8a94bfdf088b48496ce7dd6e\Interop.XobniRdo.ni.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 1033216 c:\windows\assembly\GAC_32\XobniFeeds\1.9.0.9662__6298d2d1fcfb5d85\XobniFeeds.dll
+ 2010-02-17 10:42 . 2010-02-17 10:42 4964864 c:\windows\assembly\GAC_32\XobniCommon\1.9.0.9662__6298d2d1fcfb5d85\XobniCommon.dll
+ 2010-02-17 10:50 . 2010-02-17 10:50 11950592 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniCommon\2eab6843155dd9cdb8f66d457df505b5\XobniCommon.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TpShocks"="TpShocks.exe" [2007-11-22 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-27 2658304]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2009-12-11 5114208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-27 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NoActiveDesktopChanges"="00000000" [X]
"NoActiveDesktop"="0 (0x0)" [X]
"NoSaveSettings"="0 (0x0)" [X]
"ClassicShell"="0 (0x0)" [X]

c:\documents and settings\saji\Start Menu\Programs\Startup\
Wallperizer.lnk - d:\data\portable\wallperizer\Wallperizer\Wallperizer.exe [2010-1-20 912896]

c:\documents and settings\admin.mysystem\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-12 50688]
Digsby.lnk - c:\program files\Digsby\digsby.exe [2009-4-2 137728]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2009-11-5 42168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"TileWallpaper"= 0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2007-02-01 18:00 419376 ----a-w- c:\program files\ThinkVantage\AMSG\Amsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-08-03 23:35 2630968 ----a-w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 ----a-w- c:\program files\Common Files\Installshield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 05:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]
2006-12-29 02:48 569344 ----a-w- c:\windows\vsnp2uvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TESTOUT\\Cmi\\Navigator.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3901:TCP"= 3901:TCP:WWW
"15000:UDP"= 15000:UDP:Kaspersky Administration Kit

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/17/2007 6:32 AM 19504]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [5/15/2008 12:07 PM 61424]
R2 KBOXSMMP;KBOX SMMP Management Service;c:\program files\KACE\KBOX\KBOXSMMPService.exe [7/27/2009 9:48 AM 1718784]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [1/28/2010 4:15 PM 50176]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/30/2007 6:49 PM 24344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/23/2007 3:59 AM 30336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/2/2009 11:17 AM 135664]
S2 sflwgasj;Driver Manager;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 5:42 AM 14336]
S3 klnagent;Kaspersky Lab Network Agent;c:\program files\Kaspersky Lab\NetworkAgent 8\klnagent.exe [9/18/2009 5:03 PM 138792]
S4 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/9/2007 1:11 AM 569344]
.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 06:17]

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 06:17]

2010-02-25 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-03-12 16:22]

2010-02-13 c:\windows\Tasks\Registry Winner Schedule.job
- c:\program files\Registry Winner\RegistryWinner.exe [2010-02-03 05:52]

2010-02-25 c:\windows\Tasks\User_Feed_Synchronization-{6126D511-53B0-4BFA-94A2-AD48CF27B784}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.digsby.com
uInternet Connection Wizard,ShellNext = hxxp://lenovo.live.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
NoActiveDesktopChanges = 3F 00 00 00
NoActiveDesktop = 63
NoSaveSettings = 63
ClassicShell = 63

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1148)
c:\windows\system32\klogon.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'explorer.exe'(300)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-25 09:53:24
ComboFix-quarantined-files.txt 2010-02-25 04:53
ComboFix2.txt 2010-02-25 04:46
ComboFix3.txt 2010-02-10 17:38
ComboFix4.txt 2010-01-24 18:09
ComboFix5.txt 2010-02-25 04:48

Pre-Run: 797,192,192 bytes free
Post-Run: 763,363,328 bytes free

- - End Of File - - F6B24ACC06041467C4A95A68BB6A12A3

#17 Saji

Saji

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 26 February 2010 - 04:41 AM

HiJack This log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:57 AM, on 2/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\KACE\KBOX\KBOXSMMPService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Xobni\XobniService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Corel\Standby\Standby.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\data\soft\Malware removal\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.digsby.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://lenovo.live.com/
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [Standby] "C:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: 10.1.4.183 (HKLM)
O15 - Trusted IP range: http://10.1.4.183 (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1264448284609
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = telenor.com.pk
O17 - HKLM\Software\..\Telephony: DomainName = telenor.com.pk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = telenor.com.pk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = telenor.com.pk
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KBOX SMMP Management Service (KBOXSMMP) - KACE Networks, Inc. - C:\Program Files\KACE\KBOX\KBOXSMMPService.exe
O23 - Service: Kaspersky Lab Network Agent (klnagent) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 15969 bytes

#18 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 26 February 2010 - 09:27 AM

With my research I just found out that you are being helped here
http://myantispyware...m-t2632-15.html

Requesting help at multiple forums is a wastes of my time, and can cause you problems when following directions from two different sources unaware other the other help being offered. Your topic here is being closed.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#19 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 27 February 2010 - 09:09 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#20 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 27 February 2010 - 09:45 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button