Inactive Hotmail Freezing : 6 Steps Done

[ravisunny2]

Hi,

Hotmail has been freezing for the last few days.

First I thought it might be a temporary issue with the net or Hotmail.

Todays I carried out the 8/6 steps.

Can you please check these ?

---------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6094

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/18/2011 10:55:15 PM
mbam-log-2011-03-18 (22-55-15).txt

Scan type: Quick scan
Objects scanned: 152978
Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------------------------------------------------------

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-18 23:06:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600AAJS-22PSA0 rev.05.06H05
Running: e4pk90ih.exe; Driver: C:\DOCUME~1\RAVIND~1.BAN\LOCALS~1\Temp\kwroakod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB48EB026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB48EAE91]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
------------------------------------------------------------------------------------------
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ravindra K. Banthia at 23:13:43.12 on Fri 03/18/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1486 [GMT 5.5:30]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\CPUMon\CPUMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BySoft StayAlive Pro\StayAlive.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\FreeClip\FreeClip.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
F:\Work\A_Forums\Techspot\8 Steps\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BySoft StayAlive Pro] c:\program files\bysoft stayalive pro\StayAlive.exe
uRun: [c:\program files\netmeter\netmeter.exe] c:\program files\netmeter\NetMeter.exe
uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [CPUMon] c:\program files\cpumon\CPUMon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\ravind~1.ban\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\ravind~1.ban\startm~1\programs\startup\tracker.lnk - c:\program files\tracker\Tracker.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\freeclip.lnk - c:\program files\freeclip\FreeClip.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1285265603890
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282763002298
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282766286734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-24 301528]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 27576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-24 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-24 42184]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-1-17 1803224]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-8-5 100496]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-03-17 20:46:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-17 19:27:38 -------- d-----w- c:\windows\system32\Adobe
2011-03-12 19:22:34 -------- d-----w- c:\docume~1\ravind~1.ban\applic~1\HpUpdate
2011-03-12 19:22:31 -------- d-----w- c:\windows\Hewlett-Packard
2011-03-12 07:07:01 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-03-08 13:08:16 -------- d-----w- c:\docume~1\ravind~1.ban\applic~1\com.elance.tracker
2011-03-07 12:27:33 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-03-07 12:27:33 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-03-06 23:21:19 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-03-01 15:14:25 13 ----a-w- C:\here.cmd
2011-03-01 15:07:27 -------- d-----w- C:\UTIL_CMD
2011-03-01 15:07:27 -------- d-----w- C:\MY_TEMP
2011-03-01 15:07:27 -------- d-----w- C:\MY_LOG
2011-03-01 15:07:27 -------- d-----w- C:\INST_CMD
2011-03-01 15:06:44 6703 ----a-w- C:\My_Start.cmd
2011-03-01 10:54:09 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-25 07:51:18 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
.
==================== Find3M ====================
.
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-11 11:37:52 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 16:10:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 19:56:25 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-01-21 19:56:25 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-01-21 19:52:07 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-19 01:33:02 23 ----a-w- c:\program files\unames.cmd
2011-01-08 03:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27:00 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
2011-01-08 03:27:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27:00 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27:00 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27:00 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-01-08 03:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27:00 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27:00 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-01-08 03:27:00 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-07 14:26:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-01-07 14:26:50 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 14:26:48 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-01-07 14:26:48 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-01-07 14:26:48 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-01-07 14:26:48 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 14:26:48 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 20:12:04 285480 ----a-w- c:\windows\system32\guard32.dll
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 23:15:00.79 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/26/2010 11:57:34 AM
System Uptime: 3/18/2011 10:51:15 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | 945GCMX-S2
Processor: Intel(R) Core(TM)2 Duo CPU E4400 @ 2.00GHz | Socket 775 | 2009/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 30 GiB total, 17.331 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 11.511 GiB free.
E: is FIXED (NTFS) - 25 GiB total, 13.226 GiB free.
F: is FIXED (NTFS) - 15 GiB total, 11.745 GiB free.
G: is FIXED (NTFS) - 54 GiB total, 53.292 GiB free.
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
1888 Notepad 1.0
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Auslogics Duplicate File Finder
AutoIt v3.3.6.1
avast! Free Antivirus
Belarc Advisor 8.1
BySoft StayAlive Pro 3.0
Calculator Powertoy for Windows XP
CCleaner
CMenu
COMODO Internet Security
CPUMon
DocProc
Duplicate Cleaner 1.4.6
Enable S3 for USB Device
FastStone Capture 5.0
Free Download Manager 3.0
Free PDF to Word Doc Converter v1.1
FreeCommander 2009.02a
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP LaserJet P1000 series
hpg2410
hpg2410QFolder
HPSSupply
Java Auto Updater
Java(TM) 6 Update 24
M8 Free Multi Clipboard
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
MD5 Checksum Verifier 3.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Keyboard
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
MyDefrag v4.3.1
Nero OEM
NetMeter 1.1.4 BETA
Notepad++
NVIDIA Control Panel 266.58
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
OCR Software by I.R.I.S. 13.0
OGA Notifier 2.0.0048.0
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.90
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Some PDF to Txt Converter 1.5
Spybot - Search & Destroy
SpywareBlaster 4.4
Tweak UI
Ubuntu
Unlocker 1.9.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WD Diagnostics
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows Support Tools
Windows XP Service Pack 3
Wise Registry Cleaner 5.9.2
.
==== Event Viewer Messages From Past Week ========
.
3/18/2011 10:50:17 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/18/2011 10:50:17 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/18/2011 10:50:16 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/18/2011 10:50:16 PM, error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
3/18/2011 10:36:23 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Spooler service.
3/16/2011 7:52:05 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
3/16/2011 7:51:28 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/16/2011 7:51:28 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/16/2011 3:29:18 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/16/2011 2:59:18 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/16/2011 2:44:03 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================

 

[Bobbye]

Since Htmail is a web based email, it's not likely we'll find anything in your system. But I will be glad to check.

So far, 2 drivers are being questioned. One of them appears it may be related to Ubuntu:
VirtualBox Host Interface Networking Driver
Do you still have Ubintu on the system?
===============================================
We will check further: Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

============================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe

• Double click combofix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Query- Recovery Console image
  
  
  
  

  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Keep this in mind:
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

 

[ravisunny2]

I thought I had killed Ubuntu completely.

Here are the logs of Eset NOD32 Online AntiVirus scan and Combofix.

C:\Documents and Settings\Ravindra K. Banthia\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application
C:\Documents and Settings\Ravindra K. Banthia\Start Menu\eBay.lnk Win32/Adware.ADON application
D:\General_Main\A_General\A_Internet Usage Monitors\Bysoft\FinitySoftNetworkMonitor.exe probably a variant of Win32/Agent.NHFFDVE trojan
D:\General_Main\A_General\Cloning and Imaging\UBCD4win\UBCD4WinV360.exe Win32/PrcView application
D:\General_Main\A_General\Deleter & Unlocker\Unlocker 1.9.0\unlocker1.9.0.exe Win32/Adware.ADON application
D:\General_Main\A_General\File Utilities\Unlocker 1.9.0\unlocker1.9.0.exe Win32/Adware.ADON application
D:\General_Main\A_General\Icon Makers\Free Icon InDepth - 1.4.0.1\icid1401.exe multiple threats
D:\General_Main\A_General\Monitoring Sw\Volume Control\Audio Control 4.236\Audio Control version 4 Setup.msi probably a variant of Win32/Genetik trojan
D:\General_Main\A_General\Utitilies for UI\cmdow.zip Win32/CMDOW.143 application
D:\General_Main\A_General\WordProcessors\WordStar Downloads\WS7 from brothersoft\WS7.zip probably a variant of Qres.316 virus
D:\General_Main\A_General\WordProcessors\WordStar Downloads\WS7 from brothersoft\WS7\WS\A2WSA.EXE probably a variant of Qres.316 virus
D:\General_Main\A_General\WS7 from brothersoft\WS7.zip probably a variant of Qres.316 virus
D:\General_Main\A_General\WS7 from brothersoft\WS7\WS\A2WSA.EXE probably a variant of Qres.316 virus
D:\General_Main\Unattended\Utilities\cmdow.zip Win32/CMDOW.143 application
D:\Nero_Ndidia_VM_Java_Adobe_HP\Nero_Drivers\Nero7\Nero7.11.10.0\Nero-7.11.10.0_all_update.exe Win32/Toolbar.AskSBar application
D:\Win 98 Related\Z For Xfer to PIII\Common\Volume Control\Audio Control 4.236\Audio Control version 4 Setup.msi probably a variant of Win32/Genetik trojan
E:\$OEM$\$1\Install\8_App_UI\unlocker1.9.0.exe Win32/Adware.ADON application
E:\System_SW\Utility for UI\cmdow.zip Win32/CMDOW.143 application
E:\Unattended_Test\Bysoft\FinitySoftNetworkMonitor.exe probably a variant of Win32/Agent.NHFFDVE trojan
F:\Work\A3_OS\A Windows\A Slipstr\MSFN\Office Integrator v 1.1\Office_Integrator.rar Win32/Packed.Autoit.C.Gen application
F:\Work\A3_OS\A Windows\A Slipstr\Siginet\Office Integrator v1.1 Build 16\Downloaded ZIp Files\Office_Integrator.rar Win32/Packed.Autoit.C.Gen application
F:\Work\A3_OS\A Windows\A Slipstr\Siginet\Office Integrator v1.1 Build 16\Office Integrator.exe Win32/Packed.Autoit.C.Gen application
F:\Work\A3_OS\A Windows\A Slipstr\Z Unattended Latest\Post Proc\cmdow.zip Win32/CMDOW.143 application
F:\Work\A3_OS\A Windows\A Slipstr\Z Unattended Latest\Post Proc\cmdow\cmdow.exe Win32/CMDOW.143 application
F:\Work\A3_OS\WordStar Modification\WS7\WS\A2WSA.EXE probably a variant of Qres.316 virus
F:\Work\A_Forums\Techspot\Errors 12 August 2010\ZCREW.BRemovalTool.exe probably unknown NewHeur_PE virus

-------------------------------------------------------------------------------------------------

ComboFix 11-03-18.03 - Ravindra K. Banthia 03/19/2011 18:35:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1358 [GMT 5.5:30]
Running from: f:\work\A_Forums\Techspot\8 Steps\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ravindra K. Banthia\Start Menu\Programs\Uninstall.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-02-19 to 2011-03-19 )))))))))))))))))))))))))))))))
.
.
2011-03-19 09:15 . 2011-03-19 09:15 -------- d-----w- c:\program files\ESET
2011-03-17 20:56 . 2011-03-17 20:56 -------- d-----w- c:\program files\Common Files\Java
2011-03-17 20:56 . 2011-03-17 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-03-17 20:46 . 2011-02-02 13:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-17 20:46 . 2011-03-17 20:56 -------- d-----w- c:\program files\Java
2011-03-17 19:27 . 2011-03-17 19:27 -------- d-----w- c:\windows\system32\Adobe
2011-03-12 19:22 . 2011-03-12 19:22 -------- d-----w- c:\documents and settings\Ravindra K. Banthia\Application Data\HpUpdate
2011-03-12 19:22 . 2011-03-12 19:22 -------- d-----w- c:\windows\Hewlett-Packard
2011-03-12 07:07 . 2011-03-12 09:48 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-03-12 07:07 . 2011-03-12 07:07 -------- d-----w- c:\program files\Hewlett-Packard
2011-03-08 13:08 . 2011-03-08 13:08 -------- d-----w- c:\documents and settings\Ravindra K. Banthia\Application Data\com.elance.tracker
2011-03-07 12:27 . 2002-01-05 08:10 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-03-07 12:27 . 2002-01-04 22:07 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-03-06 23:21 . 2008-08-02 06:28 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-03-01 15:14 . 2010-09-01 10:56 13 ----a-w- C:\here.cmd
2011-03-01 15:07 . 2011-03-14 15:46 -------- d-----w- C:\INST_CMD
2011-03-01 15:07 . 2011-03-14 14:55 -------- d-----w- C:\UTIL_CMD
2011-03-01 15:07 . 2011-03-04 05:48 -------- d-----w- C:\MY_TEMP
2011-03-01 15:07 . 2011-03-04 05:48 -------- d-----w- C:\MY_LOG
2011-03-01 15:06 . 2011-03-04 05:43 6703 ----a-w- C:\My_Start.cmd
2011-03-01 10:54 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-25 07:51 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-27 14:27 . 2010-08-26 15:33 164880 ---ha-w- c:\documents and settings\Ravindra K. Banthia\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2011-02-23 15:04 . 2011-01-24 08:39 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2011-01-24 08:39 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-01-24 08:39 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2011-01-24 08:39 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2011-01-24 08:39 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2011-01-24 08:39 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2011-01-24 08:39 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2011-01-24 08:39 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2011-01-24 08:39 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-11 11:37 . 2010-08-26 13:40 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-02-09 13:53 . 2004-08-04 00:56 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 00:56 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 16:10 . 2010-08-26 12:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 07:58 . 2010-08-26 06:21 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-08-26 06:21 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-26 00:41 . 2011-01-26 00:24 594208 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-01-21 14:44 . 2004-08-04 00:56 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-19 01:33 . 2011-01-19 01:33 23 ----a-w- c:\program files\unames.cmd
2011-01-10 22:51 . 2011-01-10 22:51 40960 ----a-r- c:\documents and settings\Ravindra K. Banthia\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2011-01-08 03:27 . 2011-01-21 19:51 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-01-21 19:51 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2010-10-20 10:20 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2010-10-20 10:20 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-01-08 03:27 . 2010-10-20 10:20 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2010-10-20 10:20 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2010-10-20 10:20 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2010-10-20 10:20 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2010-10-20 10:20 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2010-08-26 06:40 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-01-08 03:27 . 2010-08-26 06:40 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
2011-01-07 14:26 . 2011-01-07 14:26 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-01-07 14:26 . 2011-01-07 14:26 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 14:26 . 2011-01-07 14:26 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-01-07 14:26 . 2011-01-07 14:26 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-01-07 14:26 . 2011-01-07 14:26 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-01-07 14:26 . 2011-01-07 14:26 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 14:26 . 2011-01-07 14:26 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 14:09 . 2004-08-04 00:56 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-06 12:07 . 2011-01-06 12:07 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-06 12:07 . 2011-01-06 12:07 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 12:07 . 2011-01-06 12:07 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 12:07 . 2011-01-06 12:07 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-12-31 13:10 . 2004-08-03 23:17 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 20:12 . 2010-12-28 20:12 285480 ----a-w- c:\windows\system32\guard32.dll
2010-12-22 12:34 . 2004-08-04 00:56 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-04 00:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 00:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:59 . 2004-08-04 00:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2004-08-04 00:56 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-03 22:59 385024 ----a-w- c:\windows\system32\html.iec
2010-12-20 12:39 . 2011-01-21 20:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 12:38 . 2011-01-21 20:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BySoft StayAlive Pro"="c:\program files\BySoft StayAlive Pro\StayAlive.exe" [2005-04-22 329728]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2009-08-09 293888]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-28 3727411]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"CPUMon"="c:\program files\CPUMon\CPUMon.exe" [2007-10-09 1105408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-17 2548552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Ravindra K. Banthia\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Tracker.lnk - c:\program files\Tracker\Tracker.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
FreeClip.lnk - c:\program files\FreeClip\FreeClip.exe [2010-8-26 724992]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\NetMeter
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/1/2011 4:24 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/24/2011 2:09 PM 301528]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 27576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/24/2011 2:09 PM 19544]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/5/2010 2:08 PM 100496]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 6:26 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-19 c:\windows\Tasks\User_Feed_Synchronization-{A648C50A-968E-4C2A-9B6B-011D4CAD5FF9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 23:01]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {25DE50FC-6834-4EA6-B64D-4584FEBD9840} = 218.248.255.196 218.248.255.194
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-NetMeter - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-19 18:41
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-1644491937-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(1048)
c:\windows\system32\guard32.dll
.
Completion time: 2011-03-19 18:44:33
ComboFix-quarantined-files.txt 2011-03-19 13:14
.
Pre-Run: 18,463,170,560 bytes free
Post-Run: 18,413,547,520 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D9E8457135D795F39E3E68E903A44585

 

[Bobbye]

Three infected drives! That's impressive.

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org free on-line scan service
• Copy and paste each of the following file paths into the "Suspicious files to scan" box on the top of the page, one at a time:
  
  c:\windows\system32\userinit.exe
  
  c:\windows\explorer.exe
  
  c:\window\system32\svchost.exe
  
  
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Whenever I see this much infection along with the word Heur I ask for a check for [v]Virut[/b] I'm not going to move the Eset files until I get the results of this scan.

Virut is a Polymorphic File Infector that infects ..exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.
It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker

 

[ravisunny2]

Thank you, Bobbye.

I certainly am not an expert on Virus or Malware, but many of the items flagged down by ESET are known bones of contention. Please do not be offended.

The D partition is just a repository of software.

Of the ones flagged down by ESET, the following are almost certainly false positives:

WS7.zip, unlocker1.9.0.exe, Nero-7.11.10.0_all_update.exe

The rest of the flagged software, is lying unused, and it is best to trim down the repository, anyway.

The other items flagged down by ESET, on multiple partitions, shows the poor state of my disk management, i.e., the same software scattered in more than one location.

So it is time to fire up Duplicate Cleaner.

In fact, all items flagged by ESET other than WS7.zip, unlocker1.9.0.exe and Nero-7.11.10.0_all_update.exe, are a dead weight, and best consigned to the scrap heap.

On the C drive, the two occurrences of eBay.lnk can probably be simply deleted.

I did have second thoughts about downloading ZCREW.BRemovalTool.exe, and had clean forgotten about it. Thanks to ESET, it too can be disposed of.

I have uploaded/tried to upload the files below to VirSCAN.org

c:\windows\system32\userinit.exe
c:\windows\explorer.exe
c:\window\system32\svchost.exe

For some reason, multiple attempts have failed for c:\windows\system32\userinit.exe.

Sometimes it uploads, and says Preparing VIRUS scan, and then jumps out with Rescan & Scan Result.

On selecting Rescan, I get the a pop-up: Error : Can’t upload Files.

So here is what I have so far:

c:\windows\system32\userinit.exe=>

Failed, but File Size, MD5 and SHA1 are okay.

----------------------------------------------------------------------------------------------------

c:\windows\explorer.exe =>

VirSCAN.org Scanned Report :
Scanned time : 2011/03/22 13:26:52 (IST)
Scanner results: Scanners did not find malware!
File Name : explorer.exe
File Size : 1033728 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 12896823fb95bfb3dc9b46bcaedc9923
SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f
Online report : http://virscan.org/report/1b38b07c64848248a3593771c3a6b029.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110322060919 2011-03-22 0.08 -
AhnLab V3 2011.03.21.00 2011.03.21 2011-03-21 0.12 -
AntiVir 8.2.4.188 7.11.5.21 2011-03-22 0.28 -
Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
Arcavir 2010 201103221355 2011-03-22 0.01 -
Authentium 5.1.1 201103220040 2011-03-22 2.56 -
AVAST! 4.7.4 110321-2 2011-03-22 0.10 -
AVG 8.5.850 271.1.1/3516 2011-03-19 0.28 -
BitDefender 7.90123.6936506 7.36722 2011-03-22 6.96 -
ClamAV 0.96.5 12875 2011-03-22 0.26 -
Comodo 4.0 8062 2011-03-22 0.08 -
CP Secure 1.3.0.5 2011.03.21 2011-03-21 0.11 -
Dr.Web 5.0.2.3300 2011.03.22 2011-03-22 11.48 -
F-Prot 4.4.4.56 20110322 2011-03-22 2.48 -
F-Secure 7.02.73807 2011.03.22.01 2011-03-22 4.44 -
Fortinet 4.2.254 13.25 2011-03-21 0.08 -
GData 21.2100/21.762 20110322 2011-03-22 0.08 -
ViRobot 20110321 2011.03.21 2011-03-21 0.08 -
Ikarus T3.1.32.20.0 2011.03.22.77991 2011-03-22 4.71 -
JiangMin 13.0.900 2011.03.22 2011-03-22 0.08 -
Kaspersky 5.5.10 2011.03.22 2011-03-22 0.11 -
KingSoft 2009.2.5.15 2011.3.22.9 2011-03-22 0.08 -
McAfee 5400.1158 6292 2011-03-21 8.07 -
Microsoft 1.6603 2011.03.22 2011-03-22 0.10 -
NOD32 3.0.21 5972 2011-03-21 0.01 -
Norman 6.07.03 6.07.00 2011-03-20 18.02 -
Panda 9.05.01 2011.03.21 2011-03-21 0.08 -
Trend Micro 9.200-1012 7.918.02 2011-03-21 0.04 -
Quick Heal 11.00 2011.03.22 2011-03-22 0.08 -
Rising 20.0 23.50.00.05 2011-03-21 0.08 -
Sophos 3.16.1 4.62 2011-03-22 3.09 -
Sunbelt 3.9.2483.2 8776 2011-03-21 0.08 -
Symantec 1.3.0.24 20110321.002 2011-03-21 0.09 -
nProtect 20110321.01 3268669 2011-03-21 0.08 -
The Hacker 6.7.0.1 v00154 2011-03-21 0.08 -
VBA32 3.12.14.3 20110321.1214 2011-03-21 3.90 -
VirusBuster 5.2.0.28 13.6.261.0/48154302011-03-21 0.00 -
----------------------------------------------------------------------------------------------------

c:\window\system32\svchost.exe =>

VirSCAN.org Scanned Report :
Scanned time : 2011/03/22 13:32:00 (IST)
Scanner results: Scanners did not find malware!

 

[Bobbye]

Okay, here's what you need to do- and this is almost verbatim to what I just typed to another member:

1. Uninstall all the programs and apps you don't use.
2. Update anything that needs updating.
3. Run TFC and empty the Recycle Bin.
4. Run Error check, disc cleanup, defrag and your security scans.
5. Clean any movable drives.

Like you, he did scans on multiple drives. But when I out the Eset entries in OTM, some weren't removed because the drives weren't available and some were mirrors or backups.

When that has been done, come back here and we'll start over.