PDA

View Full Version : URGENT HELP NEEDED.... Trojan.Generic.551278,Trojan.Packed.27927 .....



dustangel
2009-03-07, 15:05
hi there.... i recently installed bitdefender antivirus 2009 ... n performed a system scan ... the following infections were found not to be removed as they were part of an archive which was specified by bitfedefender in their log file... these r the namez of the trojans i found on performing a virus scan ....

Trojan.Generic.551278
Trojan.Packed.27927
Trojan.Tool.Wpakill.A
Gen:Trojan.Heur.22A6594848

pls help me in removing these files.... im posting hjt log file along vth this ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:54 PM, on 3/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\Program\Plugins\NPSWF32_FlashUtil.exe -p
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217711608171
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 6041 bytes


Edit. Previous topics:
http://forums.spybot.info/showthread.php?t=45735
http://forums.spybot.info/showthread.php?t=31761

Blade81
2009-03-08, 12:31
the following infections were found not to be removed as they were part of an archive which was specified by bitfedefender in their log file
Hi

Please tell me the location of archive that the infections were found in.

dustangel
2009-03-08, 13:21
Hi

Please tell me the location of archive that the infections were found in.

here r the locations....

G:\jithz kwel progs\error-repair-proffesional\Error.Repair.Professional.v3.7.6.WinAll.Regged-CRD\Error.Repair.Professional.v3.7.6.WinAll.Regged-CRD\setup\erpsetup.exe=](Instyler o)=](Instyler Module 1) - Gen:Trojan.Heur.22A6594848

C:\sccfg.sys - Rootkit-Hidden Items

C:\Documents and Settings\Sreejith\My Documents\Image.nrg=]SUPPORT/UPDATES/CRACK/WPA_KILL.EXE=](RAR Sfx o)=]WPA_Kill.exe - Trojan.Packed.27927

C:\Documents and Settings\Sreejith\My Documents\Image.nrg=]SUPPORT/UPDATES/WPA_KILL.EXE - Trojan.Tool.Wpakill.A

Blade81
2009-03-08, 16:34
Hi

Delete following
*folder:
G:\jithz kwel progs\error-repair-proffesional\Error.Repair.Professional.v3.7.6.WinAll.Regged-CRD

Following image file contains crack and you must delete the file:
C:\Documents and Settings\Sreejith\My Documents\Image.nrg


Please run the MGA Diagnostic Tool and post back the report it creates:
Download MGADiag (http://go.microsoft.com/fwlink/?linkid=56062) to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.


Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

dustangel
2009-03-08, 18:44
Hi

Delete following
*folder:
G:\jithz kwel progs\error-repair-proffesional\Error.Repair.Professional.v3.7.6.WinAll.Regged-CRD

Following image file contains crack and you must delete the file:
C:\Documents and Settings\Sreejith\My Documents\Image.nrg


Please run the MGA Diagnostic Tool and post back the report it creates:
Download MGADiag (http://go.microsoft.com/fwlink/?linkid=56062) to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.


Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.


ive deleted the files as per ur request n here r the log files...

Diagnostic Report (1.9.0006.1):
-----------------------------------------
WGA Data-->
Validation Status: Invalid Product Key
Validation Code: 8
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-PY6BX-K24PJ-TWT6M
Windows Product Key Hash: gBNdtaXuo+0yYWQ2vJRYtwUVPx0=
Windows Product ID: 55274-643-7213323-23946
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.2.0.pro
ID: {9C6A1F5C-6D1B-4242-B991-3235DDC6CA27}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.3.272.0
Signed By: N/A, hr = 0x80096010
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{9C6A1F5C-6D1B-4242-B991-3235DDC6CA27}</UGUID><Version>1.9.0006.1</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-TWT6M</PKey><PID>55274-643-7213323-23946</PID><PIDType>1</PIDType><SID>S-1-5-21-1606980848-1214440339-682003330</SID><SYSTEM><Manufacturer>D845HV</Manufacturer><Model>HV84510A</Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>HV84510A.86A.0038.P10.0204151346</Version><SMBIOSVersion major="2" minor="3"/><Date>20020415000000.000000+000</Date></BIOS><HWID>3F3C3BE70184C052</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Dateline Standard Time(GMT-12:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57692</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A


DDS (Ver_09-02-01.01) - FAT32x86
Run by Sreejith at 22:09:18.40 on Sun 03/08/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.191 [GMT -12:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Documents and Settings\Sreejith\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 6\PCSuite.exe" -onlytray
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217711608171
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sreejith\applic~1\mozilla\firefox\profiles\men0sm26.default\
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\sreejith\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM5.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000

============= SERVICES / DRIVERS ===============

R2 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\drivers\pnpcap.sys [2009-2-3 23352]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-6-23 1174664]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-2-7 603904]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 111112]
R3 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-4-21 52080]
S0 Winbi54;Winbi54;c:\windows\system32\drivers\winbi54.sys --> c:\windows\system32\drivers\Winbi54.sys [?]
S0 Winci16;Winci16;c:\windows\system32\drivers\winci16.sys --> c:\windows\system32\drivers\Winci16.sys [?]
S0 Windj05;Windj05;c:\windows\system32\drivers\windj05.sys --> c:\windows\system32\drivers\Windj05.sys [?]
S0 Winfl05;Winfl05;c:\windows\system32\drivers\winfl05.sys --> c:\windows\system32\drivers\Winfl05.sys [?]
S0 Wingm40;Wingm40;c:\windows\system32\drivers\wingm40.sys --> c:\windows\system32\drivers\Wingm40.sys [?]
S0 Winio38;Winio38;c:\windows\system32\drivers\winio38.sys --> c:\windows\system32\drivers\Winio38.sys [?]
S0 Winpv73;Winpv73;c:\windows\system32\drivers\winpv73.sys --> c:\windows\system32\drivers\Winpv73.sys [?]
S0 Winsc63;Winsc63;c:\windows\system32\drivers\winsc63.sys --> c:\windows\system32\drivers\Winsc63.sys [?]
S0 Winsy51;Winsy51;c:\windows\system32\drivers\winsy51.sys --> c:\windows\system32\drivers\Winsy51.sys [?]
S0 Winta40;Winta40;c:\windows\system32\drivers\winta40.sys --> c:\windows\system32\drivers\Winta40.sys [?]
S0 Winub40;Winub40;c:\windows\system32\drivers\winub40.sys --> c:\windows\system32\drivers\Winub40.sys [?]
S0 Winvc73;Winvc73;c:\windows\system32\drivers\winvc73.sys --> c:\windows\system32\drivers\Winvc73.sys [?]
S0 Winwe40;Winwe40;c:\windows\system32\drivers\winwe40.sys --> c:\windows\system32\drivers\Winwe40.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-1-23 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-1-23 8320]
S3 sdthook;sdthook;\??\c:\windows\system32\drivers\sdthook.sys --> c:\windows\system32\drivers\sdthook.sys [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-03-07 14:28 472,007 a----r-- C:\txtsetup.sif
2009-03-07 14:28 260,272 a----r-- C:\$LDR$
2009-03-07 14:28 <DIR> --d----- C:\$WIN_NT$.~BT
2009-03-07 14:26 <DIR> --d----- c:\program files\Messenger
2009-03-07 14:13 <DIR> --dsh--- C:\FOUND.009
2009-03-07 13:57 <DIR> --dsh--- C:\FOUND.008
2009-03-07 13:52 <DIR> --dsh--- C:\FOUND.007
2009-03-07 13:49 <DIR> --dsh--- C:\FOUND.006
2009-03-07 13:45 <DIR> --dsh--- C:\FOUND.005
2009-03-07 13:24 <DIR> --dsh--- C:\FOUND.004
2009-03-07 13:23 <DIR> --dsh--- C:\FOUND.003
2009-03-07 13:23 <DIR> --dsh--- C:\FOUND.002
2009-02-14 15:10 82 a------- c:\windows\wininit.ini
2009-02-14 03:16 <DIR> --d----- c:\docume~1\sreejith\applic~1\BitDefender
2009-02-14 03:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-02-14 01:03 81,984 a------- c:\windows\system32\bdod.bin
2009-02-14 00:58 <DIR> --d----- c:\windows\system32\LogFiles
2009-02-13 23:21 <DIR> --d----- c:\program files\BitDefender
2009-02-13 22:14 850 a------- c:\windows\system32\ProductTweaks.xml
2009-02-13 22:14 385 a------- c:\windows\system32\user_gensett.xml
2009-02-13 22:08 <DIR> --d----- c:\program files\common files\BitDefender
2009-02-13 22:07 <DIR> --dsh--- C:\FOUND.001
2009-02-13 21:34 <DIR> --dsh--- C:\FOUND.000
2009-02-08 22:54 <DIR> --d----- c:\program files\Unlocker
2009-02-07 17:51 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-02-07 17:51 27,904 a------- c:\windows\system32\uxtuneup.dll
2009-02-07 17:51 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-02-07 17:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-02-07 17:50 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-02-07 17:50 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-06 23:18 <DIR> --dsh--- C:\FOUND.026

==================== Find3M ====================

2009-02-14 04:50 192,512 a------- c:\windows\system32\txmlutil.dll
2009-02-14 04:50 242,184 a------- c:\windows\system32\drivers\bdfsfltr.sys
2009-02-14 04:49 111,112 a------- c:\windows\system32\drivers\bdfm.sys
2009-02-14 00:57 370 a------- C:\sccfg.sys.bd.ren
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-23 21:47 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-23 21:46 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-23 14:59 1,744 a------- c:\windows\system32\d3d9caps.dat
2005-05-26 14:35 1,422 a------- c:\program files\ReadMe.txt

============= FINISH: 22:10:24.25 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/23/2008 7:45:58 PM
System Uptime: 3/8/2009 9:55:15 PM (1 hours ago)

Motherboard: Intel Corporation | | D845WN
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | J2E1 | 1993/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 19 GiB total, 1.033 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 12.218 GiB free.
E: is FIXED (NTFS) - 19 GiB total, 8.049 GiB free.
F: is FIXED (NTFS) - 19 GiB total, 5.029 GiB free.
G: is FIXED (NTFS) - 19 GiB total, 1.512 GiB free.
H: is CDROM ()
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\9B078A2EFF2584E3
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\9B078A2EFF2584E3
Service: NIC1394

==== System Restore Points ===================

RP44: 1/23/2009 9:42:02 PM - Removed Nokia Software Updater.
RP45: 1/23/2009 9:43:10 PM - Removed Nokia Flashing Cable Driver
RP46: 1/23/2009 9:43:23 PM - Removed Nokia Connectivity Cable Driver
RP47: 1/23/2009 9:46:52 PM - Installed Windows XP Wdf01007.
RP48: 1/24/2009 11:09:29 PM - System Checkpoint
RP49: 1/26/2009 1:29:29 PM - System Checkpoint
RP50: 2/1/2009 9:32:04 PM - System Checkpoint
RP51: 2/2/2009 8:28:59 PM - Removed Opera 9.62
RP52: 2/2/2009 8:29:49 PM - Installed Opera 9.62
RP53: 2/3/2009 12:33:20 AM - Installed Speed Meter Pro
RP54: 2/2/2009 2:19:22 AM - System Checkpoint
RP55: 2/5/2009 11:24:02 PM - System Checkpoint
RP56: 2/7/2009 12:25:28 AM - System Checkpoint
RP57: 2/7/2009 5:49:09 PM - Removed TuneUp Utilities 2008
RP58: 2/7/2009 5:50:49 PM - Installed TuneUp Utilities 2009
RP59: 2/8/2009 7:30:53 PM - System Checkpoint
RP60: 2/9/2009 7:37:47 PM - System Checkpoint
RP61: 2/10/2009 7:40:17 PM - System Checkpoint
RP62: 2/13/2009 8:59:16 PM - Removed ESET Smart Security
RP63: 2/13/2009 9:10:32 PM - Installed ESET Smart Security
RP64: 2/13/2009 9:18:20 PM - Removed ESET Smart Security
RP65: 2/13/2009 9:24:49 PM - Installed ESET Smart Security
RP66: 2/13/2009 9:30:02 PM - Removed ESET Smart Security
RP67: 2/13/2009 10:09:34 PM - Installed BitDefender Antivirus 2009
RP68: 2/13/2009 10:27:14 PM - Removed BitDefender Antivirus 2009
RP69: 2/13/2009 11:21:45 PM - Installed BitDefender Antivirus 2009
RP70: 2/14/2009 3:09:35 AM - Removed BitDefender Antivirus 2009
RP71: 2/14/2009 3:15:34 AM - Installed BitDefender Antivirus 2009
RP72: 2/16/2009 12:46:38 PM - System Checkpoint

==== Installed Programs ======================

1500
1500_Help
1500Trb
ACDSee Pro 2
Adobe Flash Player Plugin
Adobe Reader 7.0
Adobe® Photoshop® Album Starter Edition 3.0
Advanced JPEG Compressor 2008
Ahead Nero Burning ROM
AiO_Scan
AiOSoftware
ArcSoft TotalMedia Backup & Record
AV Voice Changer Software DIAMOND 6.0
BitDefender Antivirus 2009
BitLord 1.1
Bluesoleil3.2.2.8 Release 070421
BufferChm
Button Manager v1.874
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
eSupportQFolder
Fax
Google Talk (remove only)
Google Talk, Labs Edition
HijackThis 2.0.2
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 2.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.3)
MSVC80_x86
MSXML 6.0 Parser
NewCopy
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
Nokia Software Updater
Numerology Explorer
Opera 9.62
PC Connectivity Solution
PC Pitstop Disk MD 2.0
Picasa 2
Prism Video Converter
ProductContext
Pure Networks Platform
Readme
Scan
ScannerCopy
Security Update for Windows XP (KB912812)
Software Update for Web Folders
SolutionCenter
Speed Meter Pro
Spybot - Search & Destroy
SpywareBlaster 4.1
Status
TrayApp
TuneUp Utilities 2009
Unload
Unlocker 1.8.7
Vedic Astrology Software PROPHET2008 Evaluation
WebReg
Winamp
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
WinRAR archiver
WinUtilities 5.3
WinZip
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

3/7/2009 1:26:11 PM, error: W32Time [34] - The time service has detected that the system

time needs to be changed by -63105 seconds. The time service will not change the system

time by more than -54000 seconds. Verify that your time and time zone are correct, and that

the time source time.windows.com (ntp.m|0x1|192.168.1.101:123->207.46.232.182:123) is

working properly.
3/7/2009 1:46:53 PM, error: W32Time [34] - The time service has detected that the system

time needs to be changed by -63104 seconds. The time service will not change the system

time by more than -54000 seconds. Verify that your time and time zone are correct, and that

the time source time.windows.com (ntp.m|0x1|192.168.1.101:123->207.46.232.182:123) is

working properly.
3/7/2009 2:08:56 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft

Office Document Image Writer share name Printer.
3/7/2009 2:15:24 PM, error: Service Control Manager [7001] - The DHCP Client service

depends on the NetBios over Tcpip service which failed to start because of the following

error: A device attached to the system is not functioning.
3/7/2009 2:15:24 PM, error: Service Control Manager [7001] - The DNS Client service

depends on the TCP/IP Protocol Driver service which failed to start because of the

following error: A device attached to the system is not functioning.
3/7/2009 2:15:24 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS

Helper service depends on the AFD service which failed to start because of the following

error: A device attached to the system is not functioning.
3/7/2009 2:15:24 PM, error: Service Control Manager [7001] - The IPSEC Services service

depends on the IPSEC driver service which failed to start because of the following error: A

device attached to the system is not functioning.
3/7/2009 2:15:24 PM, error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: AFD bdftdif Fips intelppm IPSec MRxSmb NetBIOS

NetBT RasAcd Rdbss Tcpip
3/7/2009 2:25:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start

the service netman with arguments "" in order to run the server:

{BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/7/2009 2:25:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start

the service EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
3/7/2009 2:25:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start

the service StiSvc with arguments "" in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/7/2009 3:32:59 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the

Network Card with network address 0080482FC059 has been denied by the DHCP server

0.0.0.0 (The DHCP Server sent a DHCPNACK message).
3/7/2009 5:04:16 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the

Network Card with network address 0080482FC059 has been denied by the DHCP server

0.0.0.0 (The DHCP Server sent a DHCPNACK message).
3/7/2009 5:19:45 PM, error: ipnathlp [32003] - The Network Address Translator (NAT)

was unable to request an operation of the kernel-mode translation module. This may indicate

misconfiguration, insufficient resources, or an internal error. The data is the error code.

==== End Of File ===========================

Blade81
2009-03-08, 21:25
Hi

Report shows that you have pirated operating system there. As said in post #4 here (http://forums.spybot.info/showthread.php?t=288), we won't be able to assist you. If you think there's wrong information on the report you may open a topic on XP validation issue here (http://social.microsoft.com/Forums/en-US/genuinewindowsxp/threads/) and Office validation issue here (http://social.microsoft.com/Forums/en-US/genuineoffice/threads/).

This topic is now closed.