[gunjalkarthik]

My computer has been infected with a malware that shows up as tcpwalalib.exe in the process list of task manager and runs from comres.dll in system32 folder. Makes the computer slower,sometimes even unresponsive. Corrupts the antivirus and spybot removal program.Takes up high processing power as soon as i connect to internet.Is detected by Prevx3 malware removal tool.Not detected by ESET Smart Security 4.0.314.0.
Thank you for the help in advance!

ComboFix 11-06-30.03 - Administrator 07/04/2011 11:38:46.3.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1368 [GMT -12:00]
Running from: e:\downloads\ComboFix.exe
AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-06-04 to 2011-07-04 )))))))))))))))))))))))))))))))
.
.
2011-07-04 01:59 . 2011-07-04 02:09 47 ----a-w- c:\windows\SOLOSCAN.BAT
2011-07-04 01:58 . 2011-07-04 01:59 -------- d-----w- C:\SRN Micro
2011-07-04 01:54 . 2011-07-04 01:55 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-04 01:13 . 2011-07-04 01:13 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2011-07-04 01:13 . 2011-07-04 01:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2011-07-01 23:36 . 2011-07-01 23:36 71880 ----a-w- c:\windows\system32\PxSecure.dll-upgrade672578.tmp
2011-07-01 23:36 . 2011-07-01 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2011-07-01 05:25 . 2009-04-05 11:36 -------- d-----w- C:\SmitfraudFix
2011-07-01 03:51 . 2011-07-01 03:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-07-01 03:50 . 2011-05-29 21:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-01 03:50 . 2011-07-01 03:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-01 03:50 . 2011-05-29 21:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 23:33 . 2011-06-30 23:33 -------- d-----w- C:\FOUND.001
2011-06-30 06:53 . 2011-06-30 06:53 -------- d-----w- C:\FOUND.000
2011-06-29 22:15 . 2011-06-30 23:37 40448 ----a-w- c:\windows\system32\Slsvcx.exe
2011-06-29 01:14 . 2011-06-29 22:14 92672 --sh--w- c:\windows\system32\tcpwalalib.exe
2011-06-29 01:13 . 2011-06-29 01:13 -------- d-----w- c:\windows\system32\X
2011-06-23 06:40 . 2011-06-23 06:40 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 06:40 . 2011-06-23 06:40 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-22 22:22 . 2004-08-25 23:56 24576 ----a-w- c:\windows\system32\GsiNdi32.dll
2011-06-22 22:22 . 2011-06-22 22:22 -------- d-----w- c:\program files\Huawei
2011-06-13 00:00 . 2011-06-13 00:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\ImTOO Software Studio
2011-06-05 23:49 . 2011-06-05 23:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ImTOO
2011-06-05 23:44 . 2011-06-05 23:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\ImTOO
2011-06-05 23:44 . 2011-06-05 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ImTOO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-27 22:08 . 2011-05-27 22:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-23 06:40 . 2011-03-24 22:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-08-04 . A3886230C2B22BF4D3C452B90B1C45CB . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-07-04_02.47.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-24 00:00 . 2011-07-04 02:00 94040 c:\windows\system32\perfc009.dat
+ 2001-08-24 00:00 . 2011-07-04 22:33 94040 c:\windows\system32\perfc009.dat
- 2001-08-24 00:00 . 2011-07-04 02:00 505318 c:\windows\system32\perfh009.dat
+ 2001-08-24 00:00 . 2011-07-04 22:33 505318 c:\windows\system32\perfh009.dat
- 2004-08-03 22:56 . 2004-08-03 22:56 792064 c:\windows\system32\dllcache\comres.dll
+ 2004-08-03 22:56 . 2009-04-08 05:58 792064 c:\windows\system32\dllcache\comres.dll
- 2004-08-03 22:56 . 2004-08-03 22:56 792064 c:\windows\system32\comres.dll
+ 2004-08-03 22:56 . 2009-04-08 05:58 792064 c:\windows\system32\comres.dll
+ 2004-08-03 22:56 . 2004-08-03 22:56 792064 c:\windows\system32\comres BACKUP.dll
- 2004-08-04 10:56 . 2004-08-04 10:56 792064 c:\windows\system32\COMRES backup.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX1500 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE" [2004-06-01 99840]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-01-30 3179952]
"WOSB"="f:\softwares\WakeupOnStandBy\wosb.exe" [2011-03-22 1272320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="e:\new folder\nod32\egui.exe" [2009-02-07 2021400]
"Malwarebytes' Anti-Malware"="e:\new folder\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"SoloSentry"="e:\newfol~1\SRNMIC~1\SOLOSENT.EXE" [2010-08-27 77824]
"SoloSchedule"="c:\srnmic~1\SOLOCFG.EXE" [2010-08-27 303104]
"SoloSysCheck"="c:\srnmic~1\SYSCHECK.COM" [2010-08-27 237568]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Registration Prince of Persia Warrior Within.LNK]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Registration Prince of Persia Warrior Within.LNK
backup=c:\windows\pss\Registration Prince of Persia Warrior Within.LNKStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Security Update.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Security Update.lnk
backup=c:\windows\pss\Security Update.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-05 00:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 16:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- e:\new folder\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
2004-08-25 23:56 65536 ------w- c:\program files\Huawei\MT841\dslagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-05 09:13 141848 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 18:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 18:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mapper]
2008-09-05 07:17 40960 ----a-w- c:\program files\Home Browsing\IE Internet Helper\maper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 23:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-05 09:13 137752 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-02-13 06:31 16857600 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-06 04:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Nikon Transfer Monitor"=c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
"DSLAGENTEXE"=c:\program files\Huawei\MT841\dslagent.exe
"EPSON Stylus CX1500 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /O6 "USB001" /M "Stylus CX1500"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Huawei\\MT841\\DSLAGENT.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\New Folder\\gigaget\\Gigaget.exe"=
"e:\\New Folder\\flashget\\flashget.exe"=
"c:\\Tally\\tally72.exe"=
"c:\\Tally\\TALLY9.EXE"=
"h:\\BackUp of Tally\\Tally\\tally9.exe"=
"f:\\Tally\\tally72.exe"=
"e:\\New Folder\\bitt\\BitTorrent.exe"=
"e:\\New Folder\\Free Download Manager\\fdm.exe"=
"e:\\New Folder\\VLC\\vlc.exe"=
"e:\\New Folder\\java\\bin\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"7606:TCP"= 7606:TCP:enzunljc
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [7/11/2003 1:22 AM 14912]
R2 ekrn;ESET Service;e:\new folder\nod32\ekrn.exe [2/6/2009 2:23 PM 727720]
R2 WalaSvc;Windows Infomation Actioning;c:\windows\system32\tcpwalalib.exe [6/28/2011 1:14 PM 92672]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3/25/2011 6:48 PM 218688]
S3 illreqpim;illreqpim;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/30/2011 3:50 PM 22712]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\ztemtusbser.sys --> c:\windows\system32\DRIVERS\ztemtusbser.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
cvjpechd
.
Contents of the 'Scheduled Tasks' folder
.
2010-11-05 c:\windows\Tasks\firefox.job
- c:\program files\Mozilla Firefox\firefox.exe [2009-11-26 06:40]
.
2011-07-04 c:\windows\Tasks\Free Download Manager.job
- e:\new folder\Free Download Manager\fdm.exe [2011-02-16 11:28]
.
2011-06-19 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2010-12-08 00:08]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download All by Gigaget - e:\new folder\gigaget\getallurl.htm
IE: &Download All with FlashGet - e:\new folder\flashget\jc_all.htm
IE: &Download by Gigaget - e:\new folder\gigaget\geturl.htm
IE: &Download with FlashGet - e:\new folder\flashget\jc_link.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download all with Free Download Manager - file://e:\new folder\Free Download Manager\dlall.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download selected with Free Download Manager - file://e:\new folder\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://e:\new folder\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://e:\new folder\Free Download Manager\dllink.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Download with ImTOO Download YouTube Video - e:\new folder\Download YouTube Video\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{05621D6F-D130-41FF-8E8C-4399A56A1976}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{19A8216A-C872-4E9F-A357-7C54AC89B671}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{63DF77B5-46A8-4A74-8B36-84A9F91AEBF7}: NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{8F58A87F-8FAD-43E8-BCF6-8E6238938FD9}: NameServer = 218.248.241.3 218.248.255.177
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i2fob4tv.default\
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-04 11:41
Windows 5.1.2600 Service Pack 2 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus CX1500 Series = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /M "Stylus CX1500" /EF "HKCU"?6?????6?????D????????????h?w?? ?????????????????????????????<????h?w????????????????????????h???-??w???????????????w????????8???)??|????T??
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\illreqpim]
"ImagePath"="\??\c:\windows\system32\02.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cvjpechd]
"ServiceDll"="c:\windows\system32\gnbpbgl.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(11892)
e:\new folder\flashget\fgmgr.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-07-04 11:43:43
ComboFix-quarantined-files.txt 2011-07-04 23:43
ComboFix2.txt 2011-07-04 22:35
ComboFix3.txt 2011-07-04 02:54
.
Pre-Run: 3,096,690,688 bytes free
Post-Run: 3,084,271,616 bytes free
.
- - End Of File - - F68F10D62E215F95D96A93E6967BB8D2

OTL Extras logfile created on: 7/4/2011 12:33:27 PM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = E:\downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.37% Memory free
3.84 Gb Paging File | 1.24 Gb Available in Paging File | 32.36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.62 Gb Total Space | 2.88 Gb Free Space | 15.44% Space Free | Partition Type: FAT32
Drive E: | 48.82 Gb Total Space | 23.81 Gb Free Space | 48.77% Space Free | Partition Type: FAT32
Drive F: | 97.64 Gb Total Space | 0.64 Gb Free Space | 0.65% Space Free | Partition Type: FAT32
Drive G: | 97.64 Gb Total Space | 12.67 Gb Free Space | 12.97% Space Free | Partition Type: FAT32
Drive H: | 97.64 Gb Total Space | 14.16 Gb Free Space | 14.50% Space Free | Partition Type: FAT32
Drive I: | 99.49 Gb Total Space | 0.20 Gb Free Space | 0.20% Space Free | Partition Type: FAT32

Computer Name: COMPUTER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-329068152-73586283-725345543-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = AutoCADScriptFile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1" %*
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\New Folder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\New Folder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8000:UDP" = 8000:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8001:UDP" = 8001:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8002:UDP" = 8002:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8003:UDP" = 8003:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8004:UDP" = 8004:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8005:UDP" = 8005:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8006:UDP" = 8006:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8007:UDP" = 8007:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8008:UDP" = 8008:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8009:UDP" = 8009:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"7606:TCP" = 7606:TCP:*:Enabled:enzunljc
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F04C1E-79EA-4563-A4BB-E51C532245F3}_is1" = Internet Download Manager 5.18.8.0
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2ACA65CD-11E1-4502-B3BC-A3CAA8EEADB1}" = EPSON Scan Tool Light 1.0
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4097ADD8-7890-4CBD-953A-1187EF2C6FA5}_is1" = JPEG to PDF 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52816561-C35E-4A47-9AE1-4B084D0806DA}" = eTimeTrack
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{5B88B667-D3AF-4750-A2AE-B60D66B5249E}" = IE Internet Helper
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8FA16D6E-8173-4340-A339-43D7AA4A3F23}" = Tally 9
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91CB1F7A-3C16-4782-8084-706A04C18CDF}_is1" = Epic 1.2
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD65CAC7-6D63-4D56-BED0-B610281256DF}" = CorelDRAW Graphics Suite 12 Setup Files
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C3AE9DA1-2E44-4F11-803E-20977F0FE6B9}" = Safari
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EE0D2D03-B346-48D5-B841-E5362B1C1167}" = AVEO USB2.0 PC Camera(S5HVTV1P10814)
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E2505F-AA57-476B-9F67-F8C5E3938080}" = ESET Smart Security
"{F5491CFE-A8A8-4894-A7D4-1D6A9BC26C98}" = Image to PDF v2.2
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"Baraha 9.1_is1" = Baraha 9.1
"BitTorrent" = BitTorrent
"Canon LBP2900" = Canon LBP2900
"Convert XLS_is1" = Convert XLS
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dassault Systemes B16_0" = Dassault Systemes Software B16
"DivXLand Media Subtitler" = DivXLand Media Subtitler
"doPDF 7 printer_is1" = doPDF 7.1 printer
"EPSON Printer and Utilities" = EPSON Printer Software
"FlashGet" = FlashGet 1.9.6.1073
"FormatFactory" = FormatFactory 2.30
"Free Download Manager_is1" = Free Download Manager 3.0 Bittorrent plugin
"gigaget_is1" = Gigaget
"HDMI" = Intel® Graphics Media Accelerator Driver
"Huawei MT841" = Huawei MT841
"ImTOO 3GP Video Converter 6" = ImTOO 3GP Video Converter 6
"ImTOO AVI to MOV Converter 6" = ImTOO AVI to MOV Converter 6
"ImTOO Download YouTube Video" = ImTOO Download YouTube Video
"ImTOO HD Video Converter 6" = ImTOO HD Video Converter 6
"ImTOO Video Converter Ultimate 6" = ImTOO Video Converter Ultimate 6
"Java 2 SDK Standard Edition v1.3.0_02" = Java 2 SDK Standard Edition v1.3.0_02
"JRE 1.3.0_02" = Java 2 Runtime Environment Standard Edition v1.3.0_02
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nudi 4.0" = Nudi 4.0
"Prism" = Prism Video File Converter
"Project IGI" = Project IGI
"SoloAV_is1" = Solo Antivirus 10.0
"Switch" = Switch
"uTorrent" = µTorrent
"VCD Cutter_is1" = VCD Cutter 1.0
"VLC media player" = VLC media player 1.1.7
"VobSub" = VobSub v2.23 (Remove Only)
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/3/2011 8:30:20 PM | Computer Name = COMPUTER | Source = MsiInstaller | ID = 11321
Description = Product: ESET Smart Security -- Error 1321. The Installer has insufficient
privileges to modify this file: E:\New Folder\nod32\PPESET.dll.

Error - 7/3/2011 8:30:20 PM | Computer Name = COMPUTER | Source = MsiInstaller | ID = 11321
Description = Product: ESET Smart Security -- Error 1321. The Installer has insufficient
privileges to modify this file: E:\New Folder\nod32\PPESET.dll.

Error - 7/3/2011 8:30:20 PM | Computer Name = COMPUTER | Source = MsiInstaller | ID = 11321
Description = Product: ESET Smart Security -- Error 1321. The Installer has insufficient
privileges to modify this file: E:\New Folder\nod32\PPESET.dll.

Error - 7/3/2011 8:30:21 PM | Computer Name = COMPUTER | Source = MsiInstaller | ID = 11321
Description = Product: ESET Smart Security -- Error 1321. The Installer has insufficient
privileges to modify this file: E:\New Folder\nod32\PPESET.dll.

Error - 7/3/2011 8:30:23 PM | Computer Name = COMPUTER | Source = MsiInstaller | ID = 11321
Description = Product: ESET Smart Security -- Error 1321. The Installer has insufficient
privileges to modify this file: E:\New Folder\nod32\mfc80u.dll.

Error - 7/3/2011 8:49:50 PM | Computer Name = COMPUTER | Source = MsiInstaller | ID = 1013
Description = Product: ESET Smart Security -- A more recent version of ESET Smart
Security is already installed on this computer.

Error - 7/3/2011 9:11:10 PM | Computer Name = COMPUTER | Source = MsiInstaller | ID = 11404
Description = Product: ESET Smart Security -- Error 1404. Could not delete key \Software\ESET\ESET
Security\CurrentVersion\Plugins\01000103\Profiles\@My profile. System error .
Verify that you have sufficient access to that key, or contact your support personnel.


Error - 7/3/2011 9:11:10 PM | Computer Name = COMPUTER | Source = MsiInstaller | ID = 11404
Description = Product: ESET Smart Security -- Error 1404. Could not delete key \Software\ESET\ESET
Security\CurrentVersion\Plugins\01000103\Profiles\@My profile. System error .
Verify that you have sufficient access to that key, or contact your support personnel.


Error - 7/3/2011 9:11:13 PM | Computer Name = COMPUTER | Source = MsiInstaller | ID = 11404
Description = Product: ESET Smart Security -- Error 1404. Could not delete key \Software\ESET\ESET
Security. System error . Verify that you have sufficient access to that key,
or contact your support personnel.

Error - 7/3/2011 9:11:13 PM | Computer Name = COMPUTER | Source = MsiInstaller | ID = 11404
Description = Product: ESET Smart Security -- Error 1404. Could not delete key \Software\ESET\ESET
Security. System error . Verify that you have sufficient access to that key,
or contact your support personnel.

[ System Events ]
Error - 7/2/2011 6:21:40 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7031
Description = The Windows Infomation Actioning service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 7/2/2011 6:21:55 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7031
Description = The Windows Infomation Actioning service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 7/2/2011 6:22:52 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7031
Description = The Windows Infomation Actioning service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 7/2/2011 8:25:37 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7031
Description = The Windows Infomation Actioning service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 7/2/2011 8:31:15 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7031
Description = The Windows Infomation Actioning service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 7/2/2011 10:28:35 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7023
Description = The Installer Manager service terminated with the following error:
%%126

Error - 7/2/2011 10:28:36 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7028
Description = The cvjpechd Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 7/3/2011 1:38:17 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7023
Description = The Installer Manager service terminated with the following error:
%%126

Error - 7/3/2011 1:38:17 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7028
Description = The cvjpechd Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 7/3/2011 1:38:17 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7028
Description = The cvjpechd Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.


< End of report >

Attached Files

•  ComboFix.txt   16.12KB   188 downloads
•  Extras.Txt   48.61KB   230 downloads

[Advertisements]

I've edited your original post to paste the logs into the post so that it is easier to work with them. Please do not attach logs unless we ask you to. Always Copy and Paste them unless they are too big for the forum.

I can see the problem but first I'd like you to uninstall some stuff that might interfere with the fix or which are obsolete, unneeded or dangerous to have on your PC and I will need a custom OTL scan.

Uninstall:
Spybot - Search & Destroy
Java™ 6 Update 5
BitTorrent
DAEMON Tools Lite
FlashGet 1.9.6.1073
Free Download Manager 3.0 Bittorrent plugin
Java 2 SDK Standard Edition v1.3.0_02
Java 2 Runtime Environment Standard Edition v1.3.0_02
Solo Antivirus 10.0
µTorrent
IE Internet Helper
Internet Download Manager 5.18.8.0


Copy the following lines:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
tcpip.sys
comres.dll
/md5stop


Run OTL again and paste the above line into the Custom Scans/Fixes box and press Quick Scan and post the log that you get.

Ron

[RKinner]

I've edited your original post to paste the logs into the post so that it is easier to work with them. Please do not attach logs unless we ask you to. Always Copy and Paste them unless they are too big for the forum.

I can see the problem but first I'd like you to uninstall some stuff that might interfere with the fix or which are obsolete, unneeded or dangerous to have on your PC and I will need a custom OTL scan.

Uninstall:
Spybot - Search & Destroy
Java™ 6 Update 5
BitTorrent
DAEMON Tools Lite
FlashGet 1.9.6.1073
Free Download Manager 3.0 Bittorrent plugin
Java 2 SDK Standard Edition v1.3.0_02
Java 2 Runtime Environment Standard Edition v1.3.0_02
Solo Antivirus 10.0
µTorrent
IE Internet Helper
Internet Download Manager 5.18.8.0


Copy the following lines:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
tcpip.sys
comres.dll
/md5stop


Run OTL again and paste the above line into the Custom Scans/Fixes box and press Quick Scan and post the log that you get.

Ron