hijackthis results said there are suspicous findings....what does that mean?

[tibidis]

File imsins.BAK received on 04.30.2009 00:01:42 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.04.29 -
AhnLab-V3 5.0.0.2 2009.04.29 -
AntiVir 7.9.0.156 2009.04.29 -
Antiy-AVL 2.0.3.1 2009.04.29 -
Authentium 5.1.2.4 2009.04.29 -
Avast 4.8.1335.0 2009.04.29 -
AVG 8.5.0.327 2009.04.29 -
BitDefender 7.2 2009.04.29 -
CAT-QuickHeal 10.00 2009.04.29 -
ClamAV 0.94.1 2009.04.29 -
Comodo 1141 2009.04.29 -
DrWeb 4.44.0.09170 2009.04.29 -
eSafe 7.0.17.0 2009.04.27 -
eTrust-Vet 31.6.6483 2009.04.29 -
F-Prot 4.4.4.56 2009.04.29 -
F-Secure 8.0.14470.0 2009.04.29 -
Fortinet 3.117.0.0 2009.04.29 -
GData 19 2009.04.29 -
Ikarus T3.1.1.49.0 2009.04.29 -
K7AntiVirus 7.10.719 2009.04.29 -
Kaspersky 7.0.0.125 2009.04.29 -
McAfee 5600 2009.04.29 -
McAfee+Artemis 5600 2009.04.29 -
McAfee-GW-Edition 6.7.6 2009.04.29 -
Microsoft 1.4602 2009.04.29 -
NOD32 4043 2009.04.29 -
Norman 6.01.05 2009.04.29 -
nProtect 2009.1.8.0 2009.04.29 -
Panda 10.0.0.14 2009.04.29 -
PCTools 4.4.2.0 2009.04.29 -
Prevx1 3.0 2009.04.29 -
Rising 21.27.22.00 2009.04.29 -
Sophos 4.41.0 2009.04.29 -
Sunbelt 3.2.1858.2 2009.04.29 -
Symantec 1.4.4.12 2009.04.29 -
TheHacker 6.3.4.1.317 2009.04.29 -
TrendMicro 8.950.0.1092 2009.04.29 -
VBA32 3.12.10.3 2009.04.29 -
ViRobot 2009.4.29.1715 2009.04.29 -
VirusBuster 4.6.5.0 2009.04.29 -
Additional information
File size: 4566 bytes
MD5...: be633216f678f7d624c608c83d23357d
SHA1..: 594a74585a95c7074664b965ca0cb15453daa27e
SHA256: 8dc0a5eac70881391546a4f5d0465df1631c72e48ba080f3c82bc9fe8786cb17
SHA512: bcc324ebe9173d0f2998731eaec621ca8a9dc0da9dd8b2f322ef2919f5ac6a63
2a1fe1684ddf6c10f258423f4f8dde2649912650e5819d4090ff5ad527f2f982
ssdeep: 96:XD8MIBln828HoBl+p7oBl+pRsBl+pDfBl+p9mBl9qlYal9+lGlzvYaltMalH3
lpb:4lFkQlTlllilxlMl1l0lGlL1ltZlXluu
PEiD..: -
TrID..: File type identification
Generic INI configuration (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

[tibidis]

to load the c:windows\system32\MRT.INI it says path not found...whats that mean? oh, and my bad about not replying, I've been busy...

[tibidis]

and when it tries to get a recovery console it say boot partition cannot be enumerated correctly....what does that mean?


ComboFix 09-04-29.01 - Danny 04/29/2009 18:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2196 [GMT -4:00]
Running from: c:\documents and settings\Danny\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-28 09:09 . 2009-04-28 09:09 0 ----a-w c:\windows\nsreg.dat
2009-04-28 09:09 . 2009-04-28 09:09 -------- d-----w c:\documents and settings\Danny\Local Settings\Application Data\Mozilla
2009-04-28 04:13 . 2009-04-29 18:22 -------- d-----w C:\Downloads
2009-04-28 04:11 . 2009-04-29 18:23 -------- d-----w c:\documents and settings\Danny\Application Data\Go!Zilla
2009-04-28 04:11 . 2009-04-28 04:13 -------- d-----w c:\program files\GoZilla
2009-04-26 19:33 . 2009-04-28 21:12 -------- d-----w c:\documents and settings\Danny\Application Data\uTorrent
2009-04-25 23:16 . 2009-04-25 23:16 -------- d-----w c:\documents and settings\Danny\Local Settings\Application Data\AOL
2009-04-25 23:14 . 2009-04-25 23:14 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-25 23:14 . 2009-04-25 23:14 -------- d-----w c:\program files\Viewpoint
2009-04-25 23:14 . 2009-04-25 23:17 -------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2009-04-25 23:14 . 2009-04-25 23:14 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-04-25 23:13 . 2009-04-25 23:35 -------- d-----w c:\program files\Common Files\AOL
2009-04-23 17:37 . 2009-04-23 17:37 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
2009-04-23 17:36 . 2009-04-27 23:15 -------- d-----w c:\documents and settings\Danny\Local Settings\Application Data\NVIDIA Corporation
2009-04-23 00:07 . 2009-04-23 00:07 -------- d-----w c:\documents and settings\Danny\Application Data\PlayFirst
2009-04-23 00:07 . 2009-04-23 00:07 -------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-04-22 23:24 . 2009-04-22 23:29 29 ----a-w c:\windows\popcinfo.dat
2009-04-22 22:43 . 2009-04-22 22:43 -------- d-sh--w c:\windows\ftpcache
2009-04-22 22:38 . 2009-04-22 22:38 -------- d-----w c:\documents and settings\Danny\Application Data\Taito Legends
2009-04-22 00:17 . 2009-04-22 00:17 -------- d--h--r c:\documents and settings\Danny\Application Data\SecuROM
2009-04-22 00:13 . 2009-04-22 00:13 -------- d-----w c:\documents and settings\Danny\Application Data\Leadertech
2009-04-22 00:01 . 2009-04-22 00:01 -------- d-----w c:\program files\EA Games
2009-04-21 23:49 . 2009-04-21 23:49 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-04-21 23:48 . 2006-01-06 14:10 7548 ----a-w c:\windows\system32\drivers\Samhid.sys
2009-04-21 23:48 . 2006-01-04 20:39 77824 ----a-w c:\windows\system32\FDRdriver.dll
2009-04-21 23:48 . 2007-06-14 19:38 487424 ----a-w c:\windows\system32\FDRpage.dll
2009-04-21 23:48 . 2009-04-21 23:48 -------- d-----w c:\program files\PHILIPS
2009-04-21 23:48 . 2007-06-08 14:59 204800 ----a-w c:\windows\system32\CreateDir.exe
2009-04-18 22:39 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 22:39 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 22:39 . 2009-04-18 22:39 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-16 07:02 . 2009-04-16 07:02 -------- d-----w c:\windows\system32\MpEngineStore
2009-04-16 06:21 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 06:21 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 06:18 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 06:18 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 06:18 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 06:18 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 06:18 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 06:18 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 06:18 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 06:18 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 06:18 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-13 16:09 . 2009-04-17 02:55 -------- d-----w c:\program files\PokerStars
2009-04-13 03:27 . 2009-04-14 13:30 -------- d-----w c:\program files\PokerStars.NET
2009-04-12 18:43 . 2009-04-27 06:12 138184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-12 18:43 . 2009-04-12 18:43 22328 ----a-w c:\documents and settings\Danny\Application Data\PnkBstrK.sys
2009-04-12 18:43 . 2009-04-27 06:11 183112 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-12 18:43 . 2009-04-22 00:17 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-12 17:41 . 2009-04-12 17:41 -------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-04-12 17:40 . 2009-04-12 17:40 -------- d-----w c:\program files\Electronic Arts
2009-04-12 17:40 . 2009-04-12 17:40 -------- d-----w C:\ProgramData
2009-04-12 17:40 . 2009-04-12 17:40 2784 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-04-12 17:40 . 2009-04-12 17:40 -------- d-----w c:\documents and settings\Danny\Local Settings\Application Data\Downloaded Installations
2009-04-12 06:34 . 2009-04-12 06:34 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-12 06:34 . 2009-04-12 06:34 -------- d-----w c:\program files\Zone Labs
2009-04-12 06:33 . 2009-04-12 16:50 -------- d-----w c:\windows\Internet Logs
2009-04-11 11:41 . 2009-04-11 11:45 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-11 08:13 . 2009-04-11 08:13 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-11 08:11 . 2009-04-11 08:11 -------- d-sh--w c:\documents and settings\Danny\IETldCache
2009-04-11 08:09 . 2009-04-11 08:32 -------- d-----w c:\windows\ie8updates
2009-04-11 08:09 . 2009-02-20 18:09 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-11 08:07 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-11 00:51 . 2009-04-11 00:51 -------- d-----w c:\documents and settings\Danny\Application Data\Yahoo!
2009-04-11 00:51 . 2009-04-12 16:50 -------- d-----w c:\program files\Yahoo!
2009-04-10 23:59 . 2009-04-10 23:59 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-10 23:59 . 2009-04-10 23:59 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-10 23:59 . 2009-04-29 12:12 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-10 23:59 . 2009-04-12 17:23 -------- d-----w c:\documents and settings\Danny\Application Data\AVGTOOLBAR
2009-04-10 23:59 . 2009-04-10 23:59 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-10 23:04 . 2009-04-10 23:04 -------- d-----w C:\HJT
2009-04-10 17:17 . 2009-04-10 17:17 -------- d-----w c:\program files\Trend Micro
2009-04-10 17:02 . 2009-04-10 17:07 -------- d-----w C:\IE-SPYAD
2009-04-10 16:05 . 2009-04-10 16:05 -------- d-----w c:\documents and settings\Danny\Application Data\Malwarebytes
2009-04-10 16:05 . 2009-04-10 16:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-10 15:53 . 2009-04-10 15:57 -------- d-----w c:\windows\SxsCaPendDel
2009-04-10 14:40 . 2009-04-10 14:40 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-10 14:40 . 2009-04-27 22:47 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-10 14:40 . 2009-04-27 22:47 -------- d-----w c:\documents and settings\Danny\Application Data\SUPERAntiSpyware.com
2009-04-09 06:49 . 2009-04-09 06:50 -------- d-----w c:\windows\system32\Adobe
2009-04-03 03:29 . 2009-04-12 16:59 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-31 20:36 . 2009-04-01 01:27 -------- d-----w c:\documents and settings\Danny\Application Data\Move Networks
2009-03-31 20:22 . 2009-03-31 20:22 8192 ----a-w C:\mtwb.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 17:54 . 2009-03-11 22:26 -------- d-----w c:\program files\9Dragons
2009-04-29 07:38 . 2009-01-16 14:28 -------- d-----w c:\program files\Java
2009-04-28 07:00 . 2009-03-17 06:05 -------- d-----w c:\program files\Trojan Remover
2009-04-27 22:46 . 2009-01-16 13:57 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-25 05:28 . 2009-01-16 14:51 -------- d-----w c:\program files\Google
2009-04-23 17:39 . 2009-01-16 13:57 -------- d-----w c:\program files\AGEIA Technologies
2009-04-23 17:38 . 2009-01-16 13:58 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-23 17:38 . 2009-01-16 13:58 -------- d-----w c:\program files\NVIDIA Corporation
2009-04-12 17:40 . 2009-01-16 17:23 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-12 06:51 . 2009-03-11 19:16 -------- d-----w c:\program files\Pando Networks
2009-04-11 09:00 . 2009-01-16 14:52 -------- d-----w c:\program files\Vuze
2009-04-11 00:01 . 2009-01-16 16:29 13664 ----a-w c:\documents and settings\Danny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 22:57 . 2009-03-29 03:14 0 ----a-w c:\documents and settings\Danny\Local Settings\Application Data\prvlcl.dat
2009-03-30 20:53 . 2009-03-30 20:53 -------- d-----w c:\program files\Fast Browser SearchP
2009-03-29 05:35 . 2009-03-29 05:35 -------- d-----w c:\program files\Common Files\DirectX
2009-03-29 00:04 . 2009-03-29 00:04 -------- d-----w c:\program files\AVG
2009-03-27 08:51 . 2009-03-15 23:49 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-27 06:34 . 2009-01-18 22:39 3 ----a-w c:\windows\sbacknt.bin
2009-03-27 04:28 . 2009-03-21 20:40 -------- d-----w c:\program files\MySpace
2009-03-19 15:38 . 2009-03-19 15:38 -------- d-----w c:\program files\BitTorrent
2009-03-19 15:08 . 2009-03-19 15:08 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-19 06:18 . 2009-03-19 06:18 -------- d-----w c:\program files\WinPcap
2009-03-17 06:17 . 2009-01-16 15:03 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-11 23:43 . 2009-03-11 23:43 -------- d-----w c:\program files\Common Files\INCA Shared
2009-03-06 14:22 . 2008-02-11 03:12 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2008-02-11 03:14 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-09 12:10 . 2008-02-11 03:11 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-02-11 03:12 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2008-02-11 03:12 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-02-11 03:09 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-02-11 03:13 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2008-02-11 03:12 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2008-02-11 03:12 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-02-11 03:12 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2008-02-11 03:12 56832 ----a-w c:\windows\system32\secur32.dll
.

------- Sigcheck -------

[-] 2009-01-16 13:56 502272 6225F14B8CE08CCBA8B25AD27843C674 c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2009-01-16 23:09 507904 679A7259741F6A09994F02CE261B5F2E c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-24_22.15.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-27 23:14 . 2009-04-27 23:14 16384 c:\windows\Temp\Perflib_Perfdata_250.dat
+ 2009-04-27 23:14 . 2009-04-27 23:14 16384 c:\windows\Temp\Perflib_Perfdata_220.dat
+ 2008-02-11 03:12 . 2009-04-28 21:14 78318 c:\windows\system32\perfc009.dat
- 2008-02-11 03:12 . 2009-04-16 07:20 78318 c:\windows\system32\perfc009.dat
+ 2009-04-27 22:47 . 2009-04-27 22:47 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-04-27 22:47 . 2009-04-27 22:47 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-04-25 23:14 . 2009-04-25 23:14 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
- 2008-02-11 03:12 . 2009-04-16 07:20 462498 c:\windows\system32\perfh009.dat
+ 2008-02-11 03:12 . 2009-04-28 21:14 462498 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-03-17 06:17 35840 ----a-w c:\program files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
2009-03-13 16:38 1687552 ----a-w c:\program files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1FF080D-12A3-439A-A2EF-4BA95A3148E8}]
2008-01-22 18:46 345152 ----a-w c:\program files\GoZilla\GozCatch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-03-17 06:17 73728 ----a-w c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-10 1932568]
"Go!Zilla"="c:\program files\GoZilla\Goz.exe" [2008-06-25 3350800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-17 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-11-12 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-12 16859136]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-1-18 357712]

c:\documents and settings\Danny\Start Menu\Programs\Startup\
Need for SpeedT Undercover Registration.lnk - c:\program files\EA Games\Need for Speed Undercover\Support\EAregister.exe [2008-10-22 4369408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2009-02-20 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-10 23:59 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\BlackSite Area 51\\Binaries\\BlackSite.exe"=
"d:\\Program Files\\Combat Flight Simulator 3\\cfs3.exe"=
"d:\\Program Files\\Combat Flight Sim\\COMBATFS.EXE"=

R2 gupdate1c9a2721f672196;Google Update Service (gupdate1c9a2721f672196);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 133104]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-22 2839290]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-10 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-10 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2009-01-16 78848]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-10 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-10 298264]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys [2006-01-06 7548]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cfdd0e5-e3d2-11dd-956b-92fb5d3e4d3a}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:52]
.
- - - - ORPHANS REMOVED - - - -

SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\msdaipp.dll
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\msdaipp.dll
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\msdaipp.dll
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\msdaipp.dll
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\msdaipp.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\AVG\AVG8\avgpp.dll
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\msdaipp.dll
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\msdaipp.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
FF - ProfilePath - c:\documents and settings\Danny\Application Data\Mozilla\Firefox\Profiles\cf1ujdwv.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 18:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-2052111302-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:09,56,55,b3,13,5a,35,44,47,69,2c,26,83,90,75,62,3b,e0,a2,1b,3e,
71,36,eb,eb,c9,2a,03,0e,13,bd,99,60,aa,95,b3,62,3c,53,1b,b4,53,e1,29,9b,f8,\
"rkeysecu"=hex:4b,42,26,12,ba,ed,84,20,54,0e,90,e4,8a,24,66,5e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\nvLsp.dll

- - - - - - - > 'explorer.exe'(3496)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-29 18:22
ComboFix-quarantined-files.txt 2009-04-29 22:22
ComboFix2.txt 2009-04-24 22:17

Pre-Run: 10,771,501,056 bytes free
Post-Run: 10,838,073,344 bytes free

296 --- E O F --- 2009-04-16 07:02

[JohnB151]

Hi,

One of Microsofts files on your computer is infected and has to be replaced by a copy that is present somewhere else on your system. ComboFix can do this, but only if Recovery Console is installed. That is why we will first start figuring why it cannot be installed.

Please download BootCheck.exe to your desktop.

• Double click BootCheck.exe to run the check
• When complete, a Notepad window will open with some text in it
• Save the Notepad file to your desktop as BootCheck.txt
• Post the contents of the file in a reply to this topic

Regards,
John.

[tibidis]

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !

Contents of boot.ini:


it didnt even run for some reason....thats all it did....Oh! and by tha way, you guys are saints....I have tried online help in the past elsewhere, and it was all a bunch of bullshit.....you guys rock....keep on keepin on!

[JohnB151]

Hi,

it didnt even run for some reason....thats all it did....

It did run and gave exactly the same result as I thought it would.

Go to C:\boot.ini

If that file exists, right click and uncheck 'Read Only' and click Apply>OK

Now right click the file again and select 'Open With' and choose Notepad.

If the boot.ini doesn't exist, then open Notepad.

Copy/paste the following text in the quote box below, into Notepad:

Code:

[boot loader]
timeout=30
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=1 /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=2 /fastdetect
scsi(0)disk(0)rdisk(0)partition(1)\WINDOWS=3 /fastdetect
scsi(0)disk(0)rdisk(0)partition(2)\WINDOWS=4 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=5 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=6 /fastdetect
C:\WINDOWS=7 /fastdetect

(Without the empty line at the bottom)

Close the file, and approve the changes made when asked by Windows.

If there was no boot.ini, save the file you just created. Name it boot.ini and save it directly to C:\ drive.

Do NOT reboot yet!

Run the Bootcheck.exe and post it's contents for review. It's important that you do NOT reboot the sytem until I have reviewed that log.

Regards,
John.

[tibidis]

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !

Contents of C:\boot.ini:

[boot loader]
timeout=30
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=1 /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=2 /fastdetect
scsi(0)disk(0)rdisk(0)partition(1)\WINDOWS=3 /fastdetect
scsi(0)disk(0)rdisk(0)partition(2)\WINDOWS=4 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=5 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=6 /fastdetect
C:\WINDOWS=7 /fastdetect

[JohnB151]

Hi,

Ok, looks good. Read through this next set of instructions and print them out if you're not sure you'll remember.

Reboot your system and do this:

• Upon reboot, you'll have 30 seconds to choose from the boot menu.
• Use your arrow key to scoot on up to 1 /fastdect in the list and press Enter
• Wait for it to boot Windows.
• If you receive an error, click OK to restart the system
• Upon restart you will see the boot menu again. Arrow up to 2 /fastdetect and press Enter.
• Wait for Windows to boot. If you receive an error message, same as before, click OK to restart.

Continue using the arrow key, going in succession from 3 /fastdetect, etc., one at a time, until Windows boots up.

Come back and tell me which # worked for you.

Regards,
John.

[tibidis]

done and the first 1 (fastdetect 1) worked...now what should I do?

[JohnB151]

Hi,

Alright, so let's now change that in boot.ini.

Go to C:\boot.ini.

Now right click the file again and select 'Open With' and choose Notepad.

If you cannot open it, right click and uncheck 'Read Only' and click Apply>OK.

Copy/paste the following text in the quote box below, into Notepad:

Code:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

(Without empty line at the bottom)

Close the file, and approve the changes made when asked by Windows.

Do NOT reboot yet!

Run the Bootcheck.exe and post it's contents for review. It's important that you do NOT reboot the sytem until I have reviewed that log.

Regards,
John.