Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Rbot-afw Warm


  • This topic is locked This topic is locked
2 replies to this topic

#1 ahmed haji

ahmed haji

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 27 April 2008 - 06:21 AM

Hi,
I faced a problem with my computer when I want to open any of my disk drive, I can't open theme unless by opening the right click and clicking on open or explore. When I do so, a message appear to me in the top of the right menu's cilck says:''IF FREEDOM IS OUTLAWED, ONLY OUTLAWS WILL HAVE FREEDOM''. Please help me to remove this thing from my computer. another thing, When this message start to appear to me, some times my computer turn off when I work on it with out any warning, and I can't turn it one againe directly. I can turn it one after 1 minute at less. Please help me in this thing.

I send you the log of the ( main.txt) and after it I'll send the log of ( extra.txt).

thank you very much for everything.


(the (main.txt))

Deckard's System Scanner v20071014.68
Run by nipeal on 2008-04-28 01:58:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
29: 2008-04-28 08:58:18 UTC - RP29 - Deckard's System Scanner Restore Point
28: 2008-04-28 08:39:50 UTC - RP28 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
27: 2008-04-26 04:49:29 UTC - RP27 - Software Distribution Service 3.0
26: 2008-04-26 02:51:18 UTC - RP26 - Printer Driver Canon LBP2900 Installed
25: 2008-04-26 02:51:04 UTC - RP25 - Installed Canon LBP2900


-- First Restore Point --
1: 2008-04-25 02:43:22 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-28 01:59:22
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\taskmger.com
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\WLAN\ACU.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACP.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\DOCUME~1\nipeal\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\nipeal\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
F0 - system.ini: Shell=Explorer.exe taskmger.com
F2 - REG:system.ini: Shell=Explorer.exe taskmger.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [userd] C:\WINDOWS\RECYCLER\systems.com
O4 - HKLM\..\Run: [ACU] "C:\Program Files\WLAN\ACU.exe" -nogui
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Systry] C:\WINDOWS\system32\notepad.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: WLAN Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE


--
End of file - 5149 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys
R3 AR5523 (WLAN USB Wireless Network Adapter Service) - c:\windows\system32\drivers\ar5523.sys <Not Verified; WLAN Communications, Inc.; WLAN AR5005 Wireless USB Network Adapter>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S0 szkg5 (szkg) - c:\windows\system32\drivers\szkg.sys (file missing)
S3 igfx - c:\windows\system32\drivers\igdkmd32.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows Vista®>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys <Not Verified; Conexant Systems, Inc; UIU HW Access x86 Driver (SYS)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (WLAN Configuration Service) - c:\windows\system32\acs.exe
R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; C-Dilla Ltd; SafeCast Windows NT>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5007EG Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_04281468&REV_01\4&1B09A299&0&00E3
Manufacturer: Atheros Communications Inc.
Name: Atheros AR5007EG Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_04281468&REV_01\4&1B09A299&0&00E3
Service: athr


-- Scheduled Tasks -------------------------------------------------------------

2008-04-26 14:10:11 418 --a------ C:\WINDOWS\Tasks\الجسمي فقدتك 1.job
2008-04-25 00:14:46 108 --a------ C:\WINDOWS\Tasks\Critical Battery Alarm Program.job


-- Files created between 2008-03-28 and 2008-04-28 -----------------------------

2008-04-28 01:52:19 0 d-------- C:\WINDOWS\LastGood
2008-04-27 02:39:54 0 dr-h----- C:\Documents and Settings\nipeal\Application Data\yahoo!
2008-04-27 02:34:40 0 d-------- C:\WINDOWS\pss
2008-04-26 14:06:24 112128 -r-h----- C:\WINDOWS\CdaC14BA.DLL
2008-04-26 14:06:24 30720 -r-h----- C:\WINDOWS\CdaC13BA.EXE
2008-04-26 14:06:24 0 d--h---c- C:\C_DILLA
2008-04-26 14:06:23 8864 --a------ C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2008-04-26 14:06:23 39936 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE <Not Verified; C-Dilla Ltd; SafeCast Windows NT>
2008-04-25 21:51:53 0 d------c- C:\RUN_ME02
2008-04-25 21:51:44 86848 --a------ C:\WINDOWS\system\VBDB16.DLL <Not Verified; Microsoft Corporation; Visual Basic 4.0>
2008-04-25 21:51:44 2920 --a------ C:\WINDOWS\system\VBAJET.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-25 21:51:44 30992 --a------ C:\WINDOWS\system\VBA2ME.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-25 21:51:44 938496 --a------ C:\WINDOWS\system\VB40016.DLL <Not Verified; Microsoft Corporation; Visual Basic 4.0>
2008-04-25 21:51:44 177824 --a------ C:\WINDOWS\system\TYPELIB.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.03 for Windows>
2008-04-25 21:51:44 157696 --a------ C:\WINDOWS\system\STORAGE.DLL
2008-04-25 21:51:44 5120 --a------ C:\WINDOWS\system\STKIT416.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-25 21:51:44 12976 --a------ C:\WINDOWS\system\SCP.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-25 21:51:44 51712 --a------ C:\WINDOWS\system\OLE2PROX.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.02 for Windows>
2008-04-25 21:51:44 152944 --a------ C:\WINDOWS\system\OLE2NLS.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.03 for Windows>
2008-04-25 21:51:44 164960 --a------ C:\WINDOWS\system\OLE2DISP.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.03 for Windows>
2008-04-25 21:51:44 57328 --a------ C:\WINDOWS\system\OLE2CONV.DLL <Not Verified; Microsoft Corporation; Microsoft Graphic Filters>
2008-04-25 21:51:44 28113 --a------ C:\WINDOWS\system\OLE2.REG
2008-04-25 21:51:44 304640 --a------ C:\WINDOWS\system\OLE2.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.03 for Windows>
2008-04-25 21:51:44 64080 --a------ C:\WINDOWS\system\ODBCTL16.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-04-25 21:51:44 251184 --a------ C:\WINDOWS\system\ODBCJT16.DLL <Not Verified; Microsoft Corporation; Microsoft ODBC Desktop Driver Pack 2.>
2008-04-25 21:51:44 92576 --a------ C:\WINDOWS\system\ODBCINST.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-04-25 21:51:44 536048 --a------ C:\WINDOWS\system\OC25.DLL <Not Verified; Microsoft Corporation; Microsoft® OLE Controls Development Kit>
2008-04-25 21:51:44 15936 --a------ C:\WINDOWS\system\MSJETINT.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet Database Engine>
2008-04-25 21:51:44 11232 --a------ C:\WINDOWS\system\MSJETERR.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet Database Engine>
2008-04-25 21:51:44 995136 --a------ C:\WINDOWS\system\MSAJT200.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-04-25 21:51:44 45680 --a------ C:\WINDOWS\system\GSWDLL16.DLL <Not Verified; Bits Per Second Ltd; Graphics Server>
2008-04-25 21:51:44 276880 --a------ C:\WINDOWS\system\GSW16.EXE <Not Verified; Bits Per Second Ltd; Graphics Server>
2008-04-25 21:51:44 195584 --a------ C:\WINDOWS\system\GRDKRN16.DLL <Not Verified; Apex Software Corporation; APEXGRID>
2008-04-25 21:51:44 543584 --a------ C:\WINDOWS\system\DAO2516.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-25 21:51:44 27632 --a------ C:\WINDOWS\system\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2008-04-25 21:51:44 109056 --a------ C:\WINDOWS\system\COMPOBJ.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.03 for Windows>
2008-04-25 21:51:44 8768 --a------ C:\WINDOWS\system\ACCBIDI.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-04-25 21:49:32 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-25 21:49:31 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-25 20:42:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-25 20:04:05 0 d-------- C:\Documents and Settings\nipeal\Application Data\Adobe
2008-04-25 19:50:44 0 d-------- C:\Program Files\Canon
2008-04-25 19:47:33 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-25 19:04:13 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-04-25 19:04:11 0 d-------- C:\Program Files\CC2000
2008-04-25 19:03:59 0 d-------- C:\Program Files\MSN Messenger
2008-04-25 19:02:38 0 d------c- C:\VP-EYE
2008-04-25 19:01:50 9856 --a------ C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2008-04-25 19:01:42 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-04-25 19:01:38 0 d-------- C:\Program Files\ArcSoft
2008-04-25 18:57:52 0 d-------- C:\WINDOWS\PixArt
2008-04-25 18:57:52 0 d-------- C:\Program Files\PC Camera
2008-04-25 18:57:52 0 d-------- C:\Program Files\Common Files\PCCamera
2008-04-25 18:57:43 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-25 14:37:58 0 d---s---- C:\Documents and Settings\nipeal\UserData
2008-04-25 00:46:24 57344 --a------ C:\WINDOWS\system32\WMErrAra.dll <Not Verified; ‎‎Microsoft Corporation; ‎‎Microsoft® Windows Media Services>
2008-04-25 00:40:58 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-25 00:40:43 0 d-------- C:\Program Files\Real
2008-04-25 00:40:43 0 d-------- C:\Program Files\Common Files\Real
2008-04-25 00:40:25 0 d-------- C:\Documents and Settings\nipeal\Application Data\Real
2008-04-25 00:38:13 0 d-------- C:\Documents and Settings\nipeal\Application Data\Google
2008-04-25 00:35:29 0 d-------- C:\Documents and Settings\nipeal\Application Data\Macromedia
2008-04-25 00:35:24 0 d-------- C:\Program Files\Yahoo!
2008-04-24 23:00:12 0 d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-04-24 22:59:00 479232 --a------ C:\WINDOWS\system32\PICSDK.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-04-24 22:59:00 114688 --a------ C:\WINDOWS\system32\EpPicPrt.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-04-24 22:59:00 92240 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-04-24 22:59:00 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-04-24 22:59:00 1120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-04-24 22:59:00 1107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-04-24 22:59:00 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-04-24 22:59:00 1136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-04-24 22:59:00 1104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-04-24 22:59:00 1146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-04-24 22:59:00 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-04-24 22:59:00 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-04-24 22:59:00 4943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-04-24 22:59:00 21390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-04-24 22:59:00 11811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-04-24 22:59:00 24903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-04-24 22:59:00 20148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-04-24 22:59:00 26154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-04-24 22:59:00 65536 --a------ C:\WINDOWS\system32\EPPicMgr.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-04-24 22:56:07 0 d-------- C:\Program Files\epson
2008-04-24 22:42:26 360288 --a------ C:\WINDOWS\system32\drivers\ar5523.sys <Not Verified; WLAN Communications, Inc.; WLAN AR5005 Wireless USB Network Adapter>
2008-04-24 22:42:26 149392 --a------ C:\WINDOWS\system32\drivers\ar5523.bin
2008-04-24 22:42:26 44160 --a------ C:\WINDOWS\system32\athfmwdl.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-04-24 22:42:26 360288 --a------ C:\WINDOWS\system32\ar5523.sys <Not Verified; WLAN Communications, Inc.; WLAN AR5005 Wireless USB Network Adapter>
2008-04-24 22:42:26 149392 --a------ C:\WINDOWS\system32\ar5523.bin
2008-04-24 22:42:24 36864 --a------ C:\WINDOWS\system32\acs.exe
2008-04-24 22:42:20 249856 --a------ C:\WINDOWS\system32\wgapi.dll <Not Verified; WLAN; WLAN GUI API Library>
2008-04-24 22:42:20 237568 --a------ C:\WINDOWS\system32\wcapi.dll <Not Verified; Atheros; Atheros Client API Library>
2008-04-24 22:42:20 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-04-24 22:42:20 77824 --a------ C:\WINDOWS\system32\athcfg11res.dll <Not Verified; Atheros Communications, Inc.; Atheros Configuration API Res Dynamic Link Library>
2008-04-24 22:42:20 385024 --a------ C:\WINDOWS\system32\athcfg11.dll <Not Verified; Atheros; Atheros Configuration API Dynamic Link Library>
2008-04-24 22:42:20 192512 --a------ C:\WINDOWS\system32\AegisI5.exe <Not Verified; ; AegisInstall Application>
2008-04-24 22:42:20 1396835 --a------ C:\WINDOWS\system32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2008-04-24 22:42:20 0 d-------- C:\Program Files\WLAN
2008-04-24 22:41:07 0 d-------- C:\temp
2008-04-24 22:34:48 0 d-------- C:\Program Files\Common Files\L&H
2008-04-24 22:34:36 0 d-------- C:\Program Files\Microsoft.NET
2008-04-24 22:34:26 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-24 22:34:01 0 d-------- C:\Program Files\Microsoft Works
2008-04-24 22:33:49 0 d-------- C:\WINDOWS\SHELLNEW
2008-04-24 22:28:18 34304 -rahs---- C:\WINDOWS\system32\taskmger.com
2008-04-24 20:05:27 0 d-------- C:\WINDOWS\OPTIONS
2008-04-24 20:03:15 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-24 20:03:15 0 d-------- C:\Program Files\Intel
2008-04-24 20:02:52 6909 -ra------ C:\WINDOWS\system32\drivers\UIUSYS.SYS <Not Verified; Conexant Systems, Inc; UIU HW Access x86 Driver (SYS)>
2008-04-24 20:01:52 0 d-------- C:\Documents and Settings\nipeal\Application Data\InstallShield
2008-04-24 19:53:09 0 d-------- C:\WINDOWS\system32\RTCOM
2008-04-24 19:53:09 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-04-24 19:52:31 0 d-------- C:\Program Files\Realtek
2008-04-24 19:52:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-24 19:52:25 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-24 19:52:25 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-24 19:52:22 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-24 19:52:02 0 d-------- C:\WINDOWS\system32\x64
2008-04-24 19:52:02 0 d-------- C:\WINDOWS\system32\Lang
2008-04-24 19:51:52 204800 -ra------ C:\WINDOWS\system32\igfxCoIn_v1280.dll
2008-04-24 19:51:52 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-24 19:51:49 69632 -ra------ C:\WINDOWS\system32\oemdspif.dll <Not Verified; Intel Corporation; Intel® Common User Interface>
2008-04-24 19:51:48 249856 -ra------ C:\WINDOWS\system32\igfxTMM.dll <Not Verified; ; igfxTMM Module>
2008-04-24 19:51:45 2555904 -ra------ C:\WINDOWS\system32\igdumd32.dll <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows Vista®>
2008-04-24 19:51:43 1771008 -ra------ C:\WINDOWS\system32\drivers\igdkmd32.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows Vista®>
2008-04-24 19:43:09 0 d-------- C:\Documents and Settings\nipeal\Application Data\Identities
2008-04-24 19:43:01 0 d--h----- C:\Documents and Settings\nipeal\Templates
2008-04-24 19:43:01 0 dr------- C:\Documents and Settings\nipeal\Start Menu
2008-04-24 19:43:01 0 dr-h----- C:\Documents and Settings\nipeal\SendTo
2008-04-24 19:43:01 0 dr-h----- C:\Documents and Settings\nipeal\Recent
2008-04-24 19:43:01 0 d--h----- C:\Documents and Settings\nipeal\PrintHood
2008-04-24 19:43:01 1310720 --ah----- C:\Documents and Settings\nipeal\NTUSER.DAT
2008-04-24 19:43:01 0 d--h----- C:\Documents and Settings\nipeal\NetHood
2008-04-24 19:43:01 0 d--h----- C:\Documents and Settings\nipeal\Local Settings
2008-04-24 19:43:01 0 dr------- C:\Documents and Settings\nipeal\Favorites
2008-04-24 19:43:01 0 d-------- C:\Documents and Settings\nipeal\Desktop
2008-04-24 19:43:01 0 d---s---- C:\Documents and Settings\nipeal\Cookies
2008-04-24 19:43:01 0 dr-h----- C:\Documents and Settings\nipeal\Application Data
2008-04-24 19:41:57 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-24 19:41:56 0 d-------- C:\WINDOWS\Prefetch
2008-04-24 19:41:55 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-24 19:41:55 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-24 19:41:55 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-24 19:41:55 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-04-24 19:41:55 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-24 19:41:55 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-24 19:41:26 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-24 19:41:26 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-24 19:41:26 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-04-24 19:41:26 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-24 19:41:26 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-24 19:38:32 0 d-------- C:\WINDOWS\system32\xircom
2008-04-24 19:38:32 0 d-------- C:\Program Files\microsoft frontpage
2008-04-24 19:38:23 0 -rahs---- C:\MSDOS.SYS
2008-04-24 19:38:23 0 -rahs---- C:\IO.SYS
2008-04-24 19:38:23 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-24 19:38:23 0 --a------ C:\CONFIG.SYS
2008-04-24 19:38:23 0 --a------ C:\AUTOEXEC.BAT
2008-04-24 19:37:44 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-24 19:37:37 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-24 19:37:37 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-24 19:37:30 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-24 19:37:15 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-24 19:36:41 0 d---s---- C:\WINDOWS\Tasks
2008-04-24 19:36:40 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-24 19:36:35 0 d-------- C:\WINDOWS\srchasst
2008-04-24 19:36:34 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-24 19:36:25 0 d-------- C:\Program Files\Movie Maker
2008-04-24 19:36:16 0 d-------- C:\WINDOWS\system32\Restore
2008-04-24 19:35:43 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-24 19:35:40 0 d-------- C:\WINDOWS\Registration
2008-04-24 19:35:37 0 d-------- C:\Program Files\Online Services
2008-04-24 19:35:35 0 d-------- C:\Program Files\Messenger
2008-04-24 19:35:31 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-24 19:34:50 0 d-------- C:\Program Files\Windows NT
2008-04-24 19:34:47 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-24 19:34:45 0 d-------- C:\WINDOWS\system32\Com
2008-04-24 12:28:17 0 d--hs---- C:\WINDOWS\Installer
2008-04-24 12:28:16 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-24 12:28:13 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-24 12:28:12 0 dr------- C:\Program Files
2008-04-24 12:28:12 0 d-------- C:\Program Files\Common Files
2008-04-24 12:27:47 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-24 12:27:47 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-24 12:27:47 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-24 12:27:47 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-24 12:27:47 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-24 12:27:47 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-24 12:27:47 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-24 12:27:47 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-24 12:27:47 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-24 12:27:47 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-24 12:27:47 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-24 12:27:47 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-24 12:27:47 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-24 12:27:47 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-24 12:27:47 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-24 12:27:47 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-24 12:27:35 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-24 12:27:35 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-24 12:27:30 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-24 12:27:30 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-24 12:27:30 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-24 12:27:30 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-24 12:27:07 0 d--hs---- C:\System Volume Information
2008-04-24 12:27:07 0 d-------- C:\Documents and Settings
2008-04-24 12:21:20 0 d-------- C:\WINDOWS
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\WinSxS
2008-04-24 12:21:20 0 dr------- C:\WINDOWS\Web
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\twain_32
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\wins
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\wbem
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\usmt
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\spool
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\Setup
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\ras
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\oobe
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\npp
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\mui
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\IME
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\ias
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\export
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\drivers
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-24 12:21:20 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\config
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\3076
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\2052
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\1054
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\1042
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\1041
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\1037
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\1033
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\1031
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\1028
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system32\1025
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\system
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\security
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\Resources
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\repair
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\Provisioning
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\PeerNet
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\pchealth
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\NLDRV
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\mui
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\msapps
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\msagent
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\Media
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\java
2008-04-24 12:21:20 0 d--h----- C:\WINDOWS\inf
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\ime
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\Help
2008-04-24 12:21:20 0 dr--s---- C:\WINDOWS\Fonts
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\ehome
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\Driver Cache
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\Debug
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\Cursors
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\Config
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\AppPatch
2008-04-24 12:21:20 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-04-24 12:27:47 62 --ahs---- C:\Documents and Settings\nipeal\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/19/2007 10:57 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/19/2007 10:57 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/19/2007 10:57 PM]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 01:08 AM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 03:43 AM C:\WINDOWS\Alcmtr.exe]
"userd"="C:\WINDOWS\RECYCLER\systems.com" []
"ACU"="C:\Program Files\WLAN\ACU.exe" [01/05/2006 04:47 PM]
"EPSON Stylus CX3700 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.exe" [02/07/2005 05:00 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/25/2008 12:40 AM]
"Systry"="C:\WINDOWS\system32\notepad.exe" [08/03/2004 11:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [8/6/2003 1:23:32 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskmgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"DisableCMD"=0 (0x0)
"NoFolderOptions"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe taskmger.com"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systry]
C:\WINDOWS\system32\notepad.exe




-- End of Deckard's System Scanner: finished at 2008-04-28 02:00:32 ------------



-----------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------

(the ( extra.txt))



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: المعالج Intel Pentium II
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 1014 MiB / 661.45 MiB
Pagefile Memory (total/avail): 2443.98 MiB / 2143.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.14 MiB

C: is Fixed (NTFS) - 19.53 GiB total, 13.64 GiB free.
D: is Fixed (NTFS) - 19.53 GiB total, 19.46 GiB free.
E: is Fixed (NTFS) - 19.53 GiB total, 18.82 GiB free.
F: is Fixed (NTFS) - 15.93 GiB total, 15.83 GiB free.
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK8046GSX - 74.53 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 54.99 GiB - D: - E: - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\CC2000\\SmartPhone.exe"="C:\\Program Files\\CC2000\\SmartPhone.exe:*:Enabled:SmartPhone"
"C:\\WINDOWS\\system32\\CNAB4RPK.EXE"="C:\\WINDOWS\\system32\\CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\nipeal\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AHMED_HAJI-646B
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\nipeal
LOGONSERVER=\\AHMED_HAJI-646B
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 22 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1601
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\nipeal\LOCALS~1\Temp
TMP=C:\DOCUME~1\nipeal\LOCALS~1\Temp
USERDOMAIN=AHMED_HAJI-646B
USERNAME=nipeal
USERPROFILE=C:\Documents and Settings\nipeal
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

nipeal (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
ArcSoft VideoImpression 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B034FE9-02B5-4167-B8B6-5386AB2FB67F}\Setup.exe" -l0x9
Canon LBP2900 --> C:\Program Files\Canon\PrnUninstall\Canon LBP2900\CNAB4UN.EXE
CC2000 --> C:\WINDOWS\iun6002.exe "C:\Program Files\CC2000\irunin.ini"
Cda Product Service - shared component --> C:\WINDOWS\CdaC13BA.EXE /uninstall
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Image Clip Palette --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x9 -u
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESCX3700 User's Guide --> C:\Program Files\EPSON\TPMANUAL\ESCX3700\USE_G\DOCUNINS.EXE
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Microsoft Office OneNote 2003 --> MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600777}
PC Camera E --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{5ACAFB32-6336-4304-9766-B233ACEC0A8F}
PIF DESIGNER --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
SMSC Fast Infrared Driver --> C:\Program Files\InstallShield Installation Information\{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}\setup.exe -runfromtemp -l0x0009 -removeonly
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WLAN USB Client Installation Program For XP/2K V1.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2220A504-D171-4151-8D25-835F6499040D}\setup.exe" -l0x9 -removeonly
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type2138 / Error
Event Submitted/Written: 04/28/2008 01:39:49 AM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: STOPzilla -- Message 2350. FDI server error

Event Record #/Type2137 / Error
Event Submitted/Written: 04/28/2008 01:39:48 AM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: STOPzilla -- Message 2350. FDI server error

Event Record #/Type2136 / Error
Event Submitted/Written: 04/28/2008 01:39:48 AM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: STOPzilla -- Message 2350. FDI server error

Event Record #/Type2135 / Error
Event Submitted/Written: 04/28/2008 01:39:44 AM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: STOPzilla -- Message 2350. FDI server error

Event Record #/Type2134 / Error
Event Submitted/Written: 04/28/2008 01:39:42 AM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: STOPzilla -- Message 2350. FDI server error



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type564 / Warning
Event Submitted/Written: 04/25/2008 03:40:47 PM / 04/25/2008 03:41:15 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type525 / Warning
Event Submitted/Written: 04/25/2008 11:39:30 PM / 04/25/2008 11:39:58 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type486 / Warning
Event Submitted/Written: 04/25/2008 07:51:27 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver Canon LBP2900 for Windows NT x86 Version-3 was added or updated. Files:- CNAB4M.DLL, CNAB4MUI.DLL, LB2900AK.XPD, CNAB4.HLP, LB2900AK.UPD, CNAB4809.DLL, CNAB4STU.DLL, CNAB4INK.DAT, CNAB4SWK.EXE, CNAB4LAK.EXE, CNAB4SMK.DLL, CNAB4LMK.DLL, CNAB4RPK.EXE, CNAB4EMU.DLL, CNAB4PTU.DLL, CNAB4PMU.DLL, CNAB4UN.EXE, CNAB4UN.INI, CNAB4.CNT, CNXP0RSX.DLL, CNXP0RSW.DLL, CPC10SA4.DLL, CPC10DA4.EXE, CPC10QA4.EXE, CPC10EA4.DLL, CPC10VA4.EXE, CPC1UKA4.DLL, CPC1UKA4.CNT, CPC1UKA4.HLP, UCS32P.DLL, CNXPTN32.DLL, CNXPVT32.DLL, CNXPCP32.DLL, CNAB4DN.WAV, CNAB4ER.WAV, CNAB4SE.WAV, CNAB4RM.WAV, CNACCM32.DLL, CNLK.PRF, CNAC17E9.DAT.

Event Record #/Type485 / Warning
Event Submitted/Written: 04/25/2008 07:51:20 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver Canon LBP2900 for Windows NT x86 Version-3 was added or updated. Files:- CNAB4M.DLL, CNAB4MUI.DLL, LB2900AK.XPD, CNAB4.HLP, LB2900AK.UPD, CNAC17E9.DAT, CNAB4SMK.DLL, CNAB4PTU.DLL, CNAB4EMU.DLL, CNAB4RPK.EXE, CNAB4LMK.DLL, CNAB4.CNT, CPC10SA4.DLL, CPC10QA4.EXE, CNAB4809.DLL, CNAB4RM.WAV, CNAB4ER.WAV, CPC10EA4.DLL, CPC10DA4.EXE, CNAB4SE.WAV, CNXP0RSW.DLL, CNAB4DN.WAV, UCS32P.DLL, CNACCM32.DLL, CNXPTN32.DLL, CNXPCP32.DLL, CNXP0RSX.DLL, CNLK.PRF, CNXPVT32.DLL, CNAB4UN.INI, CNAB4UN.EXE, CPC1UKA4.HLP, CPC1UKA4.DLL, CPC10VA4.EXE, CPC1UKA4.CNT, CNAB4SWK.EXE, CNAB4STU.DLL, CNAB4PMU.DLL, CNAB4LAK.EXE, CNAB4INK.DAT.

Event Record #/Type467 / Warning
Event Submitted/Written: 04/25/2008 07:16:55 PM
Event ID/Source: 1006 / Dhcp
Event Description:
Your computer was unable to automatically configure the IP parameters for
the Network Card with the network address 00026F4E65C6. The following error occurred
during configuration: %%4100.



-- End of Deckard's System Scanner: finished at 2008-04-28 02:00:32 ------------

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:44 PM

Posted 28 April 2008 - 08:29 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Please post the contents of the log from DrWeb and a new DSS log in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:44 PM

Posted 22 May 2008 - 09:46 AM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users