Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: Trojan.Win32.VB.hfs


  • This topic is locked This topic is locked
12 replies to this topic

#1 Musad

Musad

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 03 December 2008 - 10:37 AM

Hello,
Recently got a infected by some malware and tried to remove it with no success. Had McAfee installed then tried AVG but still no go.


KASPERSKY ONLINE SCANNER 7 REPORT
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
 Wednesday, December 3, 2008
 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
 Kaspersky Online Scanner 7 version: 7.0.25.0
 Program database last update: Tuesday, December 02, 2008 20:35:17
 Records in database: 1432531
--------------------------------------------------------------------------------

Scan settings:
	Scan using the following database: extended
	Scan archives: yes
	Scan mail databases: yes

Scan area - My Computer:
	C:\
	D:\
	E:\

Scan statistics:
	Files scanned: 92032
	Threat name: 7
	Infected objects: 7
	Suspicious objects: 0
	Duration of the scan: 03:32:08


File name / Threat name / Threats count
C:\Documents and Settings\Essam\.housecall6.6\Quarantine\prunnet.exe.bac_a11928	Infected: Trojan.Win32.VB.hfs	1
C:\Documents and Settings\Essam\Local Settings\Temp\prun.tmp	Infected: Trojan.Win32.VB.hfp	1
C:\Documents and Settings\Essam\Local Settings\Temporary Internet Files\Content.IE5\2EBCLKPL\serve[1].htm	Infected: Trojan-Downloader.JS.Psyme.amg	1
C:\Documents and Settings\Essam\My Documents\GeekSquadMRI\xsrc-gsmri5.ISO	Infected: Backdoor.Win32.Hupigon.cilb	1
C:\Documents and Settings\Essam\My Documents\Mods\InfinityExists\CainAndAbel_setup.exe	Infected: not-a-virus:PSWTool.Win32.Cain.n	1
C:\Documents and Settings\Essam\My Documents\Mods\InfinityExists\CainAndAbel_setup.exe	Infected: not-a-virus:PSWTool.Win32.Cain.284	1
C:\Program Files\USE Application\USE Blocker.exe	Infected: Trojan-Spy.Win32.Pophot.gns	1

The selected area was scanned.

LOGFILE RANDOM'S SYSTEM INFORMATION TOOL 1.04
Logfile of random's system information tool 1.04 (written by random/random)
Run by Essam at 2008-12-03 10:25:41
Microsoft Windows XP Professional Service Pack 2
System drive C: has 27 GB (36%) free of 76 GB
Total RAM: 1022 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:05 AM, on 12/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\GridNetworks\Gridcast\GridcastSvc.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\GridNetworks\Gridcast\GridAlerts.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\Essam\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Essam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070905
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070905
O1 - Hosts: 172.30.50.4 onyx
O1 - Hosts: 172.30.6.45 atlgrid
O1 - Hosts: 172.30.204.114 sgi-r3dev
O1 - Hosts: 172.30.204.198 nd-qa-txe9
O1 - Hosts: 172.30.204.123 phl-txe
O1 - Hosts: 172.30.204.115 phl-dev-db
O1 - Hosts: 172.30.204.11 pr-dev-txe1
O1 - Hosts: 172.30.204.102 pr-dev-sql
O1 - Hosts: 172.30.204.104 pr-dev-rdb1
O1 - Hosts: 172.30.204.221 dv-txe5
O1 - Hosts: 172.30.204.125 sc-txe5
O1 - Hosts: 172.30.204.195 sc-txe9
O1 - Hosts: 172.30.204.220 dv-rdb5 devel-sc-gms
O1 - Hosts: 172.30.204.126 dv-rdb6
O1 - Hosts: 172.30.204.127 dv-rdb7
O1 - Hosts: 172.30.204.16 ia-txe5
O1 - Hosts: 172.30.204.196 ia-txe9
O1 - Hosts: 172.30.204.19 ia-rdb6 # (sec)
O1 - Hosts: 172.30.204.28 vt-txe9 # VT-QA-1 QC VM
O1 - Hosts: 172.30.204.26 vt-vqa-rdb1 # qc rdb
O1 - Hosts: 172.30.204.22 nh-txe8 # dev VM
O1 - Hosts: 172.30.204.25 nh-txe9 # qc
O1 - Hosts: 172.30.204.23 nh-vqa-rbd2 #RDB
O1 - Hosts: 172.30.204.14 me-txe8 # dev-txe
O1 - Hosts: 172.30.152.34 me-txe9 # dev-txe
O1 - Hosts: 172.30.3.27 usalpapp06
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\geBssSJc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: {c72d1abf-1895-55e9-1a94-0ffa0ee07c19} - {91c70ee0-aff0-49a1-9e55-5981fba1d27c} - C:\WINDOWS\system32\fuobdt.dll
O2 - BHO: (no name) - {EF40DF30-96DB-47A4-86E5-9F669321BF23} - C:\WINDOWS\system32\nnnmlMgh.dll (file missing)
O2 - BHO: banners4u browser enhancer - {F6B98E1C-A496-760F-2943-B4AA9A6133CE} - C:\WINDOWS\system32\kjpdsykfwaly.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{D8-8E-E7-7F-DW}] c:\windows\system32\rrwnw64s.exe DWmmm01
O4 - HKLM\..\Run: [duaewkqqxgo] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\kjpdsykfwaly.dll"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntnsdl.exe DWmmm01
O4 - HKLM\..\Run: [5c7d8ed0] rundll32.exe "C:\WINDOWS\system32\vtdpfmqa.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntnsdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rrwnw64s.exe
O4 - Global Startup: GridAlerts.lnk = C:\Program Files\GridNetworks\Gridcast\GridAlerts.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.nai.com (HKLM)
O15 - Trusted Zone: http://edocuments.scientificgames.com (HKLM)
O15 - Trusted Zone: http://edocument.scigames.com (HKLM)
O15 - Trusted Zone: http://edocuments.scigames.com (HKLM)
O15 - Trusted Zone: http://helpdesk.scigames.com (HKLM)
O15 - Trusted Zone: http://telecom.scigames.com (HKLM)
O15 - Trusted Zone: http://timecard.scigames.com (HKLM)
O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://labs.usa.hp.com/vdesk/terminal/InstallerControl.cab#version=6020,2008,0717,1611
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189621498314
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://labs.usa.hp.com/vdesk/terminal/urTermProxy.cab#version=6020,2008,0717,1602
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218820924883
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://labs.usa.hp.com/vdesk/terminal/urxhost.cab#version=6020,2008,0717,1606
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sgi.net
O17 - HKLM\Software\..\Telephony: DomainName = sgi.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sgi.net
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: fuobdt.dll,avgrsstx.dll
O20 - Winlogon Notify: geBssSJc - C:\WINDOWS\SYSTEM32\geBssSJc.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Gridcast Connector 2.0 (Gridcast) - GridNetworks, Inc. - C:\Program Files\GridNetworks\Gridcast\GridcastSvc.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12787 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\cfwfcixi.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-01 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\geBssSJc.dll [2008-12-01 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91c70ee0-aff0-49a1-9e55-5981fba1d27c}]
C:\WINDOWS\system32\fuobdt.dll [2008-12-01 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF40DF30-96DB-47A4-86E5-9F669321BF23}]
C:\WINDOWS\system32\nnnmlMgh.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6B98E1C-A496-760F-2943-B4AA9A6133CE}]
banners4u browser enhancer - C:\WINDOWS\system32\kjpdsykfwaly.dll [2008-11-24 366592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-10-18 802816]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-10-18 696320]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-03-21 7557120]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-10-16 111952]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2008-03-14 136512]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2005-12-04 461584]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-06-12 413696]
"{D8-8E-E7-7F-DW}"=c:\windows\system32\rrwnw64s.exe DWmmm01 []
"duaewkqqxgo"=C:\WINDOWS\System32\regsvr32.exe [2004-08-04 11776]
"ExploreUpdSched"=C:\WINDOWS\system32\mcntnsdl.exe DWmmm01 []
"5c7d8ed0"=C:\WINDOWS\system32\vtdpfmqa.dll [2008-12-01 72704]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-01 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
c:\dell\bldbubg.exe [2004-02-19 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
c:\dell\E-Center\EULALauncher.exe [2007-01-26 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-03-21 7557120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
C:\WINDOWS\system32\nvHotkey.dll [2006-03-21 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-08-17 1116920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2006-03-24 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TOSBTM~1.EXE [2005-06-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe  []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]
C:\PROGRA~1\WAVESY~1\SERVIC~1\SECURE~1\AUTOUP~1.EXE  []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
GridAlerts.lnk - C:\Program Files\GridNetworks\Gridcast\GridAlerts.exe

C:\Documents and Settings\Essam\Start Menu\Programs\Startup
Deewoo.lnk - C:\WINDOWS\system32\mcntnsdl.exe
DW_Start.lnk - C:\WINDOWS\system32\rrwnw64s.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="fuobdt.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geBssSJc]
C:\WINDOWS\system32\geBssSJc.dll [2008-12-01 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\geBssSJc.dll [2008-12-01 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\nnnmlMgh

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=WARNING
"legalnoticetext"=This is a Scientific Games computer system.  This computer system, including all related equipment, networks and network devices (specifically including internet access), are provided only for authorized company use.  Use of this Scientific Games computer system, authorized or unauthorized, constitutes consent to monitoring of this system.  Scientific Games computer systems may be monitored for all lawful purposes, including to ensure that their use is authorized, for
management of the system, to facilitate protection against unauthorized access, and to verify security procedures, survivability and operational security.  During monitoring, all information on or sent over the system, including personal information, may be examined, recorded, copied and used for authorized purposes.
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\GridNetworks\Gridcast\GridcastSvc.exe"="C:\Program Files\GridNetworks\Gridcast\GridcastSvc.exe:*:Enabled:Gridcast"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\GridNetworks\Gridcast\GridcastSvc.exe"="C:\Program Files\GridNetworks\Gridcast\GridcastSvc.exe:*:Enabled:Gridcast"

======List of files/folders created in the last 1 months======

2008-12-03 10:25:41 ----D---- C:\rsit
2008-12-02 20:50:09 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-01 21:33:22 ----HD---- C:\$AVG8.VAULT$
2008-12-01 21:21:51 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-01 21:19:34 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2008-12-01 21:19:32 ----D---- C:\Program Files\AVG
2008-12-01 21:19:29 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-01 20:03:45 ----SH---- C:\WINDOWS\system32\aqmfpdtv.ini
2008-12-01 20:03:41 ----A---- C:\WINDOWS\system32\vtdpfmqa.dll
2008-12-01 20:02:38 ----A---- C:\WINDOWS\system32\fuobdt.dll
2008-12-01 20:02:37 ----A---- C:\WINDOWS\system32\ajwqluqn.dll
2008-12-01 20:02:07 ----A---- C:\WINDOWS\system32\g2.exe
2008-12-01 19:26:53 ----D---- C:\Program Files\Trend Micro
2008-12-01 16:20:15 ----A---- C:\WINDOWS\system32\ufxhoj(2).dll
2008-12-01 16:18:05 ----A---- C:\WINDOWS\system32\575e4aae-.txt
2008-12-01 16:17:12 ----ASH---- C:\WINDOWS\system32\hgMlmnnn.ini2
2008-12-01 16:17:12 ----ASH---- C:\WINDOWS\system32\hgMlmnnn.ini
2008-12-01 16:15:06 ----A---- C:\WINDOWS\system32\xjzvvenhuwfplpk.dll-uninst.exe
2008-12-01 16:12:23 ----D---- C:\Program Files\Network Monitor
2008-12-01 16:12:19 ----SHD---- C:\WINDOWS\dGVzdA
2008-12-01 16:12:16 ----A---- C:\WINDOWS\system32\grydearzpb.exe
2008-12-01 16:12:08 ----D---- C:\WINDOWS\system32\uv9
2008-12-01 16:12:08 ----D---- C:\WINDOWS\system32\hov
2008-12-01 16:12:06 ----D---- C:\WINDOWS\system32\ki3
2008-12-01 16:12:05 ----D---- C:\WINDOWS\system32\bin
2008-12-01 16:12:04 ----D---- C:\WINDOWS\system32\VC
2008-12-01 16:12:00 ----D---- C:\Temp
2008-12-01 16:11:50 ----A---- C:\WINDOWS\system32\geBssSJc.dll
2008-11-24 11:42:14 ----A---- C:\WINDOWS\system32\kjpdsykfwaly.dll
2008-11-20 10:48:46 ----A---- C:\WINDOWS\system32\CcmFramework.ini
2008-11-20 10:47:42 ----D---- C:\WINDOWS\ms
2008-11-14 15:17:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-14 15:17:20 ----D---- C:\Program Files\Common Files\SourceTec
2008-11-14 15:17:18 ----D---- C:\Program Files\SourceTec

======List of files/folders modified in the last 1 months======

2008-12-03 10:22:22 ----D---- C:\WINDOWS\Temp
2008-12-03 10:18:27 ----D---- C:\WINDOWS\system32
2008-12-03 02:00:14 ----D---- C:\WINDOWS\Prefetch
2008-12-02 21:47:25 ----A---- C:\WINDOWS\smscfg.ini
2008-12-02 21:45:41 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-02 20:50:09 ----D---- C:\WINDOWS
2008-12-02 20:47:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-02 20:46:07 ----D---- C:\WINDOWS\security
2008-12-02 15:27:51 ----D---- C:\Program Files\Mozilla Firefox
2008-12-02 15:27:49 ----D---- C:\WINDOWS\system32\drivers
2008-12-02 14:50:56 ----D---- C:\WINDOWS\system32\Restore
2008-12-02 13:42:09 ----D---- C:\Quarantine
2008-12-02 10:12:45 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-01 21:51:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-01 21:47:22 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-01 21:45:57 ----SHD---- C:\WINDOWS\CSC
2008-12-01 21:44:37 ----D---- C:\Program Files\Microsoft IntelliPoint
2008-12-01 21:22:09 ----D---- C:\Documents and Settings
2008-12-01 21:19:54 ----HD---- C:\WINDOWS\inf
2008-12-01 21:19:32 ----RD---- C:\Program Files
2008-12-01 21:19:14 ----SHD---- C:\WINDOWS\Installer
2008-12-01 21:19:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-01 21:19:02 ----D---- C:\WINDOWS\WinSxS
2008-12-01 21:15:58 ----D---- C:\Documents and Settings\Essam\Application Data\Azureus
2008-12-01 20:15:14 ----D---- C:\Program Files\Azureus
2008-12-01 19:57:58 ----D---- C:\WINDOWS\system32\config
2008-12-01 19:57:34 ----D---- C:\WINDOWS\system32\wbem
2008-12-01 19:57:32 ----D---- C:\WINDOWS\Registration
2008-12-01 16:12:04 ----SD---- C:\WINDOWS\Tasks
2008-11-28 13:37:37 ----A---- C:\Documents and Settings\All Users\Application Data\L3.txt
2008-11-28 13:37:35 ----A---- C:\Documents and Settings\All Users\Application Data\L1.txt
2008-11-28 13:37:34 ----A---- C:\Documents and Settings\All Users\Application Data\AdDate.txt
2008-11-28 13:36:44 ----D---- C:\Program Files\Bin Checker
2008-11-28 13:30:15 ----D---- C:\Program Files\USE PANDORA
2008-11-20 10:49:22 ----D---- C:\WINDOWS\system32\ccmsetup
2008-11-20 10:48:57 ----D---- C:\WINDOWS\system32\CCM
2008-11-19 12:46:11 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-19 12:45:09 ----D---- C:\Program Files\Microsoft SQL Server
2008-11-18 15:49:40 ----RSD---- C:\WINDOWS\assembly
2008-11-14 15:17:20 ----D---- C:\Program Files\Common Files
2008-11-13 15:29:18 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-11 14:15:04 ----SD---- C:\Documents and Settings\Essam\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-01 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-01 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-01 90632]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2007-10-16 51944]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-09-05 21425]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-10-19 12544]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-01 29208]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-11-10 142720]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-12-27 23552]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-01-28 61312]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2007-10-16 64168]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-10-16 72680]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-10-16 33960]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-10-16 171272]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-10-16 1711104]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-21 3652128]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-01 21760]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 smsmdd;smsmdd; C:\WINDOWS\system32\DRIVERS\smsmdm.sys [2008-04-08 12448]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-06-13 111232]
R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-05-29 60672]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-06-09 40192]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-20 58240]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 i2ompp;i2ompp; C:\WINDOWS\System32\drivers\i2ompp.sys []
S1 Tosrfcom;Tosrfcom; C:\WINDOWS\system32\drivers\Tosrfcom.sys [2005-08-01 64896]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-01 29208]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 giveio;giveio; \??\C:\WINDOWS\system32\giveio.sys []
S3 idisw2km;idisw2km; C:\WINDOWS\system32\DRIVERS\idisw2km.sys []
S3 kbstuff;SMS Virtual Keyboard; C:\WINDOWS\system32\DRIVERS\kbstuff5.sys []
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
S3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-01 231704]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-12-01 1212184]
R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2008-05-20 757792]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2007-12-27 423280]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-10-18 434176]
R2 Gridcast;Gridcast Connector 2.0; C:\Program Files\GridNetworks\Gridcast\GridcastSvc.exe [2008-09-25 25944]
R2 JuniperAccessService;Juniper Unified Network Service; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2007-07-27 87416]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2008-03-14 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2007-10-16 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2007-10-16 54608]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MsDtsServer;SQL Server Integration Services; C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2008-02-26 205840]
R2 msftesql;SQL Server FullText Search (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2006-08-28 92952]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 MSSQLServerOLAPService;SQL Server Analysis Services (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2008-02-26 14894608]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2007-05-14 475136]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-21 143428]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-10-18 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-10-18 946176]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-10-18 290816]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 smstsmgr;SMS Task Sequence Agent; C:\WINDOWS\system32\CCM\TSManager.exe [2008-05-20 249888]
S3 SQLSERVERAGENT;SQL Server Agent (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2007-02-10 344944]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S4 Bluetooth Hid Switch Service;Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [2005-08-30 188416]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

info.txt LOGFILE RANDOM'S SYSTEM INFORMATION TOOL 1.04
info.txt logfile of random's system information tool 1.04 2008-12-03 10:26:13

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
BayGenie eBay Auction Sniper Pro Edition 3.1.6.0-->"C:\Program Files\BayGenie\ProEdition\unins000.exe"
BinChecker-->"C:\Program Files\Bin Checker\unins000.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Broadcom Advanced Control Suite-->MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Channel Master-->"C:\Program Files\SharpC\Channel Master\uninstall.exe"
Citrix Presentation Server Web Client for Win32-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\icaweb.inf,DefaultUninstall
Collectorz.com Game Collector-->C:\PROGRA~1\COLLEC~1.COM\GAMECO~1\UNWISE.EXE C:\PROGRA~1\COLLEC~1.COM\GAMECO~1\install.log
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Deewoo Network Manager removal-->C:\WINDOWS\system32\mcntnsdl.exe -UPop
GDR 1406 for SQL Server Database Services 2005 ENU (KB932557)-->C:\WINDOWS\SQL9_KB932557_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Analysis Services 2005 ENU (KB948109)-->C:\WINDOWS\OLAP9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Integration Services 2005 ENU (KB948109)-->C:\WINDOWS\DTS9_KB948109_ENU\Hotfix.exe /Uninstall
Gridcast-->MsiExec.exe /X{6C4CC6AD-4251-4753-B791-9A4B4FD0A8A3}
Hex Workshop v4.23-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BreakPoint Software\Hex Workshop 4.2\hw41unin.isu"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Juniper Installer Service-->MsiExec.exe /X{93056DCB-B067-4CD4-8739-F4BAAC78CDDC}
Juniper Networks Network Connect 5.3.0-->"C:\Program Files\Juniper Networks\Network Connect 5.3.0\uninstall.exe"
Juniper Networks Network Connect 5.5.0-->"C:\Program Files\Juniper Networks\Network Connect 5.5.0\uninstall.exe"
Juniper Networks Network Connect 6.0.0-->"C:\Program Files\Juniper Networks\Network Connect 6.0.0\uninstall.exe"
Lexmark Software Uninstall-->C:\Program Files\Lexmark_HostCD\Install\Uninstall.exe
Magic ISO Maker v5.5 (build 0272)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Standard 2003-->MsiExec.exe /I{903A0409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Analysis Services-->MsiExec.exe /I{8ABF8FEB-ABB0-40DC-9945-85AF36EF30A9}
Microsoft SQL Server 2005 Backward compatibility-->MsiExec.exe /I{69880C00-08DD-4385-B752-9C62656F6D1E}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Integration Services-->MsiExec.exe /I{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools-->MsiExec.exe /I{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005-->MsiExec.exe /I{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual SourceSafe 6.0-->"C:\Program Files\Microsoft Visual Studio\VSS\setup\win32\1033\Setup.exe"
Microsoft Visual Studio 2005 Premier Partner Edition - ENU-->MsiExec.exe /I{C25EF637-BE7A-4761-9B45-9069989C319F}
Microsoft Visual Studio 2005 Professional Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
MySidesearch Search Assistant Bfinding-->C:\WINDOWS\system32\xjzvvenhuwfplpk.dll-uninst.exe
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9  -cluninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RDC-->"C:\WINDOWS\$UninstallRDC$\spuninst\spuninst.exe"
RON Tool Banners4u-->C:\WINDOWS\system32\grydearzpb.exe
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Sothink SWF Decompiler-->"C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe"
SQLXML4-->MsiExec.exe /I{36DD7006-7BFE-4E3D-AF6E-FA734BC879B7}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB916846)-->"C:\WINDOWS\$NtUninstallKB916846$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB923845)-->"C:\WINDOWS\$NtUninstallKB923845$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
USE Installer-->"C:\Program Files\USE Application\unins000.exe"
USE PANDORA-->"C:\Program Files\USE PANDORA\unins000.exe"
WIMGAPI-->MsiExec.exe /I{721ABC3B-5F12-4332-9C0C-C11424EF666C}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.1.3 beta-->"C:\Program Files\WinSCP\unins000.exe"

=====HijackThis Backups=====

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dGVzdA\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

======Hosts File======

172.30.50.4	onyx
172.30.6.45	 atlgrid
10.10.10.11	 quicksys1
192.168.90.65	pe-txe5
172.30.204.114  sgi-r3dev 
192.168.90.13   nd-txe5
192.168.90.14   nd-rdb5
192.168.175.5   dr-txe3 nd-txe-qa
172.30.204.198  nd-qa-txe9
10.103.150.14   nd-txe4-ops	# OPS TEST BOX

======Security center information======

AV: AVG Internet Security
AV: McAfee VirusScan Enterprise
FW: AVG Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\GridNetworks\Gridcast\;C:\Program Files\Windows Imaging\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"lib"=C:\Program Files\SQLXML 4.0\bin\
"VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"UATDATA"=C:\WINDOWS\system32\CCM\UATData\D9F8C395-CAB8-491d-B8AC-179A1FE1BE77

-----------------EOF-----------------

Thank you in advance for any help..

M

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:02 PM

Posted 15 December 2008 - 10:00 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Musad

Musad
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 15 December 2008 - 12:56 PM

Hello Koan Yorel, thank you for the welcomes..

Not need for the apologize it is very understandable that you guys are busy.

I ran Malwarebytes’ Anti-Malware, and it seems to have solved my problems, but I would like my log files checked just to make sure everything has been removed.

Thanks in advance for any help..

M



DDS (Version 1.0.1) - NTFSx86  
Run by Essam at 12:50:14.96 on Mon 12/15/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1022.387 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
svchost.exe
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
C:\Documents and Settings\Essam\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070905
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {EF40DF30-96DB-47A4-86E5-9F669321BF23} - c:\windows\system32\nnnmlMgh.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll tbezsp.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\essam\applic~1\mozilla\firefox\profiles\eah75cq3.default\

============= SERVICES / DRIVERS ===============

PP2 McShield;McAfee McShield;"c:\program files\mcafee\virusscan enterprise\Mcshield.exe" [2007-10-16 144704]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-1 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-1 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-1 26824]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-1 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-1 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2008-12-1 1212184]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2007-7-27 87416]
R2 McAfeeFramework;McAfee Framework Service;"c:\program files\mcafee\common framework\FrameworkService.exe" /ServiceStart [2007-9-12 103744]
R2 McTaskManager;McAfee Task Manager;"c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe" [2007-10-16 54608]
R2 MsDtsServer;SQL Server Integration Services;"c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe" [2008-2-26 205840]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-1 29208]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-9-12 72680]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-9-12 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-9-12 171272]
S1 i2ompp;i2ompp;c:\windows\system32\drivers\i2ompp.sys []
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-1 29208]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe" /service msvsmon80 

[2006-12-2 2805000]

=============== Created Last 30 ================

2008-12-04 13:26	<DIR>	--d-----	c:\docume~1\essam\applic~1\Malwarebytes
2008-12-04 13:26	15,504	a-------	c:\windows\system32\drivers\mbam.sys
2008-12-04 13:26	38,496	a-------	c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 13:26	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-04 13:26	<DIR>	--d-----	c:\program files\Malwarebytes' Anti-Malware
2008-12-04 12:06	<DIR>	--d-----	C:\VundoFix Backups
2008-12-02 15:27	102,664	a-------	c:\windows\system32\drivers\tmcomm.sys
2008-12-02 15:27	<DIR>	--d-----	c:\documents and settings\essam\.housecall6.6
2008-12-01 21:44	<DIR>	--d-----	c:\documents and settings\essam\WINDOWS
2008-12-01 21:33	<DIR>	--d-h---	C:\$AVG8.VAULT$
2008-12-01 21:21	10,520	a-------	c:\windows\system32\avgrsstx.dll
2008-12-01 21:21	12,936	a-------	c:\windows\system32\drivers\avgrkx86.sys
2008-12-01 21:21	90,632	a-------	c:\windows\system32\drivers\avgtdix.sys
2008-12-01 21:21	98,440	a-------	c:\windows\system32\drivers\avgldx86.sys
2008-12-01 21:21	<DIR>	--d-----	c:\windows\system32\drivers\Avg
2008-12-01 21:19	50,968	a-------	c:\windows\system32\avgfwdx.dll
2008-12-01 21:19	29,208	a-------	c:\windows\system32\drivers\avgfwdx.sys
2008-12-01 21:19	<DIR>	--d-----	c:\program files\AVG
2008-12-01 21:19	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\avg8
2008-12-01 20:03	1,407,337	---sh---	c:\windows\system32\aqmfpdtv.ini
2008-12-01 20:02	190,946	a-------	c:\windows\system32\g2.exe
2008-12-01 19:26	<DIR>	--d-----	c:\program files\Trend Micro
2008-12-01 16:17	873,048	a--sh---	c:\windows\system32\hgMlmnnn.ini2
2008-12-01 16:17	873,048	a--sh---	c:\windows\system32\hgMlmnnn.ini
2008-12-01 16:12	<DIR>	--dsh---	c:\windows\dGVzdA
2008-12-01 16:12	47,598	a-------	c:\windows\system32\grydearzpb.exe
2008-12-01 16:12	<DIR>	--d-----	c:\temp\DIV55
2008-12-01 16:12	<DIR>	--d-----	c:\windows\system32\uv9
2008-12-01 16:12	<DIR>	--d-----	c:\windows\system32\hov
2008-12-01 16:12	<DIR>	--d-----	c:\temp\1cb
2008-12-01 16:12	<DIR>	--d-----	c:\windows\system32\ki3
2008-12-01 16:12	<DIR>	--d-----	c:\windows\system32\bin
2008-12-01 16:12	<DIR>	--d-----	c:\windows\system32\VC
2008-12-01 16:12	<DIR>	--d-----	C:\Temp
2008-11-20 10:48	4,764	a-------	c:\windows\system32\CcmFramework.ini
2008-11-20 10:48	621	a-------	c:\windows\system32\CcmFramework.h
2008-11-20 10:47	<DIR>	--d-----	c:\windows\ms

==================== Find3M  ====================

2008-10-27 13:43	57,431	a-------	c:\windows\system32\nvModes.dat
2008-10-15 11:57	332,800	--------	c:\windows\system32\dllcache\netapi32.dll
2008-10-03 12:41	6,066,176	--------	c:\windows\system32\dllcache\ieframe.dll

============= FINISH: 12:50:57.94 ===============

Attached Files



#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:08:02 PM

Posted 15 December 2008 - 12:59 PM

Hang on - we hope an HJT tech will respond shortly.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:02 PM

Posted 15 December 2008 - 02:36 PM

Hi, Musad :thumbsup:

Welcome.

Please download VundoFix.exe to your desktop.

Note: In the event you already have Vundofix, this is a new version that I need you to download.
  • Double-click VundoFix.exe to run it.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console upon request.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 Musad

Musad
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 15 December 2008 - 03:51 PM

Hello JSntgRvr,

VundoFix.txt

VundoFix V7.0.6

Scan started at 12:06:08 PM 12/4/2008

Listing files found while scanning....

No infected files were found.


VundoFix V7.0.6

Scan started at 3:22:31 PM 12/15/2008

Listing files found while scanning....

No infected files were found.

ComboFix.txt
ComboFix 08-12-15.01 - Essam 2008-12-15 15:46:16.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1022.347 [GMT -5:00]
Running from: c:\documents and settings\Essam\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Essam\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\windows\system32\aqmfpdtv.ini
c:\windows\system32\bin
c:\windows\system32\hgMlmnnn.ini
c:\windows\system32\hgMlmnnn.ini2
c:\windows\system32\ki3
c:\windows\system32\uv9
c:\windows\system32\VC
c:\windows\Tasks\cfwfcixi.job

----- BITS: Possible infected sites -----

hxxp://ALPSCCM01.SGI.NET:80
.
(((((((((((((((((((((((((   Files Created from 2008-11-15 to 2008-12-15  )))))))))))))))))))))))))))))))
.

2008-12-04 13:26 . 2008-12-04 13:26	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware
2008-12-04 13:26 . 2008-12-04 13:26	<DIR>	d--------	c:\documents and settings\Essam\Application Data\Malwarebytes
2008-12-04 13:26 . 2008-12-04 13:26	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-04 13:26 . 2008-12-03 19:54	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 13:26 . 2008-12-03 19:54	15,504	--a------	c:\windows\system32\drivers\mbam.sys
2008-12-04 12:06 . 2008-12-04 12:06	<DIR>	d--------	C:\VundoFix Backups
2008-12-03 10:25 . 2008-12-03 10:26	<DIR>	d--------	C:\rsit
2008-12-02 15:27 . 2008-12-02 20:44	<DIR>	d--------	c:\documents and settings\Essam\.housecall6.6
2008-12-02 15:27 . 2008-12-02 15:27	102,664	--a------	c:\windows\system32\drivers\tmcomm.sys
2008-12-01 21:44 . 2008-12-01 21:44	<DIR>	d--------	c:\documents and settings\Essam\WINDOWS
2008-12-01 21:33 . 2008-12-03 10:54	<DIR>	d--h-----	C:\$AVG8.VAULT$
2008-12-01 21:21 . 2008-12-15 12:37	<DIR>	d--------	c:\windows\system32\drivers\Avg
2008-12-01 21:21 . 2008-12-01 21:21	98,440	--a------	c:\windows\system32\drivers\avgldx86.sys
2008-12-01 21:21 . 2008-12-01 21:21	90,632	--a------	c:\windows\system32\drivers\avgtdix.sys
2008-12-01 21:21 . 2008-12-01 21:21	12,936	--a------	c:\windows\system32\drivers\avgrkx86.sys
2008-12-01 21:21 . 2008-12-01 21:21	10,520	--a------	c:\windows\system32\avgrsstx.dll
2008-12-01 21:19 . 2008-12-01 21:19	<DIR>	d--------	c:\program files\AVG
2008-12-01 21:19 . 2008-12-01 21:19	<DIR>	d--------	c:\documents and settings\All Users\Application Data\avg8
2008-12-01 21:19 . 2008-12-01 21:19	50,968	--a------	c:\windows\system32\avgfwdx.dll
2008-12-01 21:19 . 2008-12-01 21:19	29,208	--a------	c:\windows\system32\drivers\avgfwdx.sys
2008-12-01 21:15 . 2008-12-01 21:22	8,192	--a------	c:\documents and settings\test
2008-12-01 20:02 . 2008-12-01 20:02	190,946	--a------	c:\windows\system32\g2.exe
2008-12-01 19:26 . 2008-12-01 19:26	<DIR>	d--------	c:\program files\Trend Micro
2008-12-01 16:12 . 2008-12-04 14:42	<DIR>	d--------	c:\windows\system32\hov
2008-12-01 16:12 . 2008-12-02 20:40	<DIR>	d--hs----	c:\windows\dGVzdA
2008-12-01 16:12 . 2008-12-15 15:46	<DIR>	d--------	C:\Temp
2008-12-01 16:12 . 2008-12-01 16:12	47,598	--a------	c:\windows\system32\grydearzpb.exe
2008-11-20 10:48 . 2008-11-20 10:48	4,764	--a------	c:\windows\system32\CcmFramework.ini
2008-11-20 10:48 . 2008-11-20 10:48	621	--a------	c:\windows\system32\CcmFramework.h
2008-11-20 10:47 . 2008-11-20 10:47	<DIR>	d--------	c:\windows\ms

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 18:05	---------	d-----w	c:\program files\USE Application
2008-12-09 01:40	---------	d-----w	c:\program files\USE PANDORA
2008-12-06 08:49	---------	d-----w	c:\documents and settings\Essam\Application Data\Azureus
2008-12-02 02:44	---------	d-----w	c:\program files\Microsoft IntelliPoint
2008-12-02 01:15	---------	d-----w	c:\program files\Azureus
2008-11-28 18:36	---------	d-----w	c:\program files\Bin Checker
2008-11-24 21:28	---------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP
2008-11-19 17:46	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-19 17:45	---------	d-----w	c:\program files\Microsoft SQL Server
2008-11-14 20:17	---------	d-----w	c:\program files\SourceTec
2008-11-14 20:17	---------	d-----w	c:\program files\Common Files\SourceTec
2008-10-30 14:56	---------	d-----w	c:\program files\Windows Imaging
2008-10-15 16:57	332,800	------w	c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41	6,066,176	------w	c:\windows\system32\dllcache\ieframe.dll
2008-09-15 11:57	1,846,016	----a-w	c:\windows\system32\win32k.sys
2008-09-15 11:57	1,846,016	------w	c:\windows\system32\dllcache\win32k.sys
2008-11-21 15:37	67,696	----a-w	c:\program files\mozilla firefox\components\jar50.dll
2008-11-21 15:37	54,376	----a-w	c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-21 15:37	34,952	----a-w	c:\program files\mozilla firefox\components\myspell.dll
2008-11-21 15:37	46,720	----a-w	c:\program files\mozilla firefox\components\spellchk.dll
2008-11-21 15:37	172,144	----a-w	c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-16 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2008-03-14 136512]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-12 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-01 1261336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll tbezsp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-94899944-1707239631-924725345-4708\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=Start.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-94899944-1707239631-924725345-4708\Scripts\Logon\1\[u]0[/u]]
"Script"=MIS-login.vbs

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
backup=c:\windows\pss\EMBASSY Trust Suite Secure Update.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2004-02-19 06:23 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2007-05-14 14:23 1191936 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2007-01-26 09:08 18944 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-03-21 19:03 7557120 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2006-10-20 17:23 118784 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2006-08-17 09:00 1116920 c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-08 11:48 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
--a------ 2006-03-21 19:03 73728 c:\windows\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-03-21 19:03 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-24 16:30 282624 c:\windows\stsystra.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-12-01 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-01 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-01 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-01 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-12-01 1212184]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2007-07-27 87416]
R2 MsDtsServer;SQL Server Integration Services;"c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2008-02-26 205840]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-12-01 29208]
S1 i2ompp;i2ompp;c:\windows\system32\drivers\i2ompp.sys []
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-12-01 29208]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2006-12-02 2805000]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

BHO-{EF40DF30-96DB-47A4-86E5-9F669321BF23} - c:\windows\system32\nnnmlMgh.dll
HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
MSConfigStartUp-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

c:\windows\Downloaded Program Files\JuniperSetupClient.ocx - c:\windows\Downloaded Program Files\JuniperExt.exe
O16 -: {F27237D7-93C8-44C2-AC6E-D6057B9A918F}
hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
c:\windows\Downloaded Program Files\JuniperSetupClient.INF
FF - ProfilePath - c:\documents and settings\Essam\Application Data\Mozilla\Firefox\Profiles\eah75cq3.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 15:48:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1528)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(1624)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-15 15:48:45
ComboFix-quarantined-files.txt  2008-12-15 20:48:38

Pre-Run: 30,428,299,264 bytes free
Post-Run: 31,471,468,544 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

212	--- E O F ---	2008-11-19 17:47:46

Thank you,
M

#7 Musad

Musad
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 15 December 2008 - 03:53 PM

Sorry forgot the hijackthis.log...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:32 PM, on 12/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070905
O1 - Hosts: 172.30.50.4 onyx
O1 - Hosts: 172.30.6.45 atlgrid
O1 - Hosts: 172.30.204.114 sgi-r3dev
O1 - Hosts: 172.30.204.198 nd-qa-txe9
O1 - Hosts: 172.30.204.123 phl-txe
O1 - Hosts: 172.30.204.115 phl-dev-db
O1 - Hosts: 172.30.204.11 pr-dev-txe1
O1 - Hosts: 172.30.204.102 pr-dev-sql
O1 - Hosts: 172.30.204.104 pr-dev-rdb1
O1 - Hosts: 172.30.204.221 dv-txe5
O1 - Hosts: 172.30.204.125 sc-txe5
O1 - Hosts: 172.30.204.195 sc-txe9
O1 - Hosts: 172.30.204.220 dv-rdb5 devel-sc-gms
O1 - Hosts: 172.30.204.126 dv-rdb6
O1 - Hosts: 172.30.204.127 dv-rdb7
O1 - Hosts: 172.30.204.16 ia-txe5
O1 - Hosts: 172.30.204.196 ia-txe9
O1 - Hosts: 172.30.204.19 ia-rdb6 # (sec)
O1 - Hosts: 172.30.204.28 vt-txe9 # VT-QA-1 QC VM
O1 - Hosts: 172.30.204.26 vt-vqa-rdb1 # qc rdb
O1 - Hosts: 172.30.204.22 nh-txe8 # dev VM
O1 - Hosts: 172.30.204.25 nh-txe9 # qc
O1 - Hosts: 172.30.204.23 nh-vqa-rbd2 #RDB
O1 - Hosts: 172.30.204.14 me-txe8 # dev-txe
O1 - Hosts: 172.30.152.34 me-txe9 # dev-txe
O1 - Hosts: 172.30.3.27 usalpapp06
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.nai.com (HKLM)
O15 - Trusted Zone: http://edocuments.scientificgames.com (HKLM)
O15 - Trusted Zone: http://edocument.scigames.com (HKLM)
O15 - Trusted Zone: http://edocuments.scigames.com (HKLM)
O15 - Trusted Zone: http://helpdesk.scigames.com (HKLM)
O15 - Trusted Zone: http://telecom.scigames.com (HKLM)
O15 - Trusted Zone: http://timecard.scigames.com (HKLM)
O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://labs.usa.hp.com/vdesk/terminal/InstallerControl.cab#version=6020,2008,0717,1611
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189621498314
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://labs.usa.hp.com/vdesk/terminal/urTermProxy.cab#version=6020,2008,0717,1602
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218820924883
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://labs.usa.hp.com/vdesk/terminal/urxhost.cab#version=6020,2008,0717,1606
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sgi.net
O17 - HKLM\Software\..\Telephony: DomainName = sgi.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sgi.net
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll tbezsp.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10857 bytes


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:02 PM

Posted 15 December 2008 - 08:19 PM

Hi, Musad :thumbsup:

Download the HostsXpert 4.2 - Hosts File Manager.
  • Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
  • Run HostsXpert 4.2 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

======================================

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
Suspect::c:\windows\system32\grydearzpb.exeDriver::i2omppRegistry::[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"="avgrsstx.dll"

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log.

Additonally, ComboFix will generate a zipped file on the (Main Drive ):\Qoobox\Quarantine\ called Submit [Date Time].zip

Please submit this file to:

http://www.bleepingcomputer.com/submit-malware.php?channel=4

Please include a link to this topic in the message.

======================================


Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u11-windows-i586-p.exe) and select "Run as an Administrator.")

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Musad

Musad
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 16 December 2008 - 01:07 AM

Hello again,

ComboFix 08-12-15.01 - Essam 2008-12-15 15:46:16.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1022.347 [GMT -5:00]
Running from: c:\documents and settings\Essam\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Essam\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\windows\system32\aqmfpdtv.ini
c:\windows\system32\bin
c:\windows\system32\hgMlmnnn.ini
c:\windows\system32\hgMlmnnn.ini2
c:\windows\system32\ki3
c:\windows\system32\uv9
c:\windows\system32\VC
c:\windows\Tasks\cfwfcixi.job

----- BITS: Possible infected sites -----

hxxp://ALPSCCM01.SGI.NET:80
.
(((((((((((((((((((((((((   Files Created from 2008-11-15 to 2008-12-15  )))))))))))))))))))))))))))))))
.

2008-12-04 13:26 . 2008-12-04 13:26	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware
2008-12-04 13:26 . 2008-12-04 13:26	<DIR>	d--------	c:\documents and settings\Essam\Application Data\Malwarebytes
2008-12-04 13:26 . 2008-12-04 13:26	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-04 13:26 . 2008-12-03 19:54	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 13:26 . 2008-12-03 19:54	15,504	--a------	c:\windows\system32\drivers\mbam.sys
2008-12-04 12:06 . 2008-12-04 12:06	<DIR>	d--------	C:\VundoFix Backups
2008-12-03 10:25 . 2008-12-03 10:26	<DIR>	d--------	C:\rsit
2008-12-02 15:27 . 2008-12-02 20:44	<DIR>	d--------	c:\documents and settings\Essam\.housecall6.6
2008-12-02 15:27 . 2008-12-02 15:27	102,664	--a------	c:\windows\system32\drivers\tmcomm.sys
2008-12-01 21:44 . 2008-12-01 21:44	<DIR>	d--------	c:\documents and settings\Essam\WINDOWS
2008-12-01 21:33 . 2008-12-03 10:54	<DIR>	d--h-----	C:\$AVG8.VAULT$
2008-12-01 21:21 . 2008-12-15 12:37	<DIR>	d--------	c:\windows\system32\drivers\Avg
2008-12-01 21:21 . 2008-12-01 21:21	98,440	--a------	c:\windows\system32\drivers\avgldx86.sys
2008-12-01 21:21 . 2008-12-01 21:21	90,632	--a------	c:\windows\system32\drivers\avgtdix.sys
2008-12-01 21:21 . 2008-12-01 21:21	12,936	--a------	c:\windows\system32\drivers\avgrkx86.sys
2008-12-01 21:21 . 2008-12-01 21:21	10,520	--a------	c:\windows\system32\avgrsstx.dll
2008-12-01 21:19 . 2008-12-01 21:19	<DIR>	d--------	c:\program files\AVG
2008-12-01 21:19 . 2008-12-01 21:19	<DIR>	d--------	c:\documents and settings\All Users\Application Data\avg8
2008-12-01 21:19 . 2008-12-01 21:19	50,968	--a------	c:\windows\system32\avgfwdx.dll
2008-12-01 21:19 . 2008-12-01 21:19	29,208	--a------	c:\windows\system32\drivers\avgfwdx.sys
2008-12-01 21:15 . 2008-12-01 21:22	8,192	--a------	c:\documents and settings\test
2008-12-01 20:02 . 2008-12-01 20:02	190,946	--a------	c:\windows\system32\g2.exe
2008-12-01 19:26 . 2008-12-01 19:26	<DIR>	d--------	c:\program files\Trend Micro
2008-12-01 16:12 . 2008-12-04 14:42	<DIR>	d--------	c:\windows\system32\hov
2008-12-01 16:12 . 2008-12-02 20:40	<DIR>	d--hs----	c:\windows\dGVzdA
2008-12-01 16:12 . 2008-12-15 15:46	<DIR>	d--------	C:\Temp
2008-12-01 16:12 . 2008-12-01 16:12	47,598	--a------	c:\windows\system32\grydearzpb.exe
2008-11-20 10:48 . 2008-11-20 10:48	4,764	--a------	c:\windows\system32\CcmFramework.ini
2008-11-20 10:48 . 2008-11-20 10:48	621	--a------	c:\windows\system32\CcmFramework.h
2008-11-20 10:47 . 2008-11-20 10:47	<DIR>	d--------	c:\windows\ms

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 18:05	---------	d-----w	c:\program files\USE Application
2008-12-09 01:40	---------	d-----w	c:\program files\USE PANDORA
2008-12-06 08:49	---------	d-----w	c:\documents and settings\Essam\Application Data\Azureus
2008-12-02 02:44	---------	d-----w	c:\program files\Microsoft IntelliPoint
2008-12-02 01:15	---------	d-----w	c:\program files\Azureus
2008-11-28 18:36	---------	d-----w	c:\program files\Bin Checker
2008-11-24 21:28	---------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP
2008-11-19 17:46	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-19 17:45	---------	d-----w	c:\program files\Microsoft SQL Server
2008-11-14 20:17	---------	d-----w	c:\program files\SourceTec
2008-11-14 20:17	---------	d-----w	c:\program files\Common Files\SourceTec
2008-10-30 14:56	---------	d-----w	c:\program files\Windows Imaging
2008-10-15 16:57	332,800	------w	c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41	6,066,176	------w	c:\windows\system32\dllcache\ieframe.dll
2008-09-15 11:57	1,846,016	----a-w	c:\windows\system32\win32k.sys
2008-09-15 11:57	1,846,016	------w	c:\windows\system32\dllcache\win32k.sys
2008-11-21 15:37	67,696	----a-w	c:\program files\mozilla firefox\components\jar50.dll
2008-11-21 15:37	54,376	----a-w	c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-21 15:37	34,952	----a-w	c:\program files\mozilla firefox\components\myspell.dll
2008-11-21 15:37	46,720	----a-w	c:\program files\mozilla firefox\components\spellchk.dll
2008-11-21 15:37	172,144	----a-w	c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-16 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2008-03-14 136512]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-12 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-01 1261336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll tbezsp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-94899944-1707239631-924725345-4708\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=Start.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-94899944-1707239631-924725345-4708\Scripts\Logon\1\[u]0[/u]]
"Script"=MIS-login.vbs

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
backup=c:\windows\pss\EMBASSY Trust Suite Secure Update.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2004-02-19 06:23 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2007-05-14 14:23 1191936 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2007-01-26 09:08 18944 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-03-21 19:03 7557120 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2006-10-20 17:23 118784 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2006-08-17 09:00 1116920 c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-08 11:48 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
--a------ 2006-03-21 19:03 73728 c:\windows\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-03-21 19:03 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-24 16:30 282624 c:\windows\stsystra.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-12-01 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-01 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-01 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-01 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-12-01 1212184]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2007-07-27 87416]
R2 MsDtsServer;SQL Server Integration Services;"c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2008-02-26 205840]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-12-01 29208]
S1 i2ompp;i2ompp;c:\windows\system32\drivers\i2ompp.sys []
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-12-01 29208]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2006-12-02 2805000]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

BHO-{EF40DF30-96DB-47A4-86E5-9F669321BF23} - c:\windows\system32\nnnmlMgh.dll
HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
MSConfigStartUp-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

c:\windows\Downloaded Program Files\JuniperSetupClient.ocx - c:\windows\Downloaded Program Files\JuniperExt.exe
O16 -: {F27237D7-93C8-44C2-AC6E-D6057B9A918F}
hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
c:\windows\Downloaded Program Files\JuniperSetupClient.INF
FF - ProfilePath - c:\documents and settings\Essam\Application Data\Mozilla\Firefox\Profiles\eah75cq3.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 15:48:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1528)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(1624)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-15 15:48:45
ComboFix-quarantined-files.txt  2008-12-15 20:48:38

Pre-Run: 30,428,299,264 bytes free
Post-Run: 31,471,468,544 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

212	--- E O F ---	2008-11-19 17:47:46


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:50 AM, on 12/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070905
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.nai.com (HKLM)
O15 - Trusted Zone: http://edocuments.scientificgames.com (HKLM)
O15 - Trusted Zone: http://edocument.scigames.com (HKLM)
O15 - Trusted Zone: http://edocuments.scigames.com (HKLM)
O15 - Trusted Zone: http://helpdesk.scigames.com (HKLM)
O15 - Trusted Zone: http://telecom.scigames.com (HKLM)
O15 - Trusted Zone: http://timecard.scigames.com (HKLM)
O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://labs.usa.hp.com/vdesk/terminal/InstallerControl.cab#version=6020,2008,0717,1611
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189621498314
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://labs.usa.hp.com/vdesk/terminal/urTermProxy.cab#version=6020,2008,0717,1602
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218820924883
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://labs.usa.hp.com/vdesk/terminal/urxhost.cab#version=6020,2008,0717,1606
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sgi.net
O17 - HKLM\Software\..\Telephony: DomainName = sgi.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sgi.net
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10124 bytes

Quarantine file has been submitted...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
 Tuesday, December 16, 2008
 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
 Kaspersky Online Scanner 7 version: 7.0.25.0
 Program database last update: Monday, December 15, 2008 23:16:56
 Records in database: 1464068
--------------------------------------------------------------------------------

Scan settings:
	Scan using the following database: extended
	Scan archives: yes
	Scan mail databases: yes

Scan area - My Computer:
	C:\
	D:\

Scan statistics:
	Files scanned: 83335
	Threat name: 3
	Infected objects: 3
	Suspicious objects: 0
	Duration of the scan: 03:26:03


File name / Threat name / Threats count
C:\Documents and Settings\Essam\.housecall6.6\Quarantine\prunnet.exe.bac_a11928	Infected: Trojan.Win32.VB.hfs	1
C:\Documents and Settings\Essam\My Documents\Mods\InfinityExists\CainAndAbel_setup.exe	Infected: not-a-virus:PSWTool.Win32.Cain.n	1
C:\Documents and Settings\Essam\My Documents\Mods\InfinityExists\CainAndAbel_setup.exe	Infected: not-a-virus:PSWTool.Win32.Cain.284	1

The selected area was scanned.

Thanks again,
m

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:02 PM

Posted 16 December 2008 - 01:24 AM

Hi, Musad :thumbsup:

The file submitted show no sign of infection. Please empty Trend's Housecall quarantine and remove the following file

C:\Documents and Settings\Essam\My Documents\Mods\InfinityExists\CainAndAbel_setup.exe


How is the computer doing?

Edited by JSntgRvr, 16 December 2008 - 01:25 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Musad

Musad
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 16 December 2008 - 12:50 PM

Hello,
It is working good :thumbsup: .

Thank you for all the help.

M

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:02 PM

Posted 16 December 2008 - 02:30 PM

Hi, Musad. :thumbsup:

Congratulations.Posted Image

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

    Posted Image
Create a Restore point (If the above process fails to do so):
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  • In the System Restore dialog box, click Create a restore point, and then click Next.
  • Type a description for your restore point, such as "After Cleanup", then click Create.
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this one by Miekiemoes.

Best wishes! Posted Image

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:02 PM

Posted 20 December 2008 - 09:33 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users