Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with braviax


  • This topic is locked This topic is locked
20 replies to this topic

#1 aegean

aegean

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 02 August 2009 - 04:19 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/243978/braviax/ ~ OB

I got tossed out of Am I infected? What do I do?

I backed upmy machine to an external harddrive using windows backup but do not have a floppy drive and did not make an ASR floppy.

Firewall is enabled.

emailnotification is checked.

DDS.txt:


DDS (Ver_09-07-30.01) - NTFSx86
Run by McGovernT at 17:10:18.67 on Sun 08/02/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1329 [GMT -4:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {25566DFC-3763-4C86-BE9B-5EE8E7D45B67}
FW: Cisco Security Agent *enabled* {AA4D2B20-3969-4AF5-9386-C569FC5AA460}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe
C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\ASC319.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cisco Systems\CSAgent\bin\okclient.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mcgovernt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer provided by AECOM
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://intranet/
mSearchAssistant = hxxp://www.google.com
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~2.lnk - c:\program files\cisco systems\csagent\bin\okclient.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: aeairweb.com
Trusted Zone: aecom.com
Trusted Zone: asap.com
Trusted Zone: brainshark.com
Trusted Zone: cisco.com
Trusted Zone: dell.com
Trusted Zone: edaw.com
Trusted Zone: getthere.net
Trusted Zone: microsoft.com
Trusted Zone: midicorp.com
Trusted Zone: skillport.com
Trusted Zone: aeairweb.com
Trusted Zone: aecom.com
Trusted Zone: asap.com
Trusted Zone: brainshark.com
Trusted Zone: cisco.com
Trusted Zone: dell.com
Trusted Zone: edaw.com
Trusted Zone: getthere.net
Trusted Zone: microsoft.com
Trusted Zone: midicorp.com
Trusted Zone: skillport.com
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxp://usla1av004.na.aecomnet.com/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxp://usla1av004.na.aecomnet.com/officescan/console/html/ClientInstall/RemoveCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFECAFE-0013-0001-0025-ABCDEFABCDEF}
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: csauser.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 csacenter;Cisco Security Agent Rule Engine;c:\windows\system32\drivers\csacentr.sys [2008-11-13 335488]
R0 csafile;Cisco Security Agent File Access Controller;c:\windows\system32\drivers\csafile.sys [2008-11-13 84224]
R0 csanet;Cisco Security Agent Packet Verifier;c:\windows\system32\drivers\csanet.sys [2008-11-13 255232]
R0 csareg;Cisco Security Agent Registry Access Controller;c:\windows\system32\drivers\csareg.sys [2008-11-13 40704]
R1 csatdi;Cisco Security Agent Network Access Controller;c:\windows\system32\drivers\csatdi.sys [2008-11-13 230912]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 CSAgent;Cisco Security Agent;c:\program files\cisco systems\csagent\bin\csacontrol.exe [2008-11-13 290816]
R2 iPCAgent;iPCAgent;c:\program files\ipass\ipassconnect\iPCAgent.exe [2008-11-13 90112]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2008-10-10 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2008-10-10 36368]
R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-16 30152]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2008-10-10 652552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]

=============== Created Last 30 ================

2009-08-01 14:24 --d----- c:\program files\Western Digital
2009-08-01 13:15 --d----- c:\windows\system32\NtmsData
2009-07-29 08:04 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 08:04 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-26 00:30 --d----- c:\documents and settings\mcgovernt\DoctorWeb
2009-07-25 10:46 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-25 10:46 --d----- c:\program files\SUPERAntiSpyware
2009-07-25 10:46 --d----- c:\docume~1\mcgove~1\applic~1\SUPERAntiSpyware.com
2009-07-25 10:45 --d----- c:\program files\common files\Wise Installation Wizard
2009-07-23 21:37 --d----- c:\docume~1\mcgove~1\applic~1\Malwarebytes
2009-07-23 21:37 38,160 -------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 21:37 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-23 21:37 19,096 -------- c:\windows\system32\drivers\mbam.sys
2009-07-23 21:37 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 07:25 --dsh--- c:\documents and settings\mcgovernt\IECompatCache
2009-07-07 18:04 --dsh--- c:\documents and settings\mcgovernt\PrivacIE
2009-07-07 17:55 --dsh--- c:\documents and settings\mcgovernt\IETldCache
2009-07-07 17:42 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-07 17:41 --d----- c:\windows\ie8updates
2009-07-07 17:39 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-07 17:39 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-07 17:39 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-07 17:39 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-07 17:36 -cd-h--- c:\windows\ie8

==================== Find3M ====================

2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-26 08:24 410,984 -------- c:\windows\system32\deploytk.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll

============= FINISH: 17:11:03.57 ===============



Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/13/2008 4:04:06 PM
System Uptime: 8/2/2009 8:53:21 AM (9 hours ago)

Motherboard: Dell Inc. | | 0WM416
Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 49.962 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 233 GiB total, 213.687 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP167: 7/15/2009 7:58:21 PM - Software Distribution Service 3.0
RP170: 7/20/2009 12:01:20 PM - System Checkpoint
RP172: 7/23/2009 12:50:39 PM - System Checkpoint
RP173: 7/25/2009 10:46:39 AM - Installed SUPERAntiSpyware Free Edition
RP174: 7/26/2009 12:51:57 PM - System Checkpoint
RP175: 7/27/2009 3:18:52 PM - System Checkpoint
RP176: 7/28/2009 5:52:31 PM - System Checkpoint
RP177: 7/29/2009 1:00:19 PM - Software Distribution Service 3.0
RP178: 8/1/2009 4:32:44 PM - System Checkpoint

==== Installed Programs ======================

7-Zip 4.65
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Reader 8
Apple Software Update
Bluetooth Stack for Windows by Toshiba
Broadcom Gigabit Integrated Controller
Cisco Security Agent 5.1.0.69
Conexant HDA D330 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Resource CD
Dell Touchpad
Eraser 5.1
High Definition Audio Driver Package - KB835221
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel® PROSet/Wireless Software
iPassConnect
J2SE Runtime Environment 5.0 Update 11
Java™ 6 Update 13
Lexmark 2400 Series
Lexmark Fax Solutions
Lexmark Toolbar
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
MetaFrame Presentation Server Web Client for Win32
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mWMI
mZConfig
NVIDIA Drivers
Oracle JInitiator 1.3.1.25
PDF-XChange 3.0 Pro
PowerDVD 5.1
QuickSet
QuickTime
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SI Calendar 2009
SigmaTel Audio
Sonic RecordNow! Plus
Sprint Mobile Broadband (Sierra)
SUPERAntiSpyware Free Edition
Trend Micro OfficeScan Client
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
VPN Client
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

8/2/2009 8:58:02 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
8/2/2009 8:58:02 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/30/2009 4:53:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
7/30/2009 4:53:44 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/27/2009 5:59:21 PM, error: NETLOGON [5719] - No Domain Controller is available for domain NA due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
7/27/2009 2:00:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
7/27/2009 10:21:38 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Beep csatdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip tmtdi Tosrfcom
7/27/2009 10:21:38 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2009 10:21:38 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2009 10:21:38 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2009 10:21:38 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2009 10:21:38 AM, error: Service Control Manager [7001] - The Cisco Systems, Inc. VPN Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 10:59:17 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the OfficeScan NT Proxy Service service to connect.
7/26/2009 10:59:17 AM, error: Service Control Manager [7000] - The OfficeScan NT Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================


I look forward to hearing from you,

Thanks in advance

Edited by Orange Blossom, 03 August 2009 - 02:15 AM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:48 PM

Posted 10 August 2009 - 10:21 PM

Hello and welcome to Bleeping Computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 aegean

aegean
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 12 August 2009 - 12:13 PM

I have pasted the mbam log. I have trend micro officescan and it blocked the site for the RSIT dowmload. It is listed as malicious. What should I do?

Malwarebytes' Anti-Malware 1.40
Database version: 2611
Windows 5.1.2600 Service Pack 3

8/12/2009 1:05:41 PM
mbam-log-2009-08-12 (13-05-41).txt

Scan type: Full Scan (C:\|)
Objects scanned: 179886
Time elapsed: 1 hour(s), 14 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:48 PM

Posted 12 August 2009 - 12:21 PM

Please temporarily disable Trend Micro, see here: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Then download and run rsit.

unite.jpg


#5 aegean

aegean
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 12 August 2009 - 07:46 PM

Trend micro officeScan is not listed.

#6 aegean

aegean
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 12 August 2009 - 08:59 PM

Perhaps I can download the program from a different location ?

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:48 PM

Posted 13 August 2009 - 08:08 AM

It will not make a difference where you download it from. Try this:

1. Go to Start > run, type "cmd"
2. Type "net stop tmlisten"
3. Type "net stop ntrtscan"

unite.jpg


#8 aegean

aegean
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 16 August 2009 - 06:23 AM

We're in

Logfile of random's system information tool 1.06 (written by random/random)
Run by McGovernT at 2009-08-16 07:21:53
Microsoft Windows XP Professional Service Pack 3
System drive C: has 47 GB (61%) free of 76 GB
Total RAM: 2046 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:26 AM, on 8/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe
C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\CSAgent\bin\okclient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\mcgovernt\Desktop\rsit.exe
C:\Program Files\trend micro\McGovernT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AECOM
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Cisco Security Agent.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.aeairweb.com
O15 - Trusted Zone: *.aecom.com
O15 - Trusted Zone: *.asap.com
O15 - Trusted Zone: *.brainshark.com
O15 - Trusted Zone: *.cisco.com
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: *.edaw.com
O15 - Trusted Zone: *.getthere.net
O15 - Trusted Zone: *.midicorp.com
O15 - Trusted Zone: *.skillport.com
O15 - Trusted Zone: *.aeairweb.com (HKLM)
O15 - Trusted Zone: *.aecom.com (HKLM)
O15 - Trusted Zone: *.asap.com (HKLM)
O15 - Trusted Zone: *.brainshark.com (HKLM)
O15 - Trusted Zone: *.cisco.com (HKLM)
O15 - Trusted Zone: *.dell.com (HKLM)
O15 - Trusted Zone: *.edaw.com (HKLM)
O15 - Trusted Zone: *.getthere.net (HKLM)
O15 - Trusted Zone: *.midicorp.com (HKLM)
O15 - Trusted Zone: *.skillport.com (HKLM)
O15 - ESC Trusted Zone: *.aecom.com
O15 - ESC Trusted Zone: *.dell.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: *.aecom.com (HKLM)
O15 - ESC Trusted Zone: *.dell.com (HKLM)
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://usla1av004.na.aecomnet.com/officesc...ll/WinNTChk.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://usla1av004.na.aecomnet.com/officesc.../RemoveCtrl.cab
O16 - DPF: {CAFECAFE-0013-0001-0025-ABCDEFABCDEF} (JInitiator 1.3.1.25) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.aecomnet.com
O17 - HKLM\Software\..\Telephony: DomainName = na.aecomnet.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.aecomnet.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.aecomnet.com
O20 - AppInit_DLLs: csauser.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Cisco Security Agent (CSAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9780 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-12 8429568]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=nvHotkey.dll,Start []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-05-12 81920]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-05-06 405504]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-03 1228800]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-07-25 823296]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-07-25 974848]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-04-17 159744]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-26 148888]
"lxcrmon.exe"=C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2007-01-11 291760]
"EzPrint"=C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-12-11 82864]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2006-12-11 295856]
"LXCRCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"OfficeScanNT Monitor"=C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [2008-10-10 709928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]
C:\WINDOWS\system32\braviax.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\Program Files\Eraser\eraser.exe [2009-02-01 520192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [2008-10-10 709928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TOSBTM~1.EXE [2006-05-24 49152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Cisco Security Agent.lnk - C:\Program Files\Cisco Systems\CSAgent\bin\okclient.exe
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="csauser.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LegalNoticeCaption"=?R

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\lxcrcoms.exe"="C:\WINDOWS\system32\lxcrcoms.exe:*:Enabled:Lexmark Communications System"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\WDSetup.exe


======List of files/folders created in the last 1 months======

2009-08-16 07:21:53 ----D---- C:\rsit
2009-08-15 13:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-13 07:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 07:33:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 07:32:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 07:31:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 07:31:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 07:30:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 07:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 07:29:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 07:27:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-10 06:52:27 ----D---- C:\Documents and Settings\All Users\Application Data\GARMIN
2009-08-10 06:48:54 ----D---- C:\Program Files\DIFX
2009-08-10 06:48:43 ----D---- C:\Program Files\Garmin
2009-08-09 09:51:19 ----D---- C:\Documents and Settings\mcgovernt\Application Data\Download Manager
2009-08-09 09:49:23 ----D---- C:\Documents and Settings\mcgovernt\Application Data\GARMIN
2009-08-09 09:30:34 ----D---- C:\Garmin
2009-08-01 14:24:26 ----D---- C:\Program Files\Western Digital
2009-08-01 13:15:36 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-29 09:52:19 ----N---- C:\RootRepeal report 07-29-09 (09-52-19).txt
2009-07-29 08:47:23 ----D---- C:\Program Files\7-Zip
2009-07-25 10:46:53 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-25 10:46:42 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-25 10:46:42 ----D---- C:\Documents and Settings\mcgovernt\Application Data\SUPERAntiSpyware.com
2009-07-25 10:45:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-23 21:37:54 ----D---- C:\Documents and Settings\mcgovernt\Application Data\Malwarebytes
2009-07-23 21:37:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-23 21:37:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-22 17:45:20 ----N---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2009-08-16 07:22:26 ----D---- C:\Program Files\Trend Micro
2009-08-16 07:22:01 ----D---- C:\WINDOWS\Prefetch
2009-08-16 06:44:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-16 06:27:55 ----SH---- C:\boot.ini
2009-08-16 06:27:55 ----A---- C:\WINDOWS\win.ini
2009-08-16 06:27:55 ----A---- C:\WINDOWS\system.ini
2009-08-16 06:26:11 ----D---- C:\WINDOWS\Temp
2009-08-15 14:12:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-15 14:03:23 ----D---- C:\WINDOWS
2009-08-15 13:45:15 ----D---- C:\WINDOWS\system32
2009-08-15 13:03:53 ----HD---- C:\WINDOWS\inf
2009-08-15 13:03:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-15 13:03:35 ----D---- C:\WINDOWS\system32\drivers
2009-08-14 08:45:01 ----D---- C:\WINDOWS\network diagnostic
2009-08-14 07:10:03 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-14 07:09:27 ----D---- C:\WINDOWS\pss
2009-08-14 07:09:10 ----D---- C:\Program Files\lx_cats
2009-08-13 07:33:43 ----A---- C:\WINDOWS\imsins.BAK
2009-08-13 07:30:20 ----D---- C:\Program Files\Outlook Express
2009-08-10 06:57:32 ----SHD---- C:\WINDOWS\Installer
2009-08-10 06:48:54 ----RD---- C:\Program Files
2009-08-10 06:48:44 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-09 09:51:18 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-05 05:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-02 12:59:26 ----D---- C:\WINDOWS\repair
2009-08-02 12:06:55 ----SHD---- C:\System Volume Information
2009-08-02 09:54:06 ----D---- C:\WINDOWS\Registration
2009-08-01 15:07:33 ----SHD---- C:\WINDOWS\CSC
2009-08-01 13:15:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-29 20:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-29 13:10:58 ----D---- C:\Program Files\Internet Explorer
2009-07-27 06:38:56 ----D---- C:\Program Files\Eraser
2009-07-25 10:45:15 ----D---- C:\Program Files\Common Files
2009-07-23 13:32:40 ----D---- C:\Program Files\SI Calendar 2009
2009-07-19 18:48:58 ----N---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 09:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-17 15:01:06 ----A---- C:\WINDOWS\system32\atl.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 csatdi;Cisco Security Agent Network Access Controller; C:\WINDOWS\system32\drivers\csatdi.sys [2006-04-21 230912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-10-10 72072]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-11-05 21393]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 iPassP;iPass Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\iPassP.sys [2008-11-13 21275]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-05-29 12416]
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-04-19 132608]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-06-06 161792]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-06-29 110080]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-02-23 56576]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-11-02 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-02 209152]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-08 2211456]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-12 6345472]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-06 1222840]
R3 swmsflt;swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [2007-08-10 24456]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-11-02 730112]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
S2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys []
S2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 grmnusb;Garmin USB Driver; C:\WINDOWS\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SWMX00;Sierra Wireless USB MUX Driver (#00); C:\WINDOWS\system32\DRIVERS\swmx00.sys [2007-06-27 73856]
S3 SWNC5E00;Sierra Wireless MUX NDIS Driver (#00); C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys [2007-06-27 101248]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-23 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-10-05 73600]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-04-10 41856]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CSAgent;Cisco Security Agent; C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe [2006-04-21 290816]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2006-04-20 1520688]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 iPCAgent;iPCAgent; C:\Program Files\iPass\iPassConnect\iPCAgent.exe [2006-01-19 90112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-26 152984]
R2 lxcr_device;lxcr_device; C:\WINDOWS\system32\lxcrcoms.exe [2006-12-11 537520]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-12 163908]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-07-25 987136]
R2 SPCSUtilityService;SPCSUtilityService; C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe [2007-08-29 131072]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\StacSV.exe [2007-05-06 94208]
R2 Viewpoint Service;Viewpoint Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-07-25 294912]
S2 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2008-10-10 906536]
S2 tmlisten;OfficeScan NT Listener; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2008-10-10 984360]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 iPassConnectEngine;iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [2006-01-20 1089536]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TmProxy;OfficeScan NT Proxy Service; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [2008-10-10 652552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-08-16 07:22:31

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{7E369B27-13E2-41A5-9879-358EE1C8B5AD}
Cisco Security Agent 5.1.0.69-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE499746-67B9-11D4-97CE-0050DA10E5AE}\setup.exe" -l0x9 --mt=removeall
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Resource CD-->MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Eraser 5.1-->C:\WINDOWS\system32\stuninstall.exe C:\Program Files\Eraser\uninstall.dat
Garmin City Navigator North America NT 2010.20-->MsiExec.exe /X{C2E8B236-7554-45FE-92C0-94EF76E4D182}
Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iPassConnect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6FFA58-F491-11D3-8951-000000026265}\setup.exe"
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Lexmark 2400 Series-->C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Lexmark Toolbar-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MetaFrame Presentation Server Web Client for Win32-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Oracle JInitiator 1.3.1.25-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0125-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst
PDF-XChange 3.0 Pro-->"C:\Program Files\Tracker Software\PDF-XChange 3 Pro\unins000.exe"
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SI Calendar 2009-->C:\Program Files\SI Calendar 2009\Uninstall-SICalendar.exe C:\Program Files\SI Calendar 2009\SSEun.dat
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic RecordNow! Plus-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sprint Mobile Broadband (Sierra)-->MsiExec.exe /I{6DCBB845-0FA4-4723-A40A-1F320C221C30}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trend Micro OfficeScan Client-->"C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe"
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe /u
VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\grmnusb_09F3E629557EBE4D2BA1A9469BDAE635AC0807AE\grmnusb.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: Trend Micro OfficeScan Antivirus (disabled) (outdated)
FW: Cisco Security Agent

======System event log======

Computer Name: USPHL1LT724
Event Code: 11165
Message: The system failed to register host (A) resource records (RRs) for
network adapter
with settings:


Adapter Name : {781675A7-B619-4F79-92B0-319A5E4DE867}

Host Name : USPHL1LT724

Primary Domain Suffix : na.aecomnet.com

DNS server list :

192.168.0.1

Sent update to server : <?>

IP Address(es) :

192.168.0.101


The reason the system could not register these RRs was because the
DNS server contacted refused the update request. The reasons for this
might be (a) you are not allowed to update the specified DNS domain name,
or (:thumbup2: because the DNS server authoritative for this name does not support
the DNS dynamic update protocol.


To register the DNS host (A) resource records using the specific DNS
domain name and IP addresses for this adapter, contact your DNS server
or network systems administrator.

Record Number: 2231
Source Name: DnsApi
Time Written: 20090724104338.000000-240
Event Type: warning
User:

Computer Name: USPHL1LT724
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Record Number: 2230
Source Name: W32Time
Time Written: 20090724104236.000000-240
Event Type: error
User:

Computer Name: USPHL1LT724
Event Code: 14
Message: The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 30 minutes.

Record Number: 2229
Source Name: W32Time
Time Written: 20090724104236.000000-240
Event Type: warning
User:

Computer Name: USPHL1LT724
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 2226
Source Name: W32Time
Time Written: 20090724102733.000000-240
Event Type: error
User:

Computer Name: USPHL1LT724
Event Code: 14
Message: The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 15 minutes.

Record Number: 2225
Source Name: W32Time
Time Written: 20090724102733.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: USPHL1LT724
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Record Number: 4673
Source Name: Userenv
Time Written: 20090718074803.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: USPHL1LT724
Event Code: 256
Message: An unauthorized Network Component, 'iPassP' was detected registering with the system. The operation was allowed.

Record Number: 4672
Source Name: CSAgent
Time Written: 20090718074802.000000-240
Event Type: warning
User:

Computer Name: USPHL1LT724
Event Code: 256
Message: The process 'C:\WINDOWS\system32\svchost.exe' (as user NT AUTHORITY\LOCAL SERVICE) attempted to accept a connection as a server on UDP port 1900 from 192.168.0.1. The operation was denied.

Record Number: 4670
Source Name: CSAgent
Time Written: 20090717211212.000000-240
Event Type: error
User:

Computer Name: USPHL1LT724
Event Code: 256
Message: The process 'C:\WINDOWS\system32\svchost.exe' (as user NT AUTHORITY\LOCAL SERVICE) attempted to accept a connection as a server on UDP port 1900 from 192.168.0.1. The operation was denied.

Record Number: 4669
Source Name: CSAgent
Time Written: 20090717201110.000000-240
Event Type: error
User:

Computer Name: USPHL1LT724
Event Code: 1000
Message: Could not execute the following script NA-SEC-CleanLocalUsers_v2.2.vbs. The system cannot find the file specified.
.

Record Number: 4666
Source Name: UserInit
Time Written: 20090717200900.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"MODEL"=Dx30
"X_DETECTEDMODEL"=D630
"X_LOB"=Latitude
"TYPE"=Notebook
"DRVDIR"=C:\DRV
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:48 PM

Posted 17 August 2009 - 11:23 AM

Hi aegean,

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Next

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Then please post back here with the following:
  • Gmer log
  • OTListIt.txt
  • Extra.txt
Thanks

unite.jpg


#10 aegean

aegean
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 18 August 2009 - 08:05 AM

First off is the warning just a precaution or should I change all my credit card accounts and all passwords like you said.

I had already backed up "all information on this computer" on this computer. I have a .bkf file on an external hard disk. I do not have a recovery disk because windows requests that you insert a floppy to create one but I don't have that type of drive. Therefore I need to know how to use the .bkf file to restore my machine.

One other issue could be that I cannot log in during safe mode. It seems to need a password I don't have.

#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:48 PM

Posted 18 August 2009 - 01:35 PM

The warning does not mean that your information has been stolen, but it is to tell you that their is malware on your machine that has the
capability to do so, I can not tell you for sure whether it has or hasn't stole any information.

Restoring a backup of your computer is not the same as formatting it, and also their is a chance the backup could contain some malware.
I have no idea how to actually use .bkf files, you would be best reffering to the program that created them.


One other issue could be that I cannot log in during safe mode. It seems to need a password I don't have.


Did you try just pressing enter with no password, this is what it is by default if you don't set the administrator password.

unite.jpg


#12 aegean

aegean
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 18 August 2009 - 07:30 PM

The enter key doesn't work. there seems to be more than one password although it seems I'm supposed to have permission to do everything.
Will I need to use safe mode If so how can I get around or change the passwords

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:48 PM

Posted 18 August 2009 - 07:50 PM

You should not need to use safe mode and I wont be able to help you get around any passwords you don't know anyway.

unite.jpg


#14 aegean

aegean
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 19 August 2009 - 06:36 AM

In the event my computer does crash how will the .bkf file be used to restore the system ? I can backup every thing separately so it can be cherry picked but wouldn't I need product keys for some software ?

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:48 PM

Posted 19 August 2009 - 07:18 AM

Can you please just follow my instructions we will deal with any other situation if it happens.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users