Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 39

Thread: Nasty infestation. No Anti Virus will run. (Inactive)

  1. #21
    Junior Member
    Join Date
    Aug 2009
    Posts
    28

    Default

    Hi Katana.

    No dice on the rename. I ran the command then tried to run ComboFix as Winlogon.exe and it launched, the status bars completed and then it died, like before.

    I do have an operating system (already installed on your computer)/reinstallation cd for windows xp prof sp 2. It says it is for a Dell, my laptop is an hp. It says only reinstall on a Dell. I don't know where this operating system cd is, I moved and apparently lost it. Can I use the Dell OS cd to install the Recovery Console? BTW, I am using XP Prof, sp3 at present on this Laptop.

    Any other way to get the Recovery Console?

    Thanks for the continued support!

  2. #22
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    We need to look for a file called scecli.dll

    I'll give instructions for using a tool, but if that doesn't run you will have to try Windows Search.
    (don't delete it, just find all the copies of it)

    Edit --- SystemLook should work

    Download and Run SystemLook

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      scecli.dll
      winnt32.exe
      :comment
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    Last edited by katana; 2009-08-09 at 18:50.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  3. #23
    Junior Member
    Join Date
    Aug 2009
    Posts
    28

    Default

    Hello.

    Here is the search log:


    SystemLook v1.0 by jpshortstuff (22.05.09)
    Log created at 11:30 on 09/08/2009 by Owner (Administrator - Elevation successful)

    ========== filefind ==========

    Searching for "scecli.dll"
    C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [19:31 22/12/2008] [12:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
    C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [00:12 14/04/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
    C:\WINDOWS\system32\scecli.dll --a--- 60928 bytes [12:00 04/08/2004] [00:12 14/04/2008] (Unable to calculate MD5)

    Searching for "winnt32.exe"
    No files found.

    -=End Of File=-


    Thanks again!!

  4. #24
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    ----------------------------------------------------------------------------------------
    Step 1

    Delete any copy of Combofix that you have.

    Download a fresh copy .... > ComboFix.exe
    Download a fresh copy of MalwareBytes setup .... > Malwarebytes' Anti-Malware
    Don't run them yet, they are for later.


    ----------------------------------------------------------------------------------------
    Step 2

    Avenger

    Note to users reading this topic! This script was created specificly for the particular infection on this specific machine! If you are not this user, do NOT follow these directions as they could damage the workings of your system.
    1. Please download The Avenger2 by SwanDog46.
    2. Unzip avenger.exe to your desktop.
    3. Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"
      Code:
      Files to move:
      C:\WINDOWS\$NtServicePackUninstall$\scecli.dll|C:\Windows\System32\Scecli.dll
    4. Now start The Avenger2 by double clicking avenger.exe on your desktop.
    5. Read the prompt that appears, and press OK.
    6. Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
    7. Press the "Execute" button.
    8. You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
      Note: It is possible that Avenger will reboot your system TWICE.
    9. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.


    ----------------------------------------------------------------------------------------
    Step 4

    Now run Combofix follwed by installing/running the new MalwareBytes.
    Last edited by katana; 2009-08-10 at 00:17.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  5. #25
    Junior Member
    Join Date
    Aug 2009
    Posts
    28

    Default

    Hey Katana.

    Now we're cooking with gas. Thanks so much for that !!!! Please let me know where to go from here.

    I was able to run Avenger, ComboFix, and then MalwareBytes. Here are the logs in that order:


    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    File move operation "C:\WINDOWS\$NtServicePackUninstall$\scecli.dll|C:\Windows\System32\Scecli.dll" completed successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    ================================================
    ComboFix Log:

    ComboFix 09-08-09.03 - Owner 08/09/2009 21:27.1.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1466 [GMT -5:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\98801556.ini
    c:\documents and settings\Owner\Application Data\wiaserva.log
    c:\windows\Installer\189f1.msi
    c:\windows\system32\mdm.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
    -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


    ((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
    .

    2009-08-08 16:18 . 2009-08-08 16:18 -------- d-----w- c:\program files\trend micro
    2009-08-08 16:18 . 2009-08-08 16:18 -------- d-----w- C:\rsit
    2009-08-08 13:52 . 2009-08-08 13:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2009-08-06 23:43 . 2009-08-06 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-08-06 23:08 . 2009-08-07 22:31 -------- d-----w- c:\program files\Windows Defender(2)
    2009-08-04 20:47 . 2009-08-04 20:48 -------- d-----w- c:\program files\Windows Antivirus Pro
    2009-08-03 23:27 . 2008-11-27 23:47 -------- d---a-w- c:\windows\system32\images
    2009-08-03 22:51 . 2009-08-03 23:45 4 ----a-w- c:\windows\system32\bincd32.dat
    2009-08-03 22:37 . 2009-08-04 00:37 -------- d-----w- c:\program files\creytd
    2009-07-30 17:35 . 2009-07-31 05:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
    2009-07-30 17:34 . 2009-07-30 17:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
    2009-07-30 17:34 . 2009-07-30 17:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Deployment

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-10 02:40 . 2009-08-07 23:41 5310 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2009-08-09 04:11 . 2008-12-23 22:56 -------- d-----w- c:\documents and settings\Owner\Application Data\DMCache
    2009-08-08 00:31 . 2009-04-01 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-08-07 22:32 . 2009-04-01 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-08-07 22:31 . 2009-08-07 22:31 -------- d-----w- c:\program files\Windows Defender
    2009-08-07 22:31 . 2009-08-07 01:14 -------- d-----w- c:\program files\Registrar Lite
    2009-08-07 22:31 . 2008-12-22 20:45 -------- d-----w- c:\program files\Windows Live Safety Center
    2009-08-07 22:31 . 2009-08-07 16:30 -------- d-----w- c:\program files\ERUNT
    2009-08-07 04:03 . 2009-02-03 05:20 -------- d-----w- c:\program files\Bonjour
    2009-06-18 12:56 . 2009-06-18 12:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-05-14 13:23 . 2009-05-14 13:23 111160 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ares"="c:\program files\Ares\Ares.exe" [2008-12-17 887808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-12-23 569405]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= c:\windows\system32\onhelp.htm
    FriendlyName= tets

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\windefend]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\SqlSAC.exe"=
    "c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\devenv.exe"=

    R2 gms-mux;Goodmail Multiplexer;c:\pmta\gmsmux\wrapper.exe -s "c:\pmta\gmsmux\config\wrapper.conf" --> c:\pmta\gmsmux\wrapper.exe -s c:\pmta\gmsmux\config\wrapper.conf [?]
    R2 PMTA;PowerMTA;c:\pmta\bin\pmtawatch.exe [11/18/2008 11:29 PM 761856]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/22/2008 1:20 PM 200192]
    S1 aba3d60a;aba3d60a;c:\windows\system32\drivers\aba3d60a.sys --> c:\windows\system32\drivers\aba3d60a.sys [?]
    S2 windefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
    S3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [7/10/2008 1:22 AM 218136]
    S3 PortalEmailer;PortalEmailer;c:\documents and settings\Owner\My Documents\Visual Studio 2005\Projects\PortalEmailer\PortalEmailer\bin\Debug\PortalEmailer.exe [4/13/2009 9:04 PM 32768]
    S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [1/29/2009 12:12 PM 29824]
    S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [1/29/2009 12:12 PM 41344]
    S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [1/29/2009 12:12 PM 39936]
    S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [1/29/2009 12:12 PM 59776]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-10 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 03:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.daemon-search.com/startpage
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\snfz6iz3.default\
    FF - prefs.js: browser.search.selectedEngine - DAEMON Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - component: c:\documents and settings\Owner\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
    FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-09 21:36
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?4?0?5??????? ???B?????????????hLC? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{68dfd01c-5335-451f-9db8-dcde4b93fef7}]
    @Denied: (Full) (Everyone)
    "Model"=dword:00000079
    "Therad"=dword:0000001a
    "MData"=hex(0):30,61,3c,66,a3,eb,ea,4b,5e,e9,80,4a,38,68,68,50,7b,7d,ce,43,86,
    ef,e0,3d,3b,8a,0a,32,11,89,01,b5,8b,50,c3,71,c8,b6,78,97,c1,28,e6,e3,95,8e,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):3f,3e,d0,15,73,f2,c2,65,b9,bc,55,6c,d5,de,f4,5a,5e,1c,48,cf,a7,
    b0,6b,38,27,3b,f3,4d,a6,38,a5,51,8f,1e,35,42,4d,3f,aa,0e,00,00,00,00,00,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(752)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(4008)
    c:\windows\system32\msi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\pmta\gmsmux\wrapper.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\pmta\jre\bin\java.exe
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\pmta\bin\pmtad.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\HPQ\shared\hpqwmi.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-10 21:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-10 02:45

    Pre-Run: 7,437,271,040 bytes free
    Post-Run: 7,284,998,144 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    188 --- E O F --- 2009-06-10 13:56

    ================================================
    MalwareBytes Log:

    Malwarebytes' Anti-Malware 1.40
    Database version: 2589
    Windows 5.1.2600 Service Pack 3

    8/9/2009 9:53:00 PM
    mbam-log-2009-08-09 (21-53-00).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 23807
    Time elapsed: 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  6. #26
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Looking good
    A big thanks to all the Guys and Gals that are working in the background to analyse this dross.
    Without them we would still be struggling

    Information

    ares

    IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    List programs here

    Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
    The bad guys use P2P filesharing as a major conduit to spread their wares.

    Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.


    ----------------------------------------------------------------------------------------
    Step 1

    Custom CFScript
    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      File::
      c:\windows\system32\bincd32.dat
      Dir::
      c:\Program Files\Windows Antivirus Pro
      c:\windows\system32\images
      c:\Program Files\creytd
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ares"=-
      [-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Program Files\\Ares\\Ares.exe"=-
      Driver::
      aba3d60a
      RegLock::
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{68dfd01c-5335-451f-9db8-dcde4b93fef7}]
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
      ADS::
    • Save this as CFScript.txt and place it on your desktop.




    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper



    ----------------------------------------------------------------------------------------
    Step 2

    Kaspersky Online Scanner .
    Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
    NOTE:- This scan is best done from IE (Internet Explorer)

    NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
    Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html

    Read the Requirements and limitations before you click Accept.
    Once the database has downloaded, click My Computer in the left pane
    Now go and put the kettle on !
    When the scan has completed, click Save Report As...
    Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

    Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


    ----------------------------------------------------------------------------------------
    Step 3

    Download and Run RSIT
    • Please download Random's System Information Tool by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.
      ( They can also be found in the C:\RSIT folder )



    ----------------------------------------------------------------------------------------
    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    Some of the logs I request will be quite large, You may need to split them over a couple of replies.
    • Combofix Log
    • Kaspersky Log
    • RSIT Logs
    • How are things running now ?
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  7. #27
    Junior Member
    Join Date
    Aug 2009
    Posts
    28

    Default

    Hi Katana. Thanks again for all your help, and to whomever else is assisting, many thanks.

    The system is running well. As I mentioned previously though, there were no outward indications of this infection unless you began trying to run any variation of a security mechanism. As such, the only difference I am seeing is that I can actually run these programs now, where I couldn't previously.

    I ran the script with ComboFix and RSIT, but I could not get Kaspersky online scan to run. I don't think it was because of this infection, however. I kept getting a key expired error. In IE it wouldn't launch the applet at all, so I downloaded the latest version of Java (6.15) and was able to launch, but got the same key error. I cleared cookies/history & restarted, but to no avail.

    Here are the logs from ComboFix and RSIT. I removed an application error in the event log section of RSIT log that happened many months back and that I know for sure was not related to this or any infection. Had some specifics I didn't want out in the open if you know what I mean.

    ComboFix 09-08-09.04 - Owner 08/10/2009 9:06.2.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1364 [GMT -5:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

    FILE ::
    "c:\windows\system32\bincd32.dat"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\bincd32.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_aba3d60a


    ((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
    .

    2009-08-10 02:50 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-10 02:50 . 2009-08-10 02:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-10 02:50 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-08 16:18 . 2009-08-08 16:18 -------- d-----w- c:\program files\trend micro
    2009-08-08 16:18 . 2009-08-08 16:18 -------- d-----w- C:\rsit
    2009-08-08 13:52 . 2009-08-08 13:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2009-08-06 23:43 . 2009-08-06 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-08-06 23:08 . 2009-08-07 22:31 -------- d-----w- c:\program files\Windows Defender(2)
    2009-08-04 20:47 . 2009-08-04 20:48 -------- d-----w- c:\program files\Windows Antivirus Pro
    2009-08-03 23:27 . 2008-11-27 23:47 -------- d---a-w- c:\windows\system32\images
    2009-08-03 22:37 . 2009-08-04 00:37 -------- d-----w- c:\program files\creytd
    2009-07-30 17:35 . 2009-07-31 05:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
    2009-07-30 17:34 . 2009-07-30 17:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
    2009-07-30 17:34 . 2009-07-30 17:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Deployment

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-10 14:00 . 2009-08-07 23:41 5310 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2009-08-09 04:11 . 2008-12-23 22:56 -------- d-----w- c:\documents and settings\Owner\Application Data\DMCache
    2009-08-08 00:31 . 2009-04-01 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-08-07 22:32 . 2009-04-01 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-08-07 22:31 . 2009-08-07 22:31 -------- d-----w- c:\program files\Windows Defender
    2009-08-07 22:31 . 2009-08-07 01:14 -------- d-----w- c:\program files\Registrar Lite
    2009-08-07 22:31 . 2008-12-22 20:45 -------- d-----w- c:\program files\Windows Live Safety Center
    2009-08-07 22:31 . 2009-08-07 16:30 -------- d-----w- c:\program files\ERUNT
    2009-08-07 04:03 . 2009-02-03 05:20 -------- d-----w- c:\program files\Bonjour
    2009-06-26 16:50 . 2004-08-04 12:00 666624 ----a-w- c:\windows\system32\wininet.dll
    2009-06-26 16:50 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-18 12:56 . 2009-06-18 12:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
    2009-05-14 13:23 . 2009-05-14 13:23 111160 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-08-10_02.36.14 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-08-10 14:15 . 2009-08-10 14:15 16384 c:\windows\Temp\Perflib_Perfdata_330.dat
    - 2008-12-22 18:40 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
    + 2008-12-22 18:40 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
    - 2009-02-20 08:10 . 2009-04-29 04:46 81920 c:\windows\system32\dllcache\ieencode.dll
    + 2009-02-20 08:10 . 2009-06-26 16:50 81920 c:\windows\system32\dllcache\ieencode.dll
    + 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
    - 2009-08-10 02:31 . 2009-08-10 02:31 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
    + 2009-08-10 14:12 . 2009-08-10 14:12 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
    - 2009-08-10 02:31 . 2009-08-10 02:31 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
    + 2009-08-10 14:12 . 2009-08-10 14:12 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
    - 2004-08-04 12:00 . 2009-04-29 04:46 620032 c:\windows\system32\urlmon.dll
    + 2004-08-04 12:00 . 2009-06-26 16:50 620032 c:\windows\system32\urlmon.dll
    + 2008-12-22 19:55 . 2009-06-26 16:50 666624 c:\windows\system32\dllcache\wininet.dll
    - 2008-12-22 19:55 . 2009-04-29 04:46 666624 c:\windows\system32\dllcache\wininet.dll
    - 2008-12-22 19:55 . 2009-04-29 04:46 620032 c:\windows\system32\dllcache\urlmon.dll
    + 2008-12-22 19:55 . 2009-06-26 16:50 620032 c:\windows\system32\dllcache\urlmon.dll
    + 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
    - 2009-08-10 02:31 . 2009-08-10 02:31 192512 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
    + 2009-08-10 14:12 . 2009-08-10 14:12 192512 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
    + 2009-08-10 14:12 . 2009-08-10 14:12 229376 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
    - 2009-08-10 02:31 . 2009-08-10 02:31 229376 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
    - 2009-08-10 02:31 . 2009-08-10 02:31 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
    + 2009-08-10 14:12 . 2009-08-10 14:12 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
    + 2004-08-04 12:00 . 2009-07-18 16:05 1509888 c:\windows\system32\shdocvw.dll
    + 2004-08-04 12:00 . 2009-07-18 16:05 3069440 c:\windows\system32\mshtml.dll
    + 2008-12-22 19:54 . 2009-07-18 16:05 1509888 c:\windows\system32\dllcache\shdocvw.dll
    + 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
    + 2008-12-22 19:50 . 2009-07-18 16:05 3069440 c:\windows\system32\dllcache\mshtml.dll
    + 2008-12-22 19:58 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
    + 2009-08-10 14:12 . 2009-08-10 14:12 16973824 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
    - 2009-08-10 02:31 . 2009-08-10 02:31 16973824 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-12-23 569405]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= c:\windows\system32\onhelp.htm
    FriendlyName= tets

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\windefend]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\SqlSAC.exe"=
    "c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\devenv.exe"=

    R2 gms-mux;Goodmail Multiplexer;c:\pmta\gmsmux\wrapper.exe -s "c:\pmta\gmsmux\config\wrapper.conf" --> c:\pmta\gmsmux\wrapper.exe -s c:\pmta\gmsmux\config\wrapper.conf [?]
    R2 PMTA;PowerMTA;c:\pmta\bin\pmtawatch.exe [11/18/2008 11:29 PM 761856]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/22/2008 1:20 PM 200192]
    S2 windefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
    S3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [7/10/2008 1:22 AM 218136]
    S3 PortalEmailer;PortalEmailer;c:\documents and settings\Owner\My Documents\Visual Studio 2005\Projects\PortalEmailer\PortalEmailer\bin\Debug\PortalEmailer.exe [4/13/2009 9:04 PM 32768]
    S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [1/29/2009 12:12 PM 29824]
    S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [1/29/2009 12:12 PM 41344]
    S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [1/29/2009 12:12 PM 39936]
    S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [1/29/2009 12:12 PM 59776]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-10 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 03:18]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-ares - c:\program files\Ares\Ares.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.daemon-search.com/startpage
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\snfz6iz3.default\
    FF - prefs.js: browser.search.selectedEngine - DAEMON Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - component: c:\documents and settings\Owner\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
    FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-10 09:15
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?4?0?5??P???? ???B?????????????hLC? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(756)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(2496)
    c:\windows\system32\msi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\pmta\gmsmux\wrapper.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\pmta\jre\bin\java.exe
    c:\pmta\bin\pmtad.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    c:\program files\HPQ\shared\hpqwmi.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-10 9:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-10 14:23
    ComboFix2.txt 2009-08-10 02:46

    Pre-Run: 7,151,603,712 bytes free
    Post-Run: 7,107,104,768 bytes free

    208 --- E O F --- 2009-08-10 13:39


    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Owner at 2009-08-10 10:20:25
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 7 GB (7%) free of 95 GB
    Total RAM: 1918 MB (73% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:20:34 AM, on 8/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\pmta\gmsmux\wrapper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\pmta\jre\bin\java.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\pmta\bin\pmtawatch.exe
    C:\pmta\bin\pmtad.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\HPQ\shared\hpqwmi.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Documents and Settings\Owner\Desktop\RSIT.exe
    C:\Program Files\trend micro\Owner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase1140.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1229973284213
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Goodmail Multiplexer (gms-mux) - Unknown owner - C:\pmta\gmsmux\wrapper.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PowerMTA (PMTA) - Unknown owner - C:\pmta\bin\pmtawatch.exe
    O23 - Service: PortalEmailer - Unknown owner - C:\Documents and Settings\Owner\My Documents\Visual Studio 2005\Projects\PortalEmailer\PortalEmailer\bin\Debug\PortalEmailer.exe
    O23 - Service: Visual Studio Analyzer RPC bridge - Unknown owner - C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe (file missing)
    O24 - Desktop Component 0: tets - C:\WINDOWS\system32\onhelp.htm

    --
    End of file - 6617 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\WGASetup.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
    IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2008-12-23 161200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
    "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-04-11 339968]
    "Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-02-17 233534]
    "eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
    "hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-04-01 794624]
    "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2005-04-11 46080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"= []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\windefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\windefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
    "C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
    "C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
    "C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\Microsoft SQL Server\90\Shared\SqlSAC.exe"="C:\Program Files\Microsoft SQL Server\90\Shared\SqlSAC.exe:*:Enabled:SQL Server Surface Area Configuration"
    "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe"="C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe:*:Enabled:Microsoft Visual Studio 2005"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2009-08-10 10:11:06 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-08-10 10:11:06 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-08-10 10:11:06 ----A---- C:\WINDOWS\system32\java.exe
    2009-08-10 09:24:02 ----A---- C:\ComboFix.txt
    2009-08-10 09:04:53 ----A---- C:\WINDOWS\zip.exe
    2009-08-10 09:04:53 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-08-10 09:04:53 ----A---- C:\WINDOWS\SWSC.exe
    2009-08-10 09:04:53 ----A---- C:\WINDOWS\SWREG.exe
    2009-08-10 09:04:53 ----A---- C:\WINDOWS\sed.exe
    2009-08-10 09:04:53 ----A---- C:\WINDOWS\PEV.exe
    2009-08-10 09:04:53 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-08-10 09:04:53 ----A---- C:\WINDOWS\grep.exe
    2009-08-10 09:04:49 ----SD---- C:\ComboFix
    2009-08-10 08:39:38 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
    2009-08-10 08:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
    2009-08-10 08:39:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
    2009-08-10 08:37:45 ----A---- C:\WINDOWS\imsins.BAK
    2009-08-10 08:37:40 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
    2009-08-09 21:50:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-08-09 21:25:52 ----A---- C:\Boot.bak
    2009-08-09 21:25:44 ----RASHD---- C:\cmdcons
    2009-08-09 21:23:12 ----D---- C:\Qoobox
    2009-08-09 21:19:38 ----D---- C:\Avenger
    2009-08-09 21:19:38 ----A---- C:\avenger.txt
    2009-08-09 18:10:34 ----A---- C:\WINDOWS\system32\scecli.dll.kat
    2009-08-08 11:18:54 ----D---- C:\Program Files\trend micro
    2009-08-08 11:18:53 ----D---- C:\rsit
    2009-08-08 08:52:05 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2009-08-07 20:00:23 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-08-07 18:41:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
    2009-08-07 18:18:49 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-07 17:49:36 ----D---- C:\WINDOWS\CSC
    2009-08-07 17:31:42 ----D---- C:\Program Files\Windows Defender
    2009-08-07 15:33:22 ----D---- C:\32788R22FWJFW(2)
    2009-08-07 11:32:18 ----D---- C:\WINDOWS\ERDNT
    2009-08-07 11:30:48 ----D---- C:\Program Files\ERUNT
    2009-08-06 20:14:04 ----D---- C:\Program Files\Registrar Lite
    2009-08-06 18:43:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-08-06 18:08:09 ----D---- C:\Program Files\Windows Defender(2)
    2009-08-04 15:47:35 ----D---- C:\Program Files\Windows Antivirus Pro
    2009-08-03 18:27:39 ----AD---- C:\WINDOWS\system32\images
    2009-08-03 17:37:13 ----D---- C:\Program Files\creytd

    ======List of files/folders modified in the last 1 months======

    2009-08-10 10:20:20 ----D---- C:\WINDOWS\Prefetch
    2009-08-10 10:18:44 ----D---- C:\Program Files\Mozilla Firefox
    2009-08-10 10:11:12 ----SHD---- C:\WINDOWS\Installer
    2009-08-10 10:11:10 ----HD---- C:\Config.Msi
    2009-08-10 10:11:08 ----D---- C:\WINDOWS\Temp
    2009-08-10 10:11:06 ----D---- C:\WINDOWS\system32
    2009-08-10 10:11:03 ----D---- C:\Program Files\Java
    2009-08-10 09:24:04 ----D---- C:\WINDOWS\system32\drivers
    2009-08-10 09:20:58 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-10 09:16:00 ----D---- C:\WINDOWS
    2009-08-10 09:16:00 ----A---- C:\WINDOWS\system.ini
    2009-08-10 09:12:55 ----D---- C:\WINDOWS\system32\config
    2009-08-10 09:10:40 ----D---- C:\WINDOWS\AppPatch
    2009-08-10 09:10:26 ----D---- C:\Program Files\Common Files
    2009-08-10 08:59:40 ----RD---- C:\Program Files
    2009-08-10 08:39:50 ----HD---- C:\WINDOWS\inf
    2009-08-10 08:39:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-08-10 08:39:32 ----HD---- C:\WINDOWS\$hf_mig$
    2009-08-10 08:38:00 ----D---- C:\WINDOWS\Debug
    2009-08-09 21:44:06 ----SD---- C:\WINDOWS\Tasks
    2009-08-09 21:25:52 ----RASH---- C:\boot.ini
    2009-08-09 21:19:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2009-08-08 23:11:06 ----D---- C:\Documents and Settings\Owner\Application Data\DMCache
    2009-08-07 19:31:08 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-08-07 17:32:10 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-08-07 17:31:39 ----D---- C:\Program Files\Windows Live Safety Center
    2009-08-07 17:30:50 ----D---- C:\WINDOWS\system32\Restore
    2009-08-07 16:49:55 ----D---- C:\WINDOWS\Registration
    2009-08-06 23:03:29 ----D---- C:\Program Files\Bonjour
    2009-08-06 22:45:19 ----D---- C:\Documents and Settings
    2009-08-06 20:29:43 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-08-06 14:25:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-07-28 22:42:45 ----D---- C:\Mailings
    2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-07-18 11:05:06 ----A---- C:\WINDOWS\system32\shdocvw.dll
    2009-07-18 11:05:06 ----A---- C:\WINDOWS\system32\mshtml.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
    R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
    R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-11 1035264]
    R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-03-10 371712]
    R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2004-12-23 1337850]
    R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-12-23 55320]
    R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-02-18 38016]
    R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-02-18 349696]
    R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
    R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-03 74496]
    R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
    R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
    R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-03-16 159488]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
    S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    S3 apjsd7kq;apjsd7kq; C:\WINDOWS\system32\drivers\apjsd7kq.sys []
    S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-22 51088]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-22 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-22 21744]
    S3 PTDUBus;PANTECH UM175 Composite Device Driver ; C:\WINDOWS\system32\DRIVERS\PTDUBus.sys [2008-03-11 29824]
    S3 PTDUMdm;PANTECH UM175 Drivers; C:\WINDOWS\system32\DRIVERS\PTDUMdm.sys [2008-03-11 41344]
    S3 PTDUVsp;PANTECH UM175 Diagnostic Port; C:\WINDOWS\system32\DRIVERS\PTDUVsp.sys [2008-03-11 39936]
    S3 PTDUWWAN;PANTECH UM175 WWAN Driver; C:\WINDOWS\system32\DRIVERS\PTDUWWAN.sys [2008-03-11 59776]
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-11 360448]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2004-12-23 254007]
    R2 gms-mux;Goodmail Multiplexer; C:\pmta\gmsmux\wrapper.exe [2008-04-03 167936]
    R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
    R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    R2 PMTA;PowerMTA; C:\pmta\bin\pmtawatch.exe [2008-11-18 761856]
    R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
    R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
    R3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\shared\hpqwmi.exe [2005-03-04 98304]
    S2 windefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
    S3 MsDtsServer100;SQL Server Integration Services 10.0; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 218136]
    S3 PortalEmailer;PortalEmailer; C:\Documents and Settings\Owner\My Documents\Visual Studio 2005\Projects\PortalEmailer\PortalEmailer\bin\Debug\PortalEmailer.exe [2009-04-14 32768]
    S3 Visual Studio Analyzer RPC bridge;Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe []
    S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------

  8. #28
    Junior Member
    Join Date
    Aug 2009
    Posts
    28

    Default

    info.txt logfile of random's system information tool 1.06 2009-08-10 10:20:35

    ======Uninstall list======

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
    ALUpdate-->"C:\Program Files\ESTsoft\ALUpdate\unins000.exe"
    ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    Broadcom 802.11 Wireless LAN Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
    Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
    Dynamsoft SourceAnywhere for VSS 5.3.2 Standard Client-->MsiExec.exe /I{88C5BDC0-99D5-4BA5-90D9-B80CE0A87BC8}
    HijackThis 2.0.2-->"C:\Documents and Settings\Owner\My Documents\VIRUS\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
    HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
    HP PSC & Officejet 4.2 Corporate Edition-->"C:\Program Files\HP\Digital Imaging\{AC1314E7-D28C-40A1-B322-80D2868D35CE}\setup\hpzscr01.exe" -datfile hposcr04.dat
    HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
    HP Wireless Assistant 1.01 A2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
    Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
    InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
    iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
    J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
    Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    JetBrains ReSharper 4.1-->MsiExec.exe /I{D0B1DC23-A171-45D3-A3CA-97E20290D124}
    K-Lite Mega Codec Pack 4.4.2-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
    Microsoft Device Emulator version 3.0 - ENU-->MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
    Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
    Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
    Microsoft Document Explorer 2008-->C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
    Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
    Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
    Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
    Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
    Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
    Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
    Microsoft SQL Server 2008 Client Tools-->MsiExec.exe /I{4D28EFCF-5999-44D2-8D4E-AC643E76C33F}
    Microsoft SQL Server 2008 Client Tools-->MsiExec.exe /I{60D46DEE-5221-47AA-B978-BA25C5D9F560}
    Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}
    Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
    Microsoft SQL Server 2008 Integration Services-->MsiExec.exe /I{40F34A1C-65A2-4163-98CE-A0D0646CABEF}
    Microsoft SQL Server 2008 Integration Services-->MsiExec.exe /I{AEB03FAF-90EB-4B4F-BA32-9C4DDE2C9804}
    Microsoft SQL Server 2008 Management Studio-->MsiExec.exe /I{2020045B-8DCF-4449-8D5C-EB5BA37440F1}
    Microsoft SQL Server 2008 Management Studio-->MsiExec.exe /I{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}
    Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{D9D937B0-E842-4130-9588-B948E876904A}
    Microsoft SQL Server 2008 Policies-->MsiExec.exe /I{01C5A10F-AD9B-405B-853A-6659841A1242}
    Microsoft SQL Server 2008 Setup Support Files (English)-->MsiExec.exe /X{9D6D76A6-4328-49E8-97A7-531A74841DA5}
    Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86
    Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86
    Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
    Microsoft SQL Server Compact 3.5 SP1 Query Tools English-->MsiExec.exe /I{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}
    Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
    Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
    Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
    Microsoft Sync Framework Runtime v1.0 (x86)-->MsiExec.exe /I{A8BD5A60-E843-46DC-8271-ABF20756BE0F}
    Microsoft Sync Services for ADO.NET v2.0 (x86)-->MsiExec.exe /I{C89B00A2-B72A-4935-96FC-38796E9554EC}
    Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
    Microsoft Visual SourceSafe 2005 - ENU-->"C:\Program Files\Microsoft Visual SourceSafe\Microsoft Visual SourceSafe 2005 - ENU\setup.exe"
    Microsoft Visual Studio 2005 Professional Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
    Microsoft Visual Studio 2005 Web Application Projects-->MsiExec.exe /I{D1D2308E-B8E4-41FA-89AC-82F65B9A255A}
    Microsoft Visual Studio Tools for Applications 2.0 - ENU-->MsiExec.exe /X{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}
    Microsoft VM for Java-->RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall
    Microsoft Web Platform Installer-->MsiExec.exe /X{CA544957-00CB-4A5F-9A34-F49662C7DD5F}
    Microsoft Web Publishing Wizard 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
    Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    PANTECH UM175 Driver-->C:\Program Files\PANTECH\PANTECH UM175\PTDUUninstall.exe
    Power Architect 0.9.12-->"C:\Program Files\Java\jre6\bin\javaw.exe" -jar "C:\Program Files\Power Architect\uninstaller\uninstaller.jar"
    PowerMTA 3.5r11-->MsiExec.exe /I{0A249E23-B6D4-4986-A0DA-27766DA0E924}
    Quick Launch Buttons 5.10 B2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
    QuickTime Alternative 2.8.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
    QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
    REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937060)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {78DD9A0A-4AE1-46D0-B9A6-578EFCA47A3C} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033
    Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB915364)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {C20ED8A3-74AA-4F58-9A2D-7D2AB1BE3E45} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    VZAccess Manager-->C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
    Windows Mobile 5.0 SDK R2 for Smartphone-->MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
    Windows PowerShell(TM) 1.0 MUI pack-->"C:\WINDOWS\$NtUninstallKB926141$\spuninst\spuninst.exe"
    Windows PowerShell(TM) 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

    ======System event log======

    Computer Name: OWNER-15DEC8D99
    Event Code: 3004
    Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=74409

    Scan ID: {91FAC189-2594-472B-8950-D181887FA802}

    User: OWNER-15DEC8D99\Owner

    Name: Unknown

    ID:

    Severity: Not Yet Classified

    Category: Not Yet Classified

    Path Found: file:C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job;file:C:\Documents and Settings\Owner\Local Settings\Temp\a.exe;taskscheduler:C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

    Alert Type: Unclassified software

    Detection Type:

    Record Number: 5
    Source Name: WinDefend
    Time Written: 20090806165513.000000-300
    Event Type: warning
    User:

    Computer Name: OWNER-15DEC8D99
    Event Code: 3004
    Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=74409

    Scan ID: {5A63BCF8-3949-47DB-AD0F-8DA1D12F6839}

    User: OWNER-15DEC8D99\Owner

    Name: Unknown

    ID:

    Severity: Not Yet Classified

    Category: Not Yet Classified

    Path Found: service:{79007602-0cdb-4405-9dbf-1257bb3226ed}

    Alert Type: Unclassified software

    Detection Type:

    Record Number: 4
    Source Name: WinDefend
    Time Written: 20090806165503.000000-300
    Event Type: warning
    User:

    Computer Name: OWNER-15DEC8D99
    Event Code: 3004
    Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=74409

    Scan ID: {99EFD26E-A360-4C8D-93BE-CBA1E495E506}

    User: OWNER-15DEC8D99\Owner

    Name: Unknown

    ID:

    Severity: Not Yet Classified

    Category: Not Yet Classified

    Path Found: driver:{79007602-0cdb-4405-9dbf-1257bb3226ed}

    Alert Type: Unclassified software

    Detection Type:

    Record Number: 3
    Source Name: WinDefend
    Time Written: 20090806165503.000000-300
    Event Type: warning
    User:

    Computer Name: OWNER-15DEC8D99
    Event Code: 3004
    Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=74409

    Scan ID: {BC9800A4-326A-44FA-A021-7564581CBC08}

    User: OWNER-15DEC8D99\Owner

    Name: Unknown

    ID:

    Severity: Not Yet Classified

    Category: Not Yet Classified

    Path Found: driver:{79007602-0cdb-4405-9dbf-1257bb3226ee}

    Alert Type: Unclassified software

    Detection Type:

    Record Number: 2
    Source Name: WinDefend
    Time Written: 20090806165503.000000-300
    Event Type: warning
    User:

    Computer Name: OWNER-15DEC8D99
    Event Code: 3004
    Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=74409

    Scan ID: {16D2CC0B-1EBD-4C77-8356-8D42ACE3659C}

    User: OWNER-15DEC8D99\Owner

    Name: Unknown

    ID:

    Severity: Not Yet Classified

    Category: Not Yet Classified

    Path Found: service:{79007602-0cdb-4405-9dbf-1257bb3226ee}

    Alert Type: Unclassified software

    Detection Type:

    Record Number: 1
    Source Name: WinDefend
    Time Written: 20090806165503.000000-300
    Event Type: warning
    User:

    =====Application event log=====



    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Microsoft SQL Server\90\DTS\Binn;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies;C:\Program Files\QuickTime Alternative\QTSystem;C:\Program Files\ESTsoft\ALZip;c:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Microsoft SQL Server\100\DTS\Binn;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE;C:\Program Files\Microsoft SQL Server\100\Tools\Binn;C:\WINDOWS\system32\WindowsPowerShell\v1.0
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=2402
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\

    -----------------EOF-----------------

  9. #29
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    but I could not get Kaspersky online scan to run. I don't think it was because of this infection, however. I kept getting a key expired error.
    In IE it wouldn't launch the applet at all, so I downloaded the latest version of Java (6.15) and was able to launch, but got the same key error.
    A lot of people have been getting that error lately ???

    Try this one instead


    Active Scan
    Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
    NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
    Please go to this site Link >> ActiveScan << LINK
    • Click the Scan Now button
    • Follow the prompts to install the Active X if necessary
    • Go and make a cup of tea/coffee/beverage of your choice and watch some TV
    • When the scan is finished, a report will be generated
    • Next to Scan Details click the small export to notepad button and save the report to your desktop.
    • Please post the report in your reply.


    ---------------------------------------------------------------------------------------------------
    ---------------------------------------------------------------------------------------------------
    Additional Notes



    Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Adobe Reader is a large program and uses unnecessary space.
    If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

    There is a newer version of Adobe Acrobat Reader available.
    • Please go to this link Adobe Acrobat Reader Download Link
    • Click Download
    • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
    • Click the Continue button
    • Click Run, and click Run again
    • Next click the Install Now button and follow the on screen prompts




    Remove Programs

    Older versions of some programs have vulnerabilities that malware can use to infect your system.

    Now click Start---Control Panel. Double click Add or Remove Programs.
    If any of the following programs are still listed there, click on the program to highlight it, and click on remove.
    • Adobe Reader 6.0.1
      J2SE Runtime Environment 5.0 Update 2
    Now close the Control Panel.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  10. #30
    Junior Member
    Join Date
    Aug 2009
    Posts
    28

    Default

    Hi Katana.

    All done. And the ActiveScan completed - although you were right, it took forever! Here is the log:

    Thanks !!!!

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2009-08-10 18:59:15
    PROTECTIONS: 1
    MALWARE: 12
    SUSPECTS: 1
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    Windows Defender 1.1.2204.0 No No
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{05FF69C1-A6C1-40DB-877E-B8276DC71785}\RP199\A0028358.sys
    01471582 Adware/MalwareAlarm Adware No 1 Yes No C:\System Volume Information\_restore{05FF69C1-A6C1-40DB-877E-B8276DC71785}\RP191\A0026845.exe
    01491711 W32/Waledac.BK.worm Virus/Worm No 0 Yes No C:\pmta\Xfrs\dst\01c9eeafa56b9b30.msg[UPSFILE_NR67721912.zip][UPSFILE_NR67721912.exe]
    01675833 Trj/SMSlock.C Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{05FF69C1-A6C1-40DB-877E-B8276DC71785}\RP199\A0028364.exe
    02106838 Trj/Banbra.GIY Virus/Trojan No 1 Yes No C:\Documents and Settings\Owner\My Documents\Downloads\Compressed\avenger_2.zip[avenger.exe]
    02106838 Trj/Banbra.GIY Virus/Trojan No 1 Yes No C:\Documents and Settings\Owner\My Documents\Downloads\Compressed\avenger.zip[avenger.exe]
    02106838 Trj/Banbra.GIY Virus/Trojan No 1 Yes No C:\Documents and Settings\Owner\Desktop\avenger.exe
    02459278 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\system32\tapi.nfo
    02460067 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{05FF69C1-A6C1-40DB-877E-B8276DC71785}\RP199\A0028362.dll
    02466615 Adware/AntivirusSystemPro Adware No 0 Yes No C:\System Volume Information\_restore{05FF69C1-A6C1-40DB-877E-B8276DC71785}\RP191\A0026844.exe
    02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{05FF69C1-A6C1-40DB-877E-B8276DC71785}\RP199\A0028473.sys
    02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{05FF69C1-A6C1-40DB-877E-B8276DC71785}\RP201\A0028753.sys
    02980348 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No C:\pmta\Xfrs\rz\01c9ee3db6618a52.msg[document.pif]
    03042750 Bck/Bandok.BT Virus/Trojan No 1 Yes No C:\pmta\Xfrs\rz\01c9eea7c3f620aa.msg[postcard.zip][postcard.txt .scr]
    03042750 Bck/Bandok.BT Virus/Trojan No 1 Yes No C:\pmta\Xfrs\rz\01c9eea585cf7530.msg[postcard.zip][postcard.htm .scr]
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{05FF69C1-A6C1-40DB-877E-B8276DC71785}\RP198\A0027976.sys
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{05FF69C1-A6C1-40DB-877E-B8276DC71785}\RP197\A0027605.dll
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{05FF69C1-A6C1-40DB-877E-B8276DC71785}\RP197\A0027407.exe
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{05FF69C1-A6C1-40DB-877E-B8276DC71785}\RP198\A0027689.dll
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{05FF69C1-A6C1-40DB-877E-B8276DC71785}\RP198\A0027688.exe
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{05FF69C1-A6C1-40DB-877E-B8276DC71785}\RP193\A0026955.exe
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{05FF69C1-A6C1-40DB-877E-B8276DC71785}\RP198\A0027855.exe
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{05FF69C1-A6C1-40DB-877E-B8276DC71785}\RP197\A0027534.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location i
    ;===================================================================================================================================================================================
    No C:\WINDOWS\system32\jdbgmgr.exe i
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description i
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •