TechSpot

My Computer is infected

By intabli
Aug 4, 2011
  1. Dear all,

    My computer is infected, and I noticed many results when I did a Rootkit scan, one of which was userinit.exe, and when I proceeded to scan with MalwareBytes, it detected that file as a trojan too, and it required a restart to remove it.

    I completed the 5 steps, and here are the logs:

    ###BEGIN OF:

    Malware Anti-malware Log:


    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7364

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    8/3/2011 2:07:26 PM
    mbam-log-2011-08-03 (14-07-26).txt

    Scan type: Quick scan
    Objects scanned: 161057
    Time elapsed: 12 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig (Windows.Tool.Disabled) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\administrator\my documents\downloads\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


    ####END


    #### Begin of:

    GMER LOG:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-08-04 09:15:10
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541680J9SA00 rev.SB2OC70P
    Running: 0kp0cqcb.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwldapog.sys


    ---- System - GMER 1.0.15 ----

    SSDT BA67D246 ZwCreateKey
    SSDT BA67D23C ZwCreateThread
    SSDT BA67D24B ZwDeleteKey
    SSDT BA67D255 ZwDeleteValueKey
    SSDT BA67D25A ZwLoadKey
    SSDT BA67D228 ZwOpenProcess
    SSDT BA67D22D ZwOpenThread
    SSDT BA67D264 ZwReplaceKey
    SSDT BA67D25F ZwRestoreKey
    SSDT BA67D250 ZwSetValueKey

    ---- Kernel code sections - GMER 1.0.15 ----

    ? sonfdse.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[360] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
    IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3860] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197de4bb71
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197de4bb71 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00197de4bb71 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----


    #### END
     
  2. intabli

    intabli TS Rookie Topic Starter

    Logs Part 2

    ### Begin of DDS Log


    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Administrator at 9:16:00 on 2011-08-04
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.856 [GMT 4:00]
    .
    AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {D82DB37D-477E-43A2-BF81-A3B7FE19794D}
    FW: Trend Micro Personal Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    svchost.exe
    C:\Program Files\LANDesk\Shared Files\residentagent.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    C:\WINDOWS\system32\CBA\pds.exe
    C:\Program Files\LANDesk\LDClient\tmcsvc.exe
    C:\PROGRA~1\LANDesk\LDClient\issuser.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
    C:\WINDOWS\system32\NLSSRV32.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe
    C:\Program Files\PacketiX VPN Client English\vpnclient.exe
    C:\PROGRA~1\LANDesk\LDClient\collector.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
    C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\LightningFAX\LFclient\lfsndmng.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uSearch Bar =
    uStart Page = www.google.com/ncr
    uInternet Settings,ProxyOverride = *.lab proxy.dubai.gov.ae:80 local 10.100.100.100:80 protocoltest.lab admin.protocoltest.lab <local>
    uInternet Settings,ProxyServer = proxy.dubai.gov.ae:80
    mSearchAssistant =
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
    BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: FlashGet: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\program files\flashget\fgiebar.dll
    TB: {093B3D46-0F87-44CF-B44B-79537F1597E5} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [lfsndmng] "c:\program files\lightningfax\\lfclient\lfsndmng.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
    mPolicies-system: dontdisplaylockeduserid = 1 (0x1)
    mPolicies-system: MaxGPOScriptWait = 0 (0x0)
    mPolicies-system: RunLogonScriptSync = 0 (0x0)
    mPolicies-system: LogonType = 0 (0x0)
    IE: &Download All with FlashGet - c:\progra~1\flashget\jc_all.htm
    IE: &Download with FlashGet - c:\progra~1\flashget\jc_link.htm
    IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: dubai.ae\protocol
    DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://htmcm01:4343/officescan/console/html/ClientInstall/WinNTChk.cab
    DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://htmcm01:4343/officescan/console/html/root/AtxEnc.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273530231781
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273494145266
    DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 10.100.100.18 10.100.100.16
    TCP: Interfaces\{42372657-F4D7-41E8-98FB-A4B942A968B2} : NameServer = 10.48.96.1
    TCP: Interfaces\{886CB552-A637-4E93-97AA-83E3A594918D} : DhcpNameServer = 10.100.100.18 10.100.100.16
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 213.42.85.58 protocoltest.lab
    Hosts: 213.42.85.58 admin.protocoltest.lab
    Hosts: 213.42.85.58 protocol.lab
    Hosts: 213.42.85.58 admin.protocol.lab
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\i8xlbot9.default\
    FF - prefs.js: browser.search.selectedEngine - Hotspot Shield Private Search
    FF - prefs.js: browser.startup.homepage - www.google.com/ncr
    FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
    FF - component: c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
    FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
    FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071700000016.dll
    FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-8-3 11608]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-8-3 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-8-3 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-8-3 61960]
    R2 CBA8;LANDesk(R) Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2009-3-23 155648]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
    R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2010-5-11 139264]
    R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
    R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
    R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-3-27 36368]
    R2 TvWksSvc;TeleVantage Workstation Service;c:\program files\common files\artisoft\televantage\TvWksSvc.exe [2006-7-11 102400]
    R2 vpnclient;PacketiX VPN Client;c:\program files\packetix vpn client english\vpnclient.exe [2008-5-15 2478080]
    R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-11-8 237568]
    R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-11-8 1060352]
    R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-11-8 484352]
    R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2010-5-11 3328]
    R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2010-5-11 3712]
    R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-2-23 338960]
    R3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2009-2-23 488768]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2010-5-11 376832]
    S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-5-11 50192]
    S2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2009-3-27 225296]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
    S3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2010-5-11 11904]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\ba.tmp --> c:\windows\system32\BA.tmp [?]
    S3 Neo_Darker;VPN Client Device Driver - Darker;c:\windows\system32\drivers\Neo_0000.sys [2011-3-6 22000]
    S3 Neo_Darker2;VPN Client Device Driver - Darker2;c:\windows\system32\drivers\Neo_0048.sys [2011-3-7 22000]
    S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2009-2-23 652552]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-1-11 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
    .
    =============== Created Last 30 ================
    .
    2011-08-03 10:38:50 -------- d-----w- c:\documents and settings\administrator\application data\Avira
    2011-08-03 10:31:41 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-08-03 10:31:41 -------- d-----w- c:\program files\Avira
    2011-08-03 10:31:41 -------- d-----w- c:\documents and settings\all users\application data\Avira
    2011-08-03 09:39:33 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-08-03 09:16:35 -------- d-----w- c:\program files\Sophos
    2011-07-31 11:13:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-07-31 11:13:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-19 04:43:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-14 06:22:22 -------- d-----w- c:\documents and settings\administrator\.thumbnails
    2011-07-14 04:40:13 -------- d-----w- c:\documents and settings\all users\application data\LANDesk
    2011-07-13 07:04:03 -------- d-----w- c:\documents and settings\administrator\application data\Interstar Technologies
    2011-07-13 07:01:49 -------- d-----w- c:\program files\LightningFAX
    2011-07-13 06:42:04 -------- d-----w- c:\program files\TeleVantage
    2011-07-13 06:42:04 -------- d-----w- c:\program files\common files\Artisoft
    2011-07-13 06:34:06 -------- d-----w- c:\documents and settings\all users\application data\vulScan
    .
    ==================== Find3M ====================
    .
    2011-07-06 15:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 15:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2003-06-18 07:36:00 421888 ----a-w- c:\program files\common files\crystalwizard.dll
    .
    ============= FINISH: 9:16:23.46 ===============


    #### End


    ### Begin of ATTACH Log


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/8/2010 11:46:12 AM
    System Uptime: 8/3/2011 2:17:40 PM (19 hours ago)
    .
    Motherboard: Acer, Inc. | | Prespa1
    Processor: Intel(R) Celeron(R) M CPU 430 @ 1.73GHz | U2E1 | 1733/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 49 GiB total, 22.667 GiB free.
    D: is CDROM (UDF)
    F: is FIXED (NTFS) - 26 GiB total, 22.372 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Mass Storage Controller
    Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_01101025&REV_00\4&6B16D5B&0&4AF0
    Manufacturer:
    Name: Mass Storage Controller
    PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_01101025&REV_00\4&6B16D5B&0&4AF0
    Service:
    .
    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia N96
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia N96
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP183: 6/8/2011 10:05:38 AM - Software Distribution Service 3.0
    RP184: 6/9/2011 2:43:02 PM - System Checkpoint
    RP185: 6/12/2011 2:10:07 PM - System Checkpoint
    RP186: 6/16/2011 2:01:53 PM - System Checkpoint
    RP187: 6/19/2011 11:13:13 AM - System Checkpoint
    RP188: 6/21/2011 3:17:34 PM - Installed QuickTime
    RP189: 6/23/2011 10:26:39 AM - System Checkpoint
    RP190: 6/26/2011 10:27:12 AM - System Checkpoint
    RP191: 6/27/2011 12:47:00 PM - System Checkpoint
    RP192: 6/28/2011 2:52:20 PM - System Checkpoint
    RP193: 7/3/2011 8:37:12 AM - System Checkpoint
    RP194: 7/4/2011 11:03:33 AM - System Checkpoint
    RP195: 7/5/2011 2:23:05 PM - System Checkpoint
    RP196: 7/6/2011 3:20:20 PM - System Checkpoint
    RP197: 7/10/2011 9:07:51 AM - System Checkpoint
    RP198: 7/11/2011 10:16:37 AM - System Checkpoint
    RP199: 7/12/2011 10:43:44 AM - System Checkpoint
    RP200: 7/13/2011 10:41:39 AM - Installed TeleVantage workstation applications
    RP201: 7/13/2011 10:59:35 AM - Configured Microsoft Office Standard 2007
    RP202: 7/13/2011 11:01:20 AM - Installed LightningFAX 8.2.0.73
    RP203: 7/13/2011 11:27:42 AM - Configured Microsoft Office Standard 2007
    RP204: 7/13/2011 1:05:01 PM - Configured Microsoft Office Standard 2007
    RP205: 7/17/2011 11:06:51 AM - System Checkpoint
    RP206: 7/18/2011 3:15:53 PM - Installed Google SketchUp 8
    RP207: 7/20/2011 12:09:10 PM - System Checkpoint
    RP208: 7/24/2011 10:24:15 AM - System Checkpoint
    RP209: 7/25/2011 11:07:24 AM - System Checkpoint
    RP210: 7/27/2011 11:44:00 AM - System Checkpoint
    RP211: 7/28/2011 1:21:43 PM - System Checkpoint
    RP212: 7/31/2011 3:12:39 PM - Installed Java(TM) 6 Update 26
    RP213: 8/2/2011 10:44:15 AM - System Checkpoint
    RP214: 8/3/2011 3:25:29 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Adobe Acrobat 6.0 Professional
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Advanced Pdf Splitter Free 5.0
    Agere Systems HDA Modem
    AiO_Scan_CDA
    AiOSoftwareNPI
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    Atheros Wireless LAN
    Audacity 1.2.6
    AVG 2011
    Avira AntiVir Personal - Free Antivirus
    BBSAK
    BitTorrent
    BlackBerry Desktop Software 6.0.1
    BlackBerry Device Manager 6.0.2
    BlackBerry® Media Sync
    BufferChm
    Bulk Rename Utility 2.7.1.2
    CR10RDC
    CutePDF Writer 2.8
    Decision
    DiskRedactor
    eSupportQFolder
    Fax_CDA
    FlashGet 1.9.6.1073
    FlashGet(Jetcar)
    GIMP 2.6.11
    Google Chrome
    Google SketchUp 8
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB938759)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB958655-v2)
    Hotfix for Windows XP (KB961118)
    Hotspot Shield 1.57
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Software Update
    HP Solution Center 7.0
    HPProductAssistant
    Intel(R) Graphics Media Accelerator Driver
    J2SE Runtime Environment 5.0
    Java Auto Updater
    Java(TM) 6 Update 26
    K-Lite Codec Pack 7.2.0 (Basic)
    LAME v3.98.3 for Audacity
    LANDesk Advance Agent
    LANDesk(R) Common Base Agent 8
    LightningFAX 8.2.0.73
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Help Viewer 1.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Mobipocket Reader 6.2
    Move Media Player
    Mozilla Firefox 5.0 (x86 en-US)
    MSVC80_x86_v2
    MSVC90_x86
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NewCopy_CDA
    Nitro PDF Professional
    Nokia Connectivity Cable Driver
    Nokia Ovi Suite
    Nokia Ovi Suite Software Updater
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    Ovi Desktop Sync Engine
    OviMPlatform
    PacketiX VPN Client (English)
    PandoraRecovery (Remove Only)
    PC Connectivity Solution
    PerformanceTest v7.0
    Privoxy (remove only)
    QuickTime
    Readme
    Realtek High Definition Audio Driver
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB978380)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office Excel 2007 (KB978382)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Service Pack 1 for SQL Server 2008 (KB968369)
    SES Driver
    SlingPlayer
    SolutionCenter
    SolveigMM AVI Trimmer
    Sophos Anti-Rootkit 1.5.20
    Sql Server Customer Experience Improvement Program
    SUPERAntiSpyware
    TeleVantage workstation applications
    Trend Micro OfficeScan Client
    Update for 2007 Microsoft Office System (KB967642)
    Update for 2007 Microsoft Office System (KB981715)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb981433)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB980182)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    WD SmartWare
    WebFldrs XP
    WebReg
    WebSlingPlayer ActiveX
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinRAR archiver
    WinZip
    Xilisoft AVI to DVD Converter 6
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/3/2011 2:43:16 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    7/31/2011 8:45:58 AM, error: NETLOGON [5721] - The session setup to the Windows NT or Windows 2000 Domain Controller \\hdcs002.dubai.gov.ae for the domain HHRC failed because the Domain Controller does not have an account for the computer PDL0033.
    7/31/2011 8:32:26 AM, error: Service Control Manager [7034] - The LANDesk(R) Software Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
    7/31/2011 8:32:26 AM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the path specified.
    7/31/2011 8:30:54 AM, error: NETLOGON [5719] - No Domain Controller is available for domain HHRC due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    7/31/2011 8:28:27 AM, error: NETLOGON [5719] - No Domain Controller is available for domain HHRC due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    7/31/2011 12:56:03 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WDFME service.
    7/28/2011 12:17:52 PM, error: NETLOGON [5721] - The session setup to the Windows NT or Windows 2000 Domain Controller \\hdcs001.dubai.gov.ae for the domain HHRC failed because the Domain Controller does not have an account for the computer PDL0033.
    .
    ==== End Of File ===========================


    ### END
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! Here are some of the reasons you have malware:

    1. Multiple antivirus programs:
    AV: AntiVir Desktop *Disabled/Outdated*
    AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated
    AVG 2011
    If you decide to change the AV, you must remove any other AV that is running. Being outdated means it doesn't have the current database, but there are still processes running that need to be removed. In the meantime, multiple AV programs make as system more vulnerable, not less.
    Please handle the antivirus matter. When finished, reboot the computer.
    You might want to know that I am going to have you run Combofix and it won't run with AVG installed, so it will need to be temporarily uninstalled. If you would like to keep Avira, at least for now, you must update it.
    ----------------------------
    To remove AVG:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: You already have this one but it must be brought up to date:
    Avira-AntiVir-Personal-Free-Antivirus
    ============================================
    2. Using file sharing program: Bit Torrent:
    [P2P or 'file sharing Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall Bit Torrent for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers
    --------------------------------------------.
    3. Outdated Java still on system: J2SE Runtime Environment 5.0. Please remove.
    =========================================
    4. Since this is a global board, I have to ask the following: Suspect IP
    Your host files are here:
    inetnum: 213.42.84.0 - 213.42.87.255
    netname: GIN-EMIRNET
    descr: H.H. The Rulers Court - DGIRP
    descr: Government of Dubai
    country: AE
    ------------------------------
    These search proxies are set:
    uInternet Settings,ProxyOverride = *.lab proxy.dubai.gov.ae:80 local 10.100.100.100:80 protocoltest.lab admin.protocoltest.lab <local>
    uInternet Settings,ProxyServer = proxy.dubai.gov.ae:80
    ----------------------------
    This is in the Trusted Zone:
    Trusted Zone: dubai.ae\protocol
    ---------------------->> If these are your settings, okay. If they are not, I will remove them.
    =================================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Please address my questions in your next reply and we'll go from there. And please note the above line:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...