Redundant Virus in my notebook: Windows Police Pro, Total Security and koobface

Posted 9/23/2009 7:47 AM
#77661
User avatar

tinasg Valued member

Date Joined Nov 2016
Total Posts: 13
[color=black>Hi] <br/>[/color] <br/> <br/><FONT face="Times New Roman">My notebook seems to be infected with Virus like Windows Police Pro, Total Security and koobface work. <br/> <br/> <br/> <br/>The virus was first detected on 18th September as Windows Police Pro and Koobface worm, a day after I connected a USB (through which I suspect the virus entered.) <br/> <br/> <br/> <br/>I had cleaned it using Malware's Anti-Malware. I even formatted and cleaned my USB using the same application. Again I had connected it yesterday and today the virus re appeared. Today, it appeared as "Total Security with the Warning Your computer is infected wall paper." <br/> <br/> <br/> <br/>Same thing has happened with my colleagues who used the same USB. Their option was to format the C drive. However, I am not too excited to do that and wish to fight this virus and clean my notebook as well as my USB. <br/> <br/> <br/> <br/>Please advise. <br/> <br/> <br/> <br/>I had used the following anti virus detection softwares: <br/> <br/> <br/> <br/>1) XoftSpySE <br/> <br/>2) Malwarebytes' Anti-Malware <br/> <br/>3) Dr Webs xd77vjqg.exe <br/> <br/> <br/> <br/>I am in the process of installing avast currently. In the meantime here are the required logs: <br/> <br/> <br/> <br/>Hijack this: <br/> <br/> <br/> <br/>------------> <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 1:09:04 PM, on 9/23/2009 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 (7.00.6000.16791) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Intel\Wireless\Bin\EvtEng.exe <br/>C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe <br/>C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\Program Files\McAfee\Common Framework\FrameworkService.exe <br/>C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe <br/>C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe <br/>C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe <br/>C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe <br/>C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe <br/>C:\WINDOWS\system32\rundll32.exe <br/>C:\WINDOWS\stsystra.exe <br/>C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE <br/>C:\Program Files\McAfee\Common Framework\UdaterUI.exe <br/>C:\Program Files\Java\jre6\bin\jusched.exe <br/>C:\Program Files\McAfee\Common Framework\McTray.exe <br/>C:\WINDOWS\vsnpstd3.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe <br/>C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Genesys VPN\Genesys VPN Client 4.8.02\cvpnd.exe <br/>D:\Downloads\avast_home_setup.exe <br/>C:\Documents and Settings\roopali.ISMARTPANACHE\Local Settings\Temporary Internet Files\Content.IE5\ARI526N5\dds[1].scr <br/>C:\WINDOWS\system32\cmd.exe <br/>D:\Downloads\HijackThis.exe <br/>C:\DOCUME~1\ROOPAL~1.ISM\LOCALS~1\Temp\RarSFX24\EDS.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 <br/>O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) <br/>O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll <br/>O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll <br/>O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll <br/>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll <br/>O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" <br/>O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start <br/>O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe <br/>O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE <br/>O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" <br/>O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe <br/>O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe <br/>O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet <br/>O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe <br/>O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm <br/>O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm <br/>O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL <br/>O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe <br/>O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <br/>O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe <br/>O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll <br/>O11 - Options group: [INTERNATIONAL] International* <br/>O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.loksatta.com/daily/dynamic/wfplayer/tdserver.cab <br/>O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com.au/s/v/44.10/uploader2.cab <br/>O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab <br/>O16 - DPF: {4D1DA428-3B37-44E6-893A-D3A5BCE0E7E3} (Siebel High Interactivity Framework) - http://panorama.genesyslab.com/callcenter_enu/18382/applets/SiebelAx_HI_Client.cab <br/>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222781157203 <br/>O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://wiproes.webex.com/client/T26L/support/ieatgpc.cab <br/>O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ismartpanache.net <br/>O17 - HKLM\Software\..\Telephony: DomainName = ismartpanache.net <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{ECBA180A-E7AD-4CB6-BF08-9D25B4933EAE}: NameServer = 192.168.100.36 <br/>O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ismartpanache.net <br/>O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ismartpanache.net <br/>O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL <br/>O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll <br/>O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL <br/>O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL <br/>O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll <br/>O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL <br/>O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL <br/>O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <br/>O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll <br/>O23 - Service: Genesys Multitenant Configuration Server (ConfigServerMT) - Unknown owner - C:\Program Files\GCTI\Multitenant Configuration Server\confserv.exe" -service ConfigServerMT (file missing) <br/>O23 - Service: Genesys Singletenant Configuration Server (ConfigServerST) - Unknown owner - D:\GCTI\Singletenant Configuration Server\confserv.exe" -service ConfigServerST (file missing) <br/>O23 - Service: Genesys Singletenant Configuration Server (1) (ConfigServerST_1) - Unknown owner - D:\GCTI\Singletenant Configuration Server76\confserv.exe" -service ConfigServerST_1 (file missing) <br/>O23 - Service: Genesys Singletenant Configuration Server (2) (ConfigServerST_2) - Unknown owner - C:\Program Files\GCTI\Singletenant Configuration Server\confserv.exe" -service ConfigServerST_2 (file missing) <br/>O23 - Service: Genesys Singletenant Configuration Server (3) (ConfigServerST_3) - Unknown owner - C:\Program Files\GCTI\Singletenant Configuration Server (1)\confserv.exe" -service ConfigServerST_3 (file missing) <br/>O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Genesys VPN\Genesys VPN Client 4.8.02\cvpnd.exe <br/>O23 - Service: Genesys DB Server (DBServer) - Unknown owner - D:\GCTI\DB Server\multiserver.exe" -service DBServer -host localhost -port 2020 -app cfg_dbserver (file missing) <br/>O23 - Service: Genesys DB Server [OCS_DBServer] (DBServer_1) - Unknown owner - D:\GCTI\OCS_DBServer\multiserver.exe" -host localhost -port 2020 -app OCS_DBServer -service DBServer_1 (file missing) <br/>O23 - Service: Genesys DB Server [ICON_DBServer] (DBServer_2) - Unknown owner - C:\Program Files\GCTI\DB Server\ICON_DBServer\multiserver.exe" -host ismartpa-dbf6a9 -port 2020 -app ICON_DBServer -service DBServer_2 (file missing) <br/>O23 - Service: Genesys DB Server [DBServer_72] (DBServer_3) - Unknown owner - C:\Program Files\GCTI\DB Server\DBServer_72\multiserver.exe" -host ismartpa-dbf6a9 -port 2020 -app DBServer_72 -service DBServer_3 (file missing) <br/>O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe <br/>O23 - Service: FLEXlm Service 1 - Macrovision Corporation - C:\FLEXlm\lmgrd.exe <br/>O23 - Service: Genesys Desktop [GAD75] (GDesktop) - Unknown owner - C:\GCTI\GenesysDesktop\GAD75\bin\GDesktopDriver.exe" -service GDesktop (file missing) <br/>O23 - Service: Genesys Desktop [GAD75] (GDesktop) - Unknown owner - C:\GCTI\GenesysDesktop\GAD75\bin\GDesktopDriver.exe" -service GDesktop (file missing) <br/>O23 - Service: Genesys Desktop [GAD75] (GDesktop) - Unknown owner - C:\GCTI\GenesysDesktop\GAD75\bin\GDesktopDriver.exe" -service GDesktop (file missing) <br/>O23 - Service: Genesys Desktop [GAD75] (GDesktop) - Unknown owner - C:\GCTI\GenesysDesktop\GAD75\bin\GDesktopDriver.exe" -service GDesktop (file missing) <br/>O23 - Service: Genesys Desktop [GAD_76] (GDesktop_1) - Unknown owner - C:\GCTI\GenesysDesktop\GAD_76\bin\GDesktopDriver.exe" -service GDesktop_1 (file missing) <br/>O23 - Service: Genesys Desktop [GAD_latest] (GDesktop_2) - Unknown owner - C:\GCTI\GenesysDesktop\GAD_latest\bin\GDesktopDriver.exe" -service GDesktop_2 (file missing) <br/>O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: Genesys Interaction Concentrator [ICON_76] (ICon) - Unknown owner - C:\Program Files\GCTI\Interaction Concentrator\ICON_76\icon.exe" -host ismartpa-dbf6a9 -port 2020 -app ICON_76 -service ICon (file missing) <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) <br/>O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing) <br/>O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe <br/>O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe <br/>O23 - Service: Genesys Message Server [Message_Server_71] (MsgServer) - Unknown owner - D:\GCTI\MsgServer\Message_Server_71\MessageServer.exe" -host ismartpa-dbf6a9 -port 2020 -app Message_Server_71 -service MsgServer (file missing) <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: Genesys Outbound Contact Server [OCS76] (OCServer) - Unknown owner - D:\GCTI\OCS76\cm_server.exe" -host localhost -port 2020 -app OCS76 -service OCServer -l C:\FLEXlm\License.txt (file missing) <br/>O23 - Service: Genesys Outbound Contact Server [OCS_7610002] (OCServer_1) - Unknown owner - D:\GCTI\OCServer1\OCS_7610002\cm_server.exe" -host localhost -port 2020 -app OCS_7610002 -service OCServer_1 -l C:\FLEXlm\License.txt (file missing) <br/>O23 - Service: Genesys Outbound Contact Server [OC_Server_761] (OCServer_2) - Unknown owner - C:\Program Files\GCTI\OCServer\OC_Server_761\cm_server.exe" -host ismartpa-dbf6a9 -port 5050 -app OC_Server_761 -service OCServer_2 -l C:\FLEXlm\License.txt (file missing) <br/>O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe <br/>O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) <br/>O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe <br/>O23 - Service: Genesys Stat Server [StatServer75] (StatServer) - Unknown owner - D:\GCTI\StatServer75\statserv.exe" -host localhost -port 2020 -app StatServer75 -service StatServer (file missing) <br/>O23 - Service: Genesys Stat Server [OCS_SS] (StatServer_1) - Unknown owner - C:\Program Files\GCTI\Stat Server\OCS_SS\statserv.exe" -host ismartpa-dbf6a9 -port 2020 -app OCS_SS -service StatServer_1 (file missing) <br/>O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe <br/>O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing) <br/>O23 - Service: Genesys T-Server for Avaya Communication Manager [TServer_AvayaCM_72] (TSrvG3) - Unknown owner - D:\GCTI\TSrvG3\TServer_AvayaCM_72\g3tcp_server.exe" -host ismartpa-dbf6a9 -port 2020 -app TServer_AvayaCM_72 -service TSrvG3 -l C:\FLEXlm\License.txt (file missing) <br/>O23 - Service: Genesys SIP Server [SIPServer_75] (TSrvSIP) - Unknown owner - D:\GCTI\SIPServer_75\sip_server.exe" -host localhost -port 2020 -app SIPServer_75 -service TSrvSIP -l C:\FLEXlm\License.txt (file missing) <br/>O23 - Service: Genesys SIP Server [SIPServer] (TSrvSIP_1) - Unknown owner - C:\Program Files\GCTI\SIPServer\sip_server.exe" -host ismartpa-dbf6a9 -port 2020 -app SIPServer -service TSrvSIP_1 -l C:\FLEXlm\License.txt (file missing) <br/>O23 - Service: Genesys SIP Server [SIP76] (TSrvSIP_2) - Unknown owner - C:\Program Files\GCTI\SIP Server\SIP76\sip_server.exe" -host ismartpa-dbf6a9 -port 2020 -app SIP76 -service TSrvSIP_2 -l C:\FLEXlm\License.txt (file missing) <br/>O23 - Service: Genesys SIP Server [SIP_7500076] (TSrvSIP_3) - Unknown owner - C:\Program Files\GCTI\SIP Server\SIP_7500076\sip_server.exe" -host ismartpa-dbf6a9 -port 2020 -app SIP_7500076 -service TSrvSIP_3 -l C:\FLEXlm\License.txt (file missing) <br/>O23 - Service: Genesys Stream Manager [SM_75] (VoIPSM) - Unknown owner - C:\Program Files\GCTI\IPMX\VoIPSM\SM_75\sm.exe" -host ismartpa-dbf6a9 -port 2020 -app SM_75 -service VoIPSM (file missing) <br/>O23 - Service: Genesys Stream Manager [SM_76] (VoIPSM_1) - Unknown owner - C:\Program Files\GCTI\IPMX\SM\SM_76\sm.exe" -host ismartpa-dbf6a9 -port 2020 -app SM_76 -service VoIPSM_1 (file missing) <br/>O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) <br/>O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe <br/> <br/><--------- <br/> <br/> <br/> <br/>Malware: <br/> <br/> <br/> <br/>---------> <br/> <br/>Malwarebytes' Anti-Malware 1.41 <br/>Database version: 2775 <br/>Windows 5.1.2600 Service Pack 2 <br/> <br/>9/23/2009 12:26:34 PM <br/>mbam-log-2009-09-23 (12-26-34).txt <br/> <br/>Scan type: Full Scan (C:\|) <br/>Objects scanned: 190475 <br/>Time elapsed: 22 minute(s), 34 second(s) <br/> <br/>Memory Processes Infected: 1 <br/>Memory Modules Infected: 0 <br/>Registry Keys Infected: 1 <br/>Registry Values Infected: 2 <br/>Registry Data Items Infected: 0 <br/>Folders Infected: 1 <br/>Files Infected: 3 <br/> <br/>Memory Processes Infected: <br/>C:\Documents and Settings\All Users\Application Data\15222504\15222504.exe (Rogue.Multiple.H) -> Unloaded process successfully. <br/> <br/>Memory Modules Infected: <br/>(No malicious items detected) <br/> <br/>Registry Keys Infected: <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully. <br/> <br/>Registry Values Infected: <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\15222504 (Rogue.Multiple.H) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully. <br/> <br/>Registry Data Items Infected: <br/>(No malicious items detected) <br/> <br/>Folders Infected: <br/>C:\Documents and Settings\All Users\Application Data\15222504 (Rogue.Multiple.H) -> Quarantined and deleted successfully. <br/> <br/>Files Infected: <br/>C:\Documents and Settings\All Users\Application Data\15222504\15222504 (Rogue.Multiple.H) -> Quarantined and deleted successfully. <br/>C:\Documents and Settings\All Users\Application Data\15222504\15222504.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully. <br/>C:\Documents and Settings\All Users\Application Data\15222504\pc15222504ins (Rogue.Multiple.H) -> Quarantined and deleted successfully. <br/><--------- <br/> <br/> <br/> <br/>DDS: <br/> <br/> <br/> <br/>------------> <br/> <br/> <br/>DDS (Ver_09-07-30.01) - NTFSx86 <br/>Run by roopali at 13:09:50.96 on Wed 09/23/2009 <br/>Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12 <br/>Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1314 [GMT 5.5:30] <br/> <br/>AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} <br/> <br/>============== Running Processes =============== <br/> <br/>C:\WINDOWS\system32\svchost -k DcomLaunch <br/>svchost.exe <br/>C:\WINDOWS\System32\svchost.exe -k netsvcs <br/>C:\Program Files\Intel\Wireless\Bin\EvtEng.exe <br/>C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe <br/>C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe <br/>svchost.exe <br/>svchost.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\Program Files\McAfee\Common Framework\FrameworkService.exe <br/>C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe <br/>C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe <br/>C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe <br/>C:\WINDOWS\System32\svchost.exe -k HPZ12 <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\WINDOWS\System32\svchost.exe -k HPZ12 <br/>C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe <br/>C:\WINDOWS\system32\svchost.exe -k imgsvc <br/>C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe <br/>C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe <br/>C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe <br/>C:\WINDOWS\system32\rundll32.exe <br/>C:\WINDOWS\stsystra.exe <br/>C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE <br/>C:\Program Files\McAfee\Common Framework\UdaterUI.exe <br/>C:\Program Files\Java\jre6\bin\jusched.exe <br/>C:\Program Files\McAfee\Common Framework\McTray.exe <br/>C:\WINDOWS\vsnpstd3.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe <br/>C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Genesys VPN\Genesys VPN Client 4.8.02\cvpnd.exe <br/>D:\Downloads\avast_home_setup.exe <br/>D:\Downloads\HijackThis.exe <br/>C:\Documents and Settings\roopali.ISMARTPANACHE\Local Settings\Temporary Internet Files\Content.IE5\ARI526N5\dds[1].scr <br/> <br/>============== Pseudo HJT Report =============== <br/> <br/>uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html <br/>uStart Page = about:blank <br/>uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com <br/>mWinlogon: Taskman=c:\recycler\s-1-5-21-6899422653-3944002669-903645732-8345\czzi.exe <br/>uWinlogon: Shell=c:\recycler\s-1-5-21-6899422653-3944002669-903645732-8345\czzi.exe,explorer.exe,c:\recycler\s-1-5-21-3333944634-9177798477-081953790-9714\czzi.exe <br/>BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll <br/>BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll <br/>BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll <br/>BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File <br/>BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll <br/>BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll <br/>BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll <br/>BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll <br/>BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll <br/>BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll <br/>BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll <br/>BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll <br/>BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll <br/>TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll <br/>TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll <br/>TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll <br/>uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe <br/>uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet <br/>mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" <br/>mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless <br/>mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup <br/>mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start <br/>mRun: [SigmatelSysTrayApp] stsystra.exe <br/>mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE <br/>mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey <br/>mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" <br/>mRun: [tsnpstd3] c:\windows\tsnpstd3.exe <br/>mRun: [snpstd3] c:\windows\vsnpstd3.exe <br/>mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript <br/>dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe" <br/>StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe <br/>IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm <br/>IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm <br/>IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe <br/>IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe <br/>IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe <br/>IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe <br/>IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll <br/>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL <br/>DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://www.loksatta.com/daily/dynamic/wfplayer/tdserver.cab <br/>DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab <br/>DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab <br/>DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com.au/s/v/44.10/uploader2.cab <br/>DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab <br/>DPF: {4D1DA428-3B37-44E6-893A-D3A5BCE0E7E3} - hxxp://panorama.genesyslab.com/callcenter_enu/18382/applets/SiebelAx_HI_Client.cab <br/>DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222781157203 <br/>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab <br/>DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab <br/>DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab <br/>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab <br/>DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab <br/>DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://wiproes.webex.com/client/T26L/support/ieatgpc.cab <br/>DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 <br/>TCP: {ECBA180A-E7AD-4CB6-BF08-9D25B4933EAE} = 192.168.100.36 <br/>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL <br/>Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll <br/>AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL <br/>SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL <br/>SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll <br/>LSA: Authentication Packages = msv1_0 wvauth <br/> <br/>================= FIREFOX =================== <br/> <br/>FF - ProfilePath - <br/>FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} <br/> <br/>---- FIREFOX POLICIES ---- <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom <br/>c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); <br/>c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); <br/> <br/>============= SERVICES / DRIVERS =============== <br/> <br/>R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944] <br/>R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944] <br/>R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024] <br/>R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-11 55152] <br/>R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-9-30 104000] <br/>R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960] <br/>R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872] <br/>R2 Tomcat5;Apache Tomcat;c:\program files\apache software foundation\tomcat 5.5\bin\tomcat5.exe [2008-1-29 57344] <br/>R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-10-20 280344] <br/>R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-9-30 72264] <br/>R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-9-30 34152] <br/>R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-9-30 168776] <br/>S2 FLEXlm Service 1;FLEXlm Service 1;c:\flexlm\lmgrd.exe [2004-9-14 815104] <br/>S3 ConfigServerMT;Genesys Multitenant Configuration Server;c:\program files\gcti\multitenant configuration server\confserv.exe [2009-2-18 4795176] <br/>S3 ConfigServerST;Genesys Singletenant Configuration Server;d:\gcti\singletenant configuration server\confserv.exe [2008-10-3 5557888] <br/>S3 ConfigServerST_1;Genesys Singletenant Configuration Server (1);d:\gcti\singletenant configuration server76\confserv.exe [2009-1-8 5627100] <br/>S3 ConfigServerST_2;Genesys Singletenant Configuration Server (2);c:\program files\gcti\singletenant configuration server\confserv.exe [2009-1-23 4682952] <br/>S3 ConfigServerST_3;Genesys Singletenant Configuration Server (3);c:\program files\gcti\singletenant configuration server (1)\confserv.exe [2009-5-14 4794956] <br/>S3 DBServer;Genesys DB Server;d:\gcti\db server\multiserver.exe [2008-10-3 2225092] <br/>S3 DBServer_1;Genesys DB Server [OCS_DBServer];d:\gcti\ocs_dbserver\multiserver.exe [2008-10-3 2225092] <br/>S3 DBServer_2;Genesys DB Server [ICON_DBServer];c:\program files\gcti\db server\icon_dbserver\multiserver.exe [2009-4-24 2237572] <br/>S3 DBServer_3;Genesys DB Server [DBServer_72];c:\program files\gcti\db server\dbserver_72\multiserver.exe [2009-5-12 1833216] <br/>S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360] <br/>S3 GDesktop;Genesys Desktop [GAD75];c:\gcti\genesysdesktop\gad75\bin\GDesktopDriver.exe [2009-2-11 106496] <br/>S3 GDesktop_1;Genesys Desktop [GAD_76];c:\gcti\genesysdesktop\gad_76\bin\GDesktopDriver.exe [2009-8-5 106496] <br/>S3 GDesktop_2;Genesys Desktop [GAD_latest];c:\gcti\genesysdesktop\gad_latest\bin\GDesktopDriver.exe [2009-8-6 106496] <br/>S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 29744] <br/>S3 ICon;Genesys Interaction Concentrator [ICON_76];c:\program files\gcti\interaction concentrator\icon_76\icon.exe [2009-4-24 6690272] <br/>S3 MsgServer;Genesys Message Server [Message_Server_71];d:\gcti\msgserver\message_server_71\MessageServer.exe [2009-1-8 1846608] <br/>S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-7 34064] <br/>S3 OCServer;Genesys Outbound Contact Server [OCS76];d:\gcti\ocs76\cm_server.exe [2008-10-3 3670070] <br/>S3 OCServer_1;Genesys Outbound Contact Server [OCS_7610002];d:\gcti\ocserver1\ocs_7610002\cm_server.exe [2008-11-10 3629110] <br/>S3 OCServer_2;Genesys Outbound Contact Server [OC_Server_761];c:\program files\gcti\ocserver\oc_server_761\cm_server.exe [2009-2-18 3670070] <br/>S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-10-2 81832] <br/>S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408] <br/>S3 StatServer;Genesys Stat Server [StatServer75];d:\gcti\statserver75\statserv.exe [2008-10-3 3006515] <br/>S3 StatServer_1;Genesys Stat Server [OCS_SS];c:\program files\gcti\stat server\ocs_ss\statserv.exe [2009-2-5 3006515] <br/>S3 TSrvG3;Genesys T-Server for Avaya Communication Manager [TServer_AvayaCM_72];d:\gcti\tsrvg3\tserver_avayacm_72\g3tcp_server.exe [2009-1-8 5131348] <br/>S3 TSrvSIP;Genesys SIP Server [SIPServer_75];d:\gcti\sipserver_75\sip_server.exe [2008-10-3 9686252] <br/>S3 TSrvSIP_1;Genesys SIP Server [SIPServer];c:\program files\gcti\sipserver\sip_server.exe [2008-11-11 9678580] <br/>S3 TSrvSIP_2;Genesys SIP Server [SIP76];"c:\program files\gcti\sip server\sip76\sip_server.exe" -host ismartpa-dbf6a9 -port 2020 -app sip76 -service tsrvsip_2 -l c:\flexlm\license.txt --> c:\program files\gcti\sip server\sip76\sip_server.exe [?] <br/>S3 TSrvSIP_3;Genesys SIP Server [SIP_7500076];c:\program files\gcti\sip server\sip_7500076\sip_server.exe [2009-2-20 9899840] <br/>S3 VoIPSM;Genesys Stream Manager [SM_75];c:\program files\gcti\ipmx\voipsm\sm_75\sm.exe [2009-7-7 4251704] <br/>S3 VoIPSM_1;Genesys Stream Manager [SM_76];c:\program files\gcti\ipmx\sm\sm_76\sm.exe [2009-7-8 4380532] <br/>S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2008-9-1 104320] <br/>S4 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-9-18 1852488] <br/>S4 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656] <br/>S4 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2009-8-29 582424] <br/> <br/>=============== Created Last 30 ================ <br/> <br/>2009-09-18 16:28 <DIR> --d----- c:\docume~1\roopal~1.ism\applic~1\Malwarebytes <br/>2009-09-18 16:28 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2009-09-18 16:28 19,160 a------- c:\windows\system32\drivers\mbam.sys <br/>2009-09-18 16:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware <br/>2009-09-18 16:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes <br/>2009-09-18 15:26 <DIR> --d----- c:\documents and settings\roopali.ismartpanache\DoctorWeb <br/>2009-09-18 14:34 <DIR> --d----- c:\program files\common files\ParetoLogic <br/>2009-09-18 14:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic <br/>2009-09-18 14:34 <DIR> --d----- c:\program files\common files\XoftSpySE <br/>2009-09-18 14:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\XoftSpySE <br/>2009-09-18 14:33 <DIR> --d----- c:\program files\XoftSpySE6 <br/>2009-09-18 13:08 <DIR> --d----- c:\program files\a-squared Free <br/>2009-09-18 09:32 <DIR> --d----- C:\spoolerlogs <br/>2009-09-01 14:12 <DIR> --dsh--- C:\found.000 <br/> <br/>==================== Find3M ==================== <br/> <br/>2009-09-10 16:24 11,383 a------- c:\windows\system32\nvModes.dat <br/>2009-07-30 20:01 81,736 a------- c:\windows\system32\lmdimon8.dll <br/> <br/>============= FINISH: 13:11:26.07 =============== <br/> <br/> <br/> <br/><------------ <br/> <br/> <br/> <br/>DDS Attach.txt: <br/> <br/> <br/>------------> <br/> <br/> <br/> <br/>UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. <br/>IF REQUESTED, ZIP IT UP & ATTACH IT <br/> <br/>DDS (Ver_09-07-30.01) <br/> <br/>Microsoft Windows XP Professional <br/>Boot Device: \Device\HarddiskVolume1 <br/>Install Date: 9/30/2008 2:53:41 PM <br/>System Uptime: 9/23/2009 12:28:05 PM (1 hours ago) <br/> <br/>Motherboard: Dell Inc. | | 0JK187 <br/>Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1995/166mhz <br/>Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1995/166mhz <br/> <br/>==== Disk Partitions ========================= <br/> <br/>C: is FIXED (NTFS) - 24 GiB total, 8.027 GiB free. <br/>D: is FIXED (NTFS) - 24 GiB total, 9.849 GiB free. <br/>E: is FIXED (NTFS) - 26 GiB total, 18.588 GiB free. <br/>F: is CDROM () <br/> <br/>==== Disabled Device Manager Items ============= <br/> <br/>Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} <br/>Description: Modem Device on High Definition Audio Bus <br/>Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&10575340&0&0102 <br/>Manufacturer: <br/>Name: Modem Device on High Definition Audio Bus <br/>PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&10575340&0&0102 <br/>Service: <br/> <br/>Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} <br/>Description: Intel(R) PRO/Wireless 3945ABG Network Connection <br/>Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10228086&REV_02\4&360A6DE&0&00E1 <br/>Manufacturer: Intel Corporation <br/>Name: Intel(R) PRO/Wireless 3945ABG Network Connection <br/>PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10228086&REV_02\4&360A6DE&0&00E1 <br/>Service: w39n51 <br/> <br/>Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} <br/>Description: Cisco Systems VPN Adapter <br/>Device ID: ROOT\NET\0000 <br/>Manufacturer: Cisco Systems <br/>Name: Cisco Systems VPN Adapter <br/>PNP Device ID: ROOT\NET\0000 <br/>Service: CVirtA <br/> <br/>==== System Restore Points =================== <br/> <br/>RP193: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP194: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP195: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP196: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP197: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP198: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP199: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP200: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP201: 9/23/2009 12:32:36 PM - Installed Microsoft Office Live Meeting 2007 <br/>RP202: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP203: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP204: 9/23/2009 12:32:36 PM - Installed MoRUN.net Secure Reminder <br/>RP205: 9/23/2009 12:32:36 PM - Installed HideAnyWindow <br/>RP206: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP207: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP208: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP209: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP210: 9/23/2009 12:32:36 PM - Installed iBall Pro Cam 486 <br/>RP211: 9/23/2009 12:32:36 PM - Unsigned driver install <br/>RP212: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP213: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP214: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP215: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP216: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP217: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP218: 9/23/2009 12:32:36 PM - Software Distribution Service 3.0 <br/>RP219: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP220: 9/23/2009 12:32:36 PM - System Checkpoint <br/>RP221: 9/23/2009 12:32:37 PM - System Checkpoint <br/>RP222: 9/23/2009 12:32:37 PM - System Checkpoint <br/>RP223: 9/23/2009 12:32:37 PM - System Checkpoint <br/>RP224: 9/23/2009 12:32:37 PM - System Checkpoint <br/>RP225: 9/23/2009 12:32:37 PM - System Checkpoint <br/> <br/>==== Installed Programs ====================== <br/> <br/>32 Bit HP CIO Components Installer <br/>a-squared Free 4.0 <br/>Adobe Flash Player 10 ActiveX <br/>Adobe Reader 7.0 <br/>Adobe Shockwave Player <br/>Apache Tomcat 5.5 (remove only) <br/>Apple Mobile Device Support <br/>Apple Software Update <br/>Avanquest update <br/>Bonjour <br/>Broadcom Gigabit Integrated Controller <br/>Broadcom TPM Driver Installer <br/>BufferChm <br/>CCPulse+ <br/>Choice Guard <br/>Compatibility Pack for the 2007 Office system <br/>Configuration Import Wizard <br/>Configuration Manager <br/>Data Doctor Recovery NTFS (Demo) <br/>Dell Embassy Trust Suite by Wave Systems <br/>Dell Mobile Broadband Card Utility <br/>Dell Resource CD <br/>DS Clock <br/>ETS Upgrade <br/>F4100_doccd <br/>FlashGet 1.9.6.1073 <br/>FLEXlm License Manager 9.5 <br/>Genesys ActiveX Interface for Desktop Toolkit 7.2.000.00 <br/>Genesys Agent Desktop .NET Toolkit 7.1.000.06 <br/>Genesys CCPulse+ 7.5.000.10 <br/>Genesys Configuration Import Wizard 7.5.000.08 <br/>Genesys Configuration Manager 7.5.000.11 <br/>Genesys DB Server 7.2.000.03 [DBServer_72] <br/>Genesys DB Server 7.5.000.07 <br/>Genesys DB Server 7.5.000.07 [OCS_DBServer] <br/>Genesys DB Server 7.5.000.11 [ICON_DBServer] <br/>Genesys Desktop 7.5.004.13 [GAD75] <br/>Genesys Desktop 7.6.100.19 [GAD_76] <br/>Genesys Desktop 7.6.202.02 [GAD_latest] <br/>Genesys Interaction Concentrator 7.6.100.18 [ICON_76] <br/>Genesys Interaction Routing Designer 7.5.002.01 <br/>Genesys Message Server 7.1.100.00 [Message_Server_71] <br/>Genesys Multitenant Configuration Server 7.2.000.15 <br/>Genesys Outbound Contact Manager 7.6.100.01 <br/>Genesys Outbound Contact Server 7.6.100.02 [OCS_7610002] <br/>Genesys Outbound Contact Server 7.6.101.06 [OC_Server_761] <br/>Genesys Outbound Contact Server 7.6.101.06 [OCS76] <br/>Genesys Singletenant Configuration Server 7.1.100.14 <br/>Genesys Singletenant Configuration Server 7.2.000.05 <br/>Genesys Singletenant Configuration Server 7.5.000.11 <br/>Genesys Singletenant Configuration Server 7.6.000.20 <br/>Genesys SIP Server 7.5.000.16 [SIPServer] <br/>Genesys SIP Server 7.5.000.22 [SIPServer_75] <br/>Genesys SIP Server 7.5.000.76 [SIP_7500076] <br/>Genesys SIP Server 7.6.000.72 [SIP76] <br/>Genesys Stat Server 7.5.000.21 [StatServer75] <br/>Genesys Stat Server 7.5.000.27 [OCS_SS] <br/>Genesys Stream Manager 7.5.004.02 [SM_75] <br/>Genesys Stream Manager 7.6.002.02 [SM_76] <br/>Genesys T-Server for Avaya Communication Manager 7.2.014.04 [TServer_AvayaCM_72] <br/>GoldWave v5.52 <br/>Google Desktop <br/>Google Toolbar for Internet Explorer <br/>HideAnyWindow <br/>HijackThis 1.99.1 <br/>Hotfix for Windows XP (KB914440) <br/>Hotfix for Windows XP (KB915865) <br/>Hotfix for Windows XP (KB952287) <br/>Hotfix for Windows XP (KB954708) <br/>iBall Pro Cam 486 <br/>Intel(R) PROSet/Wireless Software <br/>iTunes <br/>Java DB 10.4.1.3 <br/>Java Web Start <br/>Java(TM) 6 Update 12 <br/>Java(TM) SE Development Kit 6 Update 12 <br/>Junk Mail filter update <br/>Malwarebytes' Anti-Malware <br/>McAfee VirusScan Enterprise <br/>mCore <br/>mDriver <br/>mDrWiFi <br/>mHlpDell <br/>Microsoft .NET Framework 1.1 <br/>Microsoft .NET Framework 1.1 Hotfix (KB928366) <br/>Microsoft .NET Framework 2.0 <br/>Microsoft Application Error Reporting <br/>Microsoft Internationalized Domain Names Mitigation APIs <br/>Microsoft National Language Support Downlevel APIs <br/>Microsoft Office Communicator 2005 <br/>Microsoft Office Live Add-in 1.3 <br/>Microsoft Office Live Meeting 2007 <br/>Microsoft Office Outlook Connector <br/>Microsoft Office Proof (English) 2007 <br/>Microsoft Office Proof (French) 2007 <br/>Microsoft Office Proof (Spanish) 2007 <br/>Microsoft Office Proofing (English) 2007 <br/>Microsoft Office Shared MUI (English) 2007 <br/>Microsoft Office Shared Setup Metadata MUI (English) 2007 <br/>Microsoft Office Standard Edition 2003 <br/>Microsoft Office Visio MUI (English) 2007 <br/>Microsoft Office Visio Professional 2007 <br/>Microsoft Search Enhancement Pack <br/>Microsoft Silverlight <br/>Microsoft Software Update for Web Folders (English) 12 <br/>Microsoft SQL Server 2000 <br/>Microsoft SQL Server 2005 Compact Edition [ENU] <br/>Microsoft Sync Framework Runtime Native v1.0 (x86) <br/>Microsoft Sync Framework Services Native v1.0 (x86) <br/>Microsoft Visual C++ 2005 Redistributable <br/>mIWA <br/>mLogView <br/>mMHouse <br/>Modem Helper <br/>MoRUN.net Secure Reminder <br/>Mozilla Firefox (1.5) <br/>mPfMgr <br/>mPfWiz <br/>mProSafe <br/>mSSO <br/>MSVCRT <br/>MSXML 4.0 SP2 (KB936181) <br/>MSXML 4.0 SP2 (KB954430) <br/>mWlsSafe <br/>mWMI <br/>mXML <br/>mZConfig <br/>Norton PC Checkup <br/>NTRU Hybrid TSS v2.0.25 <br/>NVIDIA Drivers <br/>Outbound Contact Manager <br/>PhotoScape <br/>Picasa 3 <br/>PuTTY version 0.60 <br/>QuickTime <br/>Reliance Netconnect - Broadband+ <br/>Security Update for Windows Internet Explorer 7 (KB938127-v2) <br/>Security Update for Windows Internet Explorer 7 (KB938127) <br/>Security Update for Windows Internet Explorer 7 (KB953838) <br/>Security Update for Windows Internet Explorer 7 (KB956390) <br/>Security Update for Windows Internet Explorer 7 (KB958215) <br/>Security Update for Windows Internet Explorer 7 (KB960714) <br/>Security Update for Windows Internet Explorer 7 (KB961260) <br/>Security Update for Windows Media Player (KB911564) <br/>Security Update for Windows Media Player (KB952069) <br/>Security Update for Windows Media Player 6.4 (KB925398) <br/>Security Update for Windows Media Player 9 (KB936782) <br/>Security Update for Windows XP (KB890046) <br/>Security Update for Windows XP (KB893756) <br/>Security Update for Windows XP (KB896358) <br/>Security Update for Windows XP (KB896423) <br/>Security Update for Windows XP (KB896428) <br/>Security Update for Windows XP (KB899587) <br/>Security Update for Windows XP (KB899591) <br/>Security Update for Windows XP (KB900725) <br/>Security Update for Windows XP (KB901017) <br/>Security Update for Windows XP (KB901214) <br/>Security Update for Windows XP (KB902400) <br/>Security Update for Windows XP (KB905414) <br/>Security Update for Windows XP (KB905749) <br/>Security Update for Windows XP (KB908519) <br/>Security Update for Windows XP (KB911562) <br/>Security Update for Windows XP (KB911927) <br/>Security Update for Windows XP (KB913580) <br/>Security Update for Windows XP (KB914388) <br/>Security Update for Windows XP (KB914389) <br/>Security Update for Windows XP (KB918118) <br/>Security Update for Windows XP (KB918439) <br/>Security Update for Windows XP (KB920213) <br/>Security Update for Windows XP (KB920670) <br/>Security Update for Windows XP (KB920683) <br/>Security Update for Windows XP (KB920685) <br/>Security Update for Windows XP (KB921883) <br/>Security Update for Windows XP (KB923191) <br/>Security Update for Windows XP (KB923414) <br/>Security Update for Windows XP (KB923980) <br/>Security Update for Windows XP (KB924270) <br/>Security Update for Windows XP (KB924667) <br/>Security Update for Windows XP (KB925902) <br/>Security Update for Windows XP (KB926255) <br/>Security Update for Windows XP (KB926436) <br/>Security Update for Windows XP (KB927779) <br/>Security Update for Windows XP (KB927802) <br/>Security Update for Windows XP (KB928255) <br/>Security Update for Windows XP (KB928843) <br/>Security Update for Windows XP (KB929123) <br/>Security Update for Windows XP (KB930178) <br/>Security Update for Windows XP (KB931261) <br/>Security Update for Windows XP (KB931784) <br/>Security Update for Windows XP (KB932168) <br/>Security Update for Windows XP (KB933729) <br/>Security Update for Windows XP (KB935839) <br/>Security Update for Windows XP (KB935840) <br/>Security Update for Windows XP (KB936021) <br/>Security Update for Windows XP (KB937894) <br/>Security Update for Windows XP (KB938464) <br/>Security Update for Windows XP (KB941569) <br/>Security Update for Windows XP (KB941693) <br/>Security Update for Windows XP (KB943055) <br/>Security Update for Windows XP (KB943460) <br/>Security Update for Windows XP (KB943485) <br/>Security Update for Windows XP (KB944653) <br/>Security Update for Windows XP (KB945553) <br/>Security Update for Windows XP (KB946026) <br/>Security Update for Windows XP (KB946648) <br/>Security Update for Windows XP (KB948590) <br/>Security Update for Windows XP (KB950749) <br/>Security Update for Windows XP (KB950762) <br/>Security Update for Windows XP (KB950974) <br/>Security Update for Windows XP (KB951066) <br/>Security Update for Windows XP (KB951376-v2) <br/>Security Update for Windows XP (KB951698) <br/>Security Update for Windows XP (KB951748) <br/>Security Update for Windows XP (KB952954) <br/>Security Update for Windows XP (KB953839) <br/>Security Update for Windows XP (KB954211) <br/>Security Update for Windows XP (KB954600) <br/>Security Update for Windows XP (KB955069) <br/>Security Update for Windows XP (KB956391) <br/>Security Update for Windows XP (KB956802) <br/>Security Update for Windows XP (KB956803) <br/>Security Update for Windows XP (KB956841) <br/>Security Update for Windows XP (KB957095) <br/>Security Update for Windows XP (KB957097) <br/>Security Update for Windows XP (KB958644) <br/>Security Update for Windows XP (KB958687) <br/>Security Update for Windows XP (KB958690) <br/>Security Update for Windows XP (KB960225) <br/>Security Update for Windows XP (KB960715) <br/>Segoe UI <br/>SigmaTel Audio <br/>Simulator Test Toolkit <br/>Skype 3.0 <br/>Skype Plugin Manager <br/>Sony Ericsson PC Suite 3.106.00 <br/>Sony Ericsson Themes Creator 4.01 <br/>SUPERAntiSpyware Free Edition <br/>TextPad 4.7 <br/>UnloadSupport <br/>Update for Windows XP (KB894391) <br/>Update for Windows XP (KB898461) <br/>Update for Windows XP (KB900485) <br/>Update for Windows XP (KB904942) <br/>Update for Windows XP (KB908531) <br/>Update for Windows XP (KB910437) <br/>Update for Windows XP (KB911280) <br/>Update for Windows XP (KB916595) <br/>Update for Windows XP (KB920872) <br/>Update for Windows XP (KB922582) <br/>Update for Windows XP (KB927891) <br/>Update for Windows XP (KB930916) <br/>Update for Windows XP (KB932823-v3) <br/>Update for Windows XP (KB936357) <br/>Update for Windows XP (KB938828) <br/>Update for Windows XP (KB951072-v2) <br/>Update for Windows XP (KB955839) <br/>Update for Windows XP (KB967715) <br/>VDownloader 0.73 <br/>VideoLAN VLC media player 0.8.6 <br/>VNC Free Edition 4.1.3 <br/>VPN Client <br/>Wave Infrastructure Installer <br/>Wave Support Software <br/>WebEx <br/>WebFldrs XP <br/>Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0) <br/>Windows Genuine Advantage Notifications (KB905474) <br/>Windows Genuine Advantage Validation Tool (KB892130) <br/>Windows Imaging Component <br/>Windows Installer 3.1 (KB893803) <br/>Windows Internet Explorer 7 <br/>Windows Live Call <br/>Windows Live Communications Platform <br/>Windows Live Essentials <br/>Windows Live Family Safety <br/>Windows Live Mail <br/>Windows Live Messenger <br/>Windows Live Photo Gallery <br/>Windows Live Sign-in Assistant <br/>Windows Live Sync <br/>Windows Live Toolbar <br/>Windows Live Upload Tool <br/>Windows Live Writer <br/>Windows XP Hotfix - KB873339 <br/>Windows XP Hotfix - KB885835 <br/>Windows XP Hotfix - KB885836 <br/>Windows XP Hotfix - KB886185 <br/>Windows XP Hotfix - KB887472 <br/>Windows XP Hotfix - KB888302 <br/>Windows XP Hotfix - KB890859 <br/>Windows XP Hotfix - KB891781 <br/>WinPcap 4.0.2 <br/>WinRAR archiver <br/>WinUndelete <br/>WinZip <br/>Wireshark 1.0.6 <br/>X-Lite 3.0 <br/>XoftSpySE <br/>Yahoo! Messenger <br/>Yahoo! Toolbar <br/> <br/>==== Event Viewer Messages From Past Week ======== <br/> <br/>9/23/2009 12:29:50 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service XoftSpyService with arguments "" in order to run the server: {98C10DD6-B90D-4400-9F33-93CBDFF44DBA} <br/>9/23/2009 12:05:19 PM, error: Service Control Manager [7034] - The Genesys DB Server service terminated unexpectedly. It has done this 1 time(s). <br/>9/23/2009 12:05:15 PM, error: Service Control Manager [7034] - The Genesys Singletenant Configuration Server service terminated unexpectedly. It has done this 1 time(s). <br/>9/22/2009 7:29:23 PM, error: System Error [1003] - Error code 000000d1, parameter1 00000006, parameter2 00000002, parameter3 00000000, parameter4 b19682a9. <br/>9/21/2009 7:25:40 AM, error: NETLOGON [5719] - No Domain Controller is available for domain ISMARTPANACHE due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. <br/>9/20/2009 7:34:15 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. <br/>9/18/2009 4:28:02 PM, error: Service Control Manager [7034] - The FLEXlm Service 1 service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:44:00 PM, error: NetBT [4321] - The name "ISMARTPANACHE :1d" could not be registered on the Interface with IP address 192.168.100.73. The machine with the IP address 192.168.100.10 did not allow the name to be claimed by this machine. <br/>9/18/2009 3:40:39 PM, error: Service Control Manager [7034] - The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:25:39 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>9/18/2009 3:25:29 PM, error: Service Control Manager [7034] - The McAfee Framework Service service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:25:26 PM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:25:17 PM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:25:12 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:24:36 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>9/18/2009 3:24:25 PM, error: Service Control Manager [7031] - The a-squared Free Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. <br/>9/18/2009 3:20:28 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:20:23 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:20:14 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. <br/>9/18/2009 3:20:09 PM, error: Service Control Manager [7034] - The DataSvr2 service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:20:01 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:19:59 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:19:48 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:11:27 PM, error: NetBT [4321] - The name "ISMARTPANACHE :1d" could not be registered on the Interface with IP address 192.168.100.95. The machine with the IP address 192.168.100.10 did not allow the name to be claimed by this machine. <br/>9/18/2009 3:11:27 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is GENESYS2. <br/>9/18/2009 3:10:41 PM, error: Service Control Manager [7034] - The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:10:32 PM, error: Service Control Manager [7034] - The McAfee Task Manager service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:10:30 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:10:17 PM, error: Service Control Manager [7034] - The a-squared Free Service service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:09:39 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 3:09:15 PM, error: Service Control Manager [7034] - The AntiPol service terminated unexpectedly. It has done this 1 time(s). <br/>9/18/2009 2:50:54 PM, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the file specified. <br/>9/18/2009 2:48:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} <br/>9/18/2009 11:54:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip <br/>9/18/2009 11:54:21 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. <br/>9/18/2009 11:54:21 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>9/18/2009 11:54:21 AM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>9/18/2009 11:54:21 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>9/18/2009 11:54:21 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. <br/>9/18/2009 11:54:21 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>9/18/2009 11:54:21 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>9/18/2009 1:57:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} <br/>9/18/2009 1:08:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL <br/>9/18/2009 1:05:50 PM, error: NETLOGON [5719] - No Domain Controller is available for domain ISMARTPANACHE due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. <br/>9/17/2009 4:34:54 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer GENESYS2 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ECBA180A-E7AD-4CB6-. The master browser is stopping or an election is being forced. <br/>9/16/2009 7:33:16 AM, error: NetBT [4321] - The name "ISMARTPANACHE :1d" could not be registered on the Interface with IP address 192.168.100.95. The machine with the IP address 192.168.100.67 did not allow the name to be claimed by this machine. <br/>9/16/2009 1:30:46 PM, error: Service Control Manager [7034] - The Genesys Desktop [GAD_latest] service terminated unexpectedly. It has done this 1 time(s). <br/> <br/>==== End Of File =========================== <br/><------------ <br/> <br/> <br/> <br/>Please let me know if the virus has been removed. If not, how do I do the same and avoid it in future. <br/> <br/> <br/> <br/>Thank you. <br/> <br/> <br/> <br/>Best Regards, <br/> <br/>Tina
Posted 9/23/2009 7:49 AM
#77662
User avatar

tinasg Valued member

Date Joined Nov 2016
Total Posts: 13
These are the Malware logs when I had scanned it after the first occurance of the virus: <br/> <br/> <br/>-----------> <br/> <br/>Malwarebytes' Anti-Malware 1.41 <br/>Database version: 2775 <br/>Windows 5.1.2600 Service Pack 2 <br/> <br/>9/20/2009 7:32:18 PM <br/>mbam-log-2009-09-20 (19-32-18).txt <br/> <br/>Scan type: Full Scan (C:\|) <br/>Objects scanned: 187097 <br/>Time elapsed: 21 minute(s), 46 second(s) <br/> <br/>Memory Processes Infected: 0 <br/>Memory Modules Infected: 0 <br/>Registry Keys Infected: 3 <br/>Registry Values Infected: 1 <br/>Registry Data Items Infected: 2 <br/>Folders Infected: 0 <br/>Files Infected: 10 <br/> <br/>Memory Processes Infected: <br/>(No malicious items detected) <br/> <br/>Memory Modules Infected: <br/>(No malicious items detected) <br/> <br/>Registry Keys Infected: <br/>HKEY_CLASSES_ROOT\CLSID\{77dc0b63-1535-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77dc0b63-1535-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77dc0b63-1535-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully. <br/> <br/>Registry Values Infected: <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully. <br/> <br/>Registry Data Items Infected: <br/>HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\system32\desot.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. <br/> <br/>Folders Infected: <br/>(No malicious items detected) <br/> <br/>Files Infected: <br/>C:\WINDOWS\system32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully. <br/>C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\system32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\system32\desot.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\svchast.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. <br/><-----------
Posted 9/23/2009 9:07 AM
#77663
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello tinasg :smile: <br/> <br/> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB">Please download Combofix from:<SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-US; mso-bidi-font-size: 11.0pt"> <SPAN style="FONT-SIZE: 8.5pt; COLOR: black; FONT-FAMILY: Verdana"><SPAN lang=EN-GB style="mso-ansi-language: EN-GB">http://download.bleepingcomputer.com/sUBs/ComboFix.exe<SPAN lang=EN-GB style="mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt"> <SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB">And save to the desktop.<SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt"> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN; mso-bidi-font-size: 11.0pt">Close all other browser windows.<o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN; mso-bidi-font-size: 11.0pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Double-click on the combofix icon found on your desktop. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><B style="mso-bidi-font-weight: normal"><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt">Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.<o:p></o:p></B> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt"> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"><SPAN style="mso-spacerun: yes"> When finished, it will produce a logfile located at C:\combofix.txt.<SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"> <SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt"> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB">Post the contents of that log in your next reply.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/23/2009 10:00 AM
#77665
User avatar

tinasg Valued member

Date Joined Nov 2016
Total Posts: 13
[color=black>Hello] <br/>[/color] <br/> <br/>[color=black>Thank] [/color] <br/> <br/>[color=black>I] <br/> <br/><FONT color=black>[/color] <br/> <br/>[color=black>---------> <br/> <br/>Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1494 [GMT 5.5:30] <br/>Running from: d:\downloads\ComboFix.exe <br/>AV: avast! antivirus 4.8.1351 [VPS 090922-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} <br/>AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} <br/> * Resident AV is active[/color] <br/> <br/>[color=black>. <br/> <br/>.[/color] <br/> <br/>[color=black>c:\recycler\S-1-5-21-3333944634-9177798477-081953790-9714 <br/>c:\recycler\S-1-5-21-6899422653-3944002669-903645732-8345 <br/>c:\recycler\S-1-5-21-6899422653-3944002669-903645732-8345\czzi.exe <br/>c:\recycler\S-1-5-21-6899422653-3944002669-903645732-8345\Desktop.ini <br/>c:\windows\system32\AutoRun.inf <br/>c:\windows\system32\config\systemprofile\Desktop\Total]c:\windows\system32\config\systemprofile\Start Menu\Programs\Total Security <br/>c:\windows\system32\config\systemprofile\Start Menu\Programs\Total Security\Total Security 2009.lnk <br/>c:\windows\system32\drivers\gasfkyiqqtgenx.sys <br/>c:\windows\system32\drivers\gasfkympcfairx.sys <br/>c:\windows\system32\drivers\gasfkyvkyappbn.sys <br/>c:\windows\system32\drivers\gasfkyxiwwbcve.sys <br/>c:\windows\system32\gasfkybegvxsvv.dat <br/>c:\windows\system32\gasfkybilcxqvj.dll <br/>c:\windows\system32\gasfkyduisyfda.dat <br/>c:\windows\system32\gasfkyethprifx.dll <br/>c:\windows\system32\gasfkygwuwmrxr.dll <br/>c:\windows\system32\gasfkyjctnsbav.dll <br/>c:\windows\system32\gasfkyjeytuxym.dll <br/>c:\windows\system32\gasfkykoexdkoa.dat <br/>c:\windows\system32\gasfkylnqvdlyx.dat <br/>c:\windows\system32\gasfkyropfqihs.dll <br/>c:\windows\system32\gasfkyswrtmoil.dll <br/>c:\windows\system32\gasfkyuhtuxgsk.dll <br/>c:\windows\system32\gasfkywmimrmtn.dat <br/>c:\windows\system32\gasfkyxbtexuwk.dll <br/>c:\windows\system32\gasfkyyiigmoym.dat <br/>c:\windows\wiaservv.log[/color] <br/> <br/>[color=black>. <br/>((((((((((((((((((((((((((((((((((((((( ].[/color] <br/> <br/>[color=black>-------\Service_gasfkympxmbufq <br/>-------\Legacy_gasfkympxmbufq <br/>-------\Service_gasfkytqltpqlx <br/>-------\Legacy_gasfkytqltpqlx <br/>-------\Service_gasfkyvdymybyr <br/>-------\Legacy_gasfkyvdymybyr <br/> <br/> <br/>.[/color] <br/> <br/>[color=black>2009-09-23]2009-09-23 08:17 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys <br/>2009-09-23 08:17 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys <br/>2009-09-23 08:17 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys <br/>2009-09-23 08:17 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys <br/>2009-09-23 08:17 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr <br/>2009-09-23 08:17 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys <br/>2009-09-23 08:17 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys <br/>2009-09-23 08:16 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe <br/>2009-09-23 08:16 . 2009-09-23 08:16 -------- d-----w- c:\program files\Alwil Software <br/>2009-09-18 10:58 . 2009-09-18 10:58 -------- d-----w- c:\documents and settings\roopali.ISMARTPANACHE\Application Data\Malwarebytes <br/>2009-09-18 10:58 . 2009-09-10 09:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2009-09-18 10:58 . 2009-09-18 10:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2009-09-18 10:58 . 2009-09-18 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes <br/>2009-09-18 10:58 . 2009-09-10 09:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2009-09-18 09:56 . 2009-09-20 15:06 -------- d-----w- c:\documents and settings\roopali.ISMARTPANACHE\DoctorWeb <br/>2009-09-18 09:04 . 2009-09-18 09:04 -------- d-----w- c:\program files\Common Files\ParetoLogic <br/>2009-09-18 09:04 . 2009-09-18 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic <br/>2009-09-18 09:04 . 2009-09-18 09:04 -------- d-----w- c:\program files\Common Files\XoftSpySE <br/>2009-09-18 09:04 . 2009-09-18 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE <br/>2009-09-18 09:03 . 2009-09-18 09:04 -------- d-----w- c:\program files\XoftSpySE6 <br/>2009-09-18 07:38 . 2009-09-18 09:12 -------- d-----w- c:\program files\a-squared Free <br/>2009-09-18 04:02 . 2009-09-18 04:02 -------- d-----w- C:\spoolerlogs <br/>2009-09-01 08:42 . 2009-09-01 08:42 -------- d-----w- C:\found.000[/color] <br/> <br/>[color=black>. <br/>(((((((((((((((((((((((((((((((((((((((( ]. <br/>2009-09-23 09:46 . 2008-09-30 08:42 11383 ----a-w- c:\windows\system32\nvModes.dat <br/>2009-09-23 09:25 . 2008-10-06 05:39 -------- d-----w- c:\program files\FlashGet <br/>2009-09-22 04:35 . 2009-02-26 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help <br/>2009-09-04 13:52 . 2009-05-08 08:57 -------- d-----w- c:\program files\Microsoft Silverlight <br/>2009-09-03 15:02 . 2008-09-30 10:07 -------- d-----w- c:\program files\Microsoft Office Communicator <br/>2009-08-19 06:11 . 2009-08-19 06:11 -------- d-----w- c:\program files\Common Files\snpstd3 <br/>2009-08-19 06:11 . 2008-09-30 08:43 -------- d--h--w- c:\program files\InstallShield Installation Information <br/>2009-08-17 05:47 . 2009-08-17 05:46 -------- d-----w- c:\program files\Reliance Netconnect - Broadband+ <br/>2009-08-15 10:19 . 2009-02-19 02:46 24912 ----a-w- c:\documents and settings\roopali.ISMARTPANACHE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT <br/>2009-08-12 10:47 . 2009-08-12 10:46 -------- d-----w- c:\program files\HideAnyWindow <br/>2009-08-12 10:40 . 2009-08-12 10:40 -------- d-----w- c:\documents and settings\roopali.ISMARTPANACHE\Application Data\MoRUN.net <br/>2009-08-12 10:40 . 2009-08-12 10:40 -------- d-----w- c:\program files\MoRUN.net <br/>2009-08-06 16:44 . 2009-08-06 16:44 -------- d-----w- c:\program files\GoldWave <br/>2009-08-06 15:07 . 2009-08-06 15:07 -------- d-----w- c:\program files\DIFX <br/>2009-07-30 14:31 . 2009-08-06 15:07 81736 ----a-w- c:\windows\system32\lmdimon8.dll <br/>2008-09-30 10:20 . 2008-09-30 10:20 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll <br/>2008-09-30 09:58 . 2008-09-30 09:58 60526 ----a-w- c:\program files\mozilla firefox\components\jar50.dll <br/>2008-09-30 09:58 . 2008-09-30 09:58 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll <br/>2008-09-30 09:58 . 2008-09-30 09:58 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll <br/>.[/color] <br/> <br/>[color=black>((((((((((((((((((((((((((((((((((((( ]. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4[/color] <br/> <br/>[color=black>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"IntelZeroConfig"="c:\program]"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] <br/>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472] <br/>"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216] <br/>"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] <br/>"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 148888] <br/>"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] <br/>"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] <br/>"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] <br/>"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728] <br/>"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624][/color] <br/> <br/>[color=black>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"Communicator"="c:\program] <br/> <br/><FONT color=black>c:\documents and settings\All Users\Start Menu\Programs\Startup\ <br/>Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-9-30 69632][/color] <br/> <br/>[color=black>[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] <br/>"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=] <br/> <br/><FONT color=black>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] <br/>2008-07-23 10:58 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll[/color] <br/> <br/>[color=black>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] <br/>Authentication] <br/> <br/><FONT color=black>[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] <br/>path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk <br/>backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup[/color] <br/> <br/>[color=black>[HKLM\~\startupfolder\C:^Documents]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk <br/>backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup[/color] <br/> <br/>[color=black>[HKLM\~\startupfolder\C:^Documents]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Genesys VPN Client.lnk <br/>backup=c:\windows\pss\Genesys VPN Client.lnkCommon Startup[/color] <br/> <br/>[color=black>[HKEY_LOCAL_MACHINE\software\microsoft\shared]"XoftSpyService"=3 (0x3) <br/>"SeaPort"=2 (0x2) <br/>"iPod Service"=3 (0x3) <br/>"DataSvr2"=2 (0x2) <br/>"Bonjour Service"=2 (0x2) <br/>"Apple Mobile Device"=2 (0x2) <br/>"a2free"=2 (0x2)[/color] <br/> <br/>[color=black>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] <br/>"EnableFirewall"=] <br/> <br/><FONT color=black>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= <br/>"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"= <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"c:\\Program Files\\FlashGet\\flashget.exe"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= <br/>"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= <br/>"c:\\Program Files\\iTunes\\iTunes.exe"=[/color] <br/> <br/>[color=black>R1]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/3/2008 2:07 PM 8944] <br/>R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 55024] <br/>R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/23/2009 1:47 PM 20560] <br/>R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [6/11/2009 8:53 AM 55152] <br/>R2 Tomcat5;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [1/29/2008 2:10 AM 57344] <br/>S2 FLEXlm Service 1;FLEXlm Service 1;c:\flexlm\lmgrd.exe [9/14/2004 2:44 PM 815104] <br/>S3 ConfigServerMT;Genesys Multitenant Configuration Server;c:\program files\GCTI\Multitenant Configuration Server\confserv.exe [2/18/2009 11:53 AM 4795176] <br/>S3 ConfigServerST;Genesys Singletenant Configuration Server;d:\gcti\Singletenant Configuration Server\confserv.exe [10/3/2008 9:51 AM 5557888] <br/>S3 ConfigServerST_1;Genesys Singletenant Configuration Server (1);d:\gcti\Singletenant Configuration Server76\confserv.exe [1/8/2009 1:10 PM 5627100] <br/>S3 ConfigServerST_2;Genesys Singletenant Configuration Server (2);c:\program files\GCTI\Singletenant Configuration Server\confserv.exe [1/23/2009 2:30 PM 4682952] <br/>S3 ConfigServerST_3;Genesys Singletenant Configuration Server (3);c:\program files\GCTI\Singletenant Configuration Server (1)\confserv.exe [5/14/2009 9:50 PM 4794956] <br/>S3 DBServer;Genesys DB Server;d:\gcti\DB Server\multiserver.exe [10/3/2008 9:50 AM 2225092] <br/>S3 DBServer_1;Genesys DB Server [OCS_DBServer];d:\gcti\OCS_DBServer\multiserver.exe [10/3/2008 10:10 AM 2225092] <br/>S3 DBServer_2;Genesys DB Server [ICON_DBServer];c:\program files\GCTI\DB Server\ICON_DBServer\multiserver.exe [4/24/2009 11:20 AM 2237572] <br/>S3 DBServer_3;Genesys DB Server [DBServer_72];c:\program files\GCTI\DB Server\DBServer_72\multiserver.exe [5/12/2009 9:02 PM 1833216] <br/>S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360] <br/>S3 GDesktop;Genesys Desktop [GAD75];c:\gcti\GenesysDesktop\GAD75\bin\GDesktopDriver.exe [2/11/2009 9:46 AM 106496] <br/>S3 GDesktop_1;Genesys Desktop [GAD_76];c:\gcti\GenesysDesktop\GAD_76\bin\GDesktopDriver.exe [8/5/2009 4:16 PM 106496] <br/>S3 GDesktop_2;Genesys Desktop [GAD_latest];c:\gcti\GenesysDesktop\GAD_latest\bin\GDesktopDriver.exe [8/6/2009 10:36 PM 106496] <br/>S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/30/2008 3:50 PM 29744] <br/>S3 ICon;Genesys Interaction Concentrator [ICON_76];c:\program files\GCTI\Interaction Concentrator\ICON_76\icon.exe [4/24/2009 11:41 AM 6690272] <br/>S3 MsgServer;Genesys Message Server [Message_Server_71];d:\gcti\MsgServer\Message_Server_71\MessageServer.exe [1/8/2009 10:03 AM 1846608] <br/>S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/7/2007 1:52 AM 34064] <br/>S3 OCServer;Genesys Outbound Contact Server [OCS76];d:\gcti\OCS76\cm_server.exe [10/3/2008 2:08 PM 3670070] <br/>S3 OCServer_1;Genesys Outbound Contact Server [OCS_7610002];d:\gcti\OCServer1\OCS_7610002\cm_server.exe [11/10/2008 9:13 AM 3629110] <br/>S3 OCServer_2;Genesys Outbound Contact Server [OC_Server_761];c:\program files\GCTI\OCServer\OC_Server_761\cm_server.exe [2/18/2009 11:57 AM 3670070] <br/>S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [10/2/2008 11:19 AM 81832] <br/>S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408] <br/>S3 StatServer;Genesys Stat Server [StatServer75];d:\gcti\StatServer75\statserv.exe [10/3/2008 1:48 PM 3006515] <br/>S3 StatServer_1;Genesys Stat Server [OCS_SS];c:\program files\GCTI\Stat Server\OCS_SS\statserv.exe [2/5/2009 4:23 PM 3006515] <br/>S3 TSrvG3;Genesys T-Server for Avaya Communication Manager [TServer_AvayaCM_72];d:\gcti\TSrvG3\TServer_AvayaCM_72\g3tcp_server.exe [1/8/2009 10:04 AM 5131348] <br/>S3 TSrvSIP;Genesys SIP Server [SIPServer_75];d:\gcti\SIPServer_75\sip_server.exe [10/3/2008 1:42 PM 9686252] <br/>S3 TSrvSIP_1;Genesys SIP Server [SIPServer];c:\program files\GCTI\SIPServer\sip_server.exe [11/11/2008 11:50 AM 9678580] <br/>S3 TSrvSIP_2;Genesys SIP Server [SIP76];"c:\program files\GCTI\SIP Server\SIP76\sip_server.exe" -host ismartpa-dbf6a9 -port 2020 -app SIP76 -service TSrvSIP_2 -l c:\flexlm\License.txt --> c:\program files\GCTI\SIP Server\SIP76\sip_server.exe [?] <br/>S3 TSrvSIP_3;Genesys SIP Server [SIP_7500076];c:\program files\GCTI\SIP Server\SIP_7500076\sip_server.exe [2/20/2009 11:46 AM 9899840] <br/>S3 VoIPSM;Genesys Stream Manager [SM_75];c:\program files\GCTI\IPMX\VoIPSM\SM_75\sm.exe [7/7/2009 9:33 PM 4251704] <br/>S3 VoIPSM_1;Genesys Stream Manager [SM_76];c:\program files\GCTI\IPMX\SM\SM_76\sm.exe [7/8/2009 6:50 PM 4380532] <br/>S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [9/1/2008 4:41 PM 104320] <br/>S4 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [8/29/2009 2:45 AM 582424][/color] <br/> <br/>[color=black>[HKEY_LOCAL_MACHINE\software\microsoft\windows]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 <br/>. <br/>Contents of the 'Scheduled Tasks' folder[/color] <br/> <br/>[color=black>2009-09-09]- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 21:50][/color] <br/> <br/>[color=black>2009-08-22]- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 21:50][/color] <br/> <br/>[color=black>2009-09-18]- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15][/color] <br/> <br/>[color=black>2009-09-18]- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = about:blank <br/>uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com <br/>IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm <br/>IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm <br/>TCP: {ECBA180A-E7AD-4CB6-BF08-9D25B4933EAE} = 192.168.100.36 <br/>DPF: {4D1DA428-3B37-44E6-893A-D3A5BCE0E7E3} - hxxp://panorama.genesyslab.com/callcenter_enu/18382/applets/SiebelAx_HI_Client.cab <br/>FF - ProfilePath - c:\documents and settings\roopali.ISMARTPANACHE\Application Data\Mozilla\Firefox\Profiles\hn52gqb3.default\ <br/>FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ <br/>FF - prefs.js: browser.search.selectedEngine - Yahoo <br/>FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll <br/>FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll[/color] <br/> <br/>[color=black>----]FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom <br/>c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery <br/>c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); <br/>c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); <br/>. <br/>- - - - ORPHANS REMOVED - - - -[/color] <br/> <br/>[color=black>HKLM-Run-tsnpstd3] <br/> <br/><FONT color=black>[/color] <br/> <br/>[color=black>************************************************************************** <br/> <br/>[color=black>http://www.gmer.net</A> <br/>Windows 5.1.2600 Service Pack 2 NTFS[/color] <br/> <br/>[color=black>scanning] <br/> <br/><FONT color=black>scanning hidden autostart entries ... [/color] <br/> <br/>[color=black>scanning] <br/> <br/><FONT color=black>scan completed successfully <br/>hidden files: 0[/color] <br/> <br/>[color=black>************************************************************************** <br/>. <br/>---------------------] <br/> <br/><FONT color=black>[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] <br/>"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, <br/> 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ <br/>. <br/>--------------------- DLLs Loaded Under Running Processes ---------------------[/color] <br/> <br/>[color=black>-]c:\program files\SUPERAntiSpyware\SASWINLO.dll[/color] <br/> <br/>[color=black>-]c:\windows\system32\wvauth.dll <br/>c:\windows\system32\biolsp.dll <br/>c:\program files\Bonjour\mdnsNSP.dll <br/>. <br/>------------------------ Other Running Processes ------------------------ <br/>. <br/>c:\program files\Intel\Wireless\Bin\EvtEng.exe <br/>c:\program files\Intel\Wireless\Bin\S24EvMon.exe <br/>c:\program files\Intel\Wireless\Bin\WLKEEPER.exe <br/>c:\program files\Alwil Software\Avast4\aswUpdSv.exe <br/>c:\program files\Alwil Software\Avast4\ashServ.exe <br/>c:\windows\system32\scardsvr.exe <br/>c:\program files\Java\jre6\bin\jqs.exe <br/>c:\program files\McAfee\Common Framework\FrameworkService.exe <br/>c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe <br/>c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe <br/>c:\program files\McAfee\Common Framework\naPrdMgr.exe <br/>c:\windows\system32\nvsvc32.exe <br/>c:\program files\Intel\Wireless\Bin\RegSrvc.exe <br/>c:\windows\system32\rundll32.exe <br/>c:\program files\McAfee\Common Framework\Mctray.exe <br/>c:\program files\RealVNC\VNC4\winvnc4.exe <br/>c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe <br/>c:\program files\Alwil Software\Avast4\ashMaiSv.exe <br/>c:\program files\Alwil Software\Avast4\ashWebSv.exe <br/>c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe <br/>c:\windows\system32\wbem\wmiadap.exe <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2009-09-23 15:20 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2009-09-23 09:50[/color] <br/> <br/>[color=black>Pre-Run:]Post-Run: 10,710,024,192 bytes free[/color] <br/> <br/>[color=black>WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe <br/>[boot]timeout=2 <br/>default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS <br/>[operating systems] <br/>c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons <br/>multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect[/color] <br/> <br/>[color=black>287 ---][/color] <br/> <br/> <br/>[color=black><--------- <br/> <br/><FONT][/color] <br/> <br/>[color=black>Hope] <br/> <br/><FONT color=black>[/color] <br/> <br/>[color=black>Please] <br/> <br/><FONT color=black>[/color] <br/> <br/>[color=black>Best] <br/> <br/><FONT color=black>Tina[/color]
Posted 9/23/2009 11:21 AM
#77669
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Looks clean :smile: <br/> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial">Click here: http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial">to download HJTinstall.exe <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial">Save HJTinstall.exe to your desktop. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial">Double click on the HJTinstall.exe icon on your desktop. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial">By default it will install to C:\Program Files\Trend Micro\Hijack This. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial">Click I accept <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial">Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial">Click Save to save the log file and then the log will open in notepad. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial">Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial"><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA">Please post hijackthis log and tell how things are running ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/24/2009 2:05 AM
#77679
User avatar

tinasg Valued member

Date Joined Nov 2016
Total Posts: 13
Hello Touch, <br/> <br/>The system seems to be running fine now. I am a bit worried about few things: <br/> <br/>1) Some of my services do not start like MS SQL server. <br/>2) When I clicked on the Windows Firewall from the control panel, it wouldn't start. I had to go to C:\Windows\system32\firewall.cpl to open and make it 'On' <br/> <br/>What is the reason for this? Will I face the same issue with other services and how do I avoid it? <br/> <br/>Also how do I avoid such spywares and virus in future and how do I clean my USB? <br/> <br/>Is there any antivirus program that can detect virus when USB is connected to it? <br/> <br/>Please advise. <br/> <br/>Here is the HijackThis log: <br/> <br/>======> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 7:35:57 AM, on 9/24/2009 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 (7.00.6000.16791) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Intel\Wireless\Bin\EvtEng.exe <br/>C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe <br/>C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe <br/>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\Program Files\McAfee\Common Framework\FrameworkService.exe <br/>C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe <br/>C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe <br/>C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe <br/>C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe <br/>C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe <br/>C:\WINDOWS\system32\rundll32.exe <br/>C:\WINDOWS\stsystra.exe <br/>C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE <br/>C:\Program Files\McAfee\Common Framework\UdaterUI.exe <br/>C:\Program Files\Java\jre6\bin\jusched.exe <br/>C:\WINDOWS\vsnpstd3.exe <br/>C:\Program Files\McAfee\Common Framework\McTray.exe <br/>C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe <br/>C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe <br/>C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>C:\Program Files\Microsoft Office Communicator\communicator.exe <br/>C:\Program Files\Genesys VPN\Genesys VPN Client 4.8.02\cvpnd.exe <br/>C:\Program Files\Genesys VPN\Genesys VPN Client 4.8.02\vpngui.exe <br/>C:\Program Files\Genesys VPN\Genesys VPN Client 4.8.02\ipseclog.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\WINDOWS\system32\msiexec.exe <br/>C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE <br/>C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE <br/>C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 <br/>O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) <br/>O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll <br/>O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll <br/>O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll <br/>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll <br/>O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" <br/>O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start <br/>O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe <br/>O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE <br/>O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" <br/>O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe <br/>O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript <br/>O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM') <br/>O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user') <br/>O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe <br/>O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm <br/>O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm <br/>O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL <br/>O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe <br/>O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe <br/>O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.loksatta.com/daily/dynamic/wfplayer/tdserver.cab <br/>O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com.au/s/v/44.10/uploader2.cab <br/>O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab <br/>O16 - DPF: {4D1DA428-3B37-44E6-893A-D3A5BCE0E7E3} (Siebel High Interactivity Framework) - http://panorama.genesyslab.com/callcenter_enu/18382/applets/SiebelAx_HI_Client.cab <br/>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222781157203 <br/>O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://wiproes.webex.com/client/T26L/support/ieatgpc.cab <br/>O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ismartpanache.net <br/>O17 - HKLM\Software\..\Telephony: DomainName = ismartpanache.net <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{48EBEADD-7E14-4415-814C-1F6170845907}: NameServer = 192.168.20.167,192.168.20.134 <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{ECBA180A-E7AD-4CB6-BF08-9D25B4933EAE}: NameServer = 192.168.100.36 <br/>O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ismartpanache.net <br/>O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ismartpanache.net <br/>O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL <br/>O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <br/>O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>O23 - Service: Genesys Multitenant Configuration Server (ConfigServerMT) - Genesys Telecomm. Labs - C:\Program Files\GCTI\Multitenant Configuration Server\confserv.exe <br/>O23 - Service: Genesys Singletenant Configuration Server (ConfigServerST) - Genesys Telecomm. Labs - D:\GCTI\Singletenant Configuration Server\confserv.exe <br/>O23 - Service: Genesys Singletenant Configuration Server (1) (ConfigServerST_1) - Genesys Telecomm. Labs - D:\GCTI\Singletenant Configuration Server76\confserv.exe <br/>O23 - Service: Genesys Singletenant Configuration Server (2) (ConfigServerST_2) - Genesys Telecomm. Labs - C:\Program Files\GCTI\Singletenant Configuration Server\confserv.exe <br/>O23 - Service: Genesys Singletenant Configuration Server (3) (ConfigServerST_3) - Genesys Telecomm. Labs - C:\Program Files\GCTI\Singletenant Configuration Server (1)\confserv.exe <br/>O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Genesys VPN\Genesys VPN Client 4.8.02\cvpnd.exe <br/>O23 - Service: Genesys DB Server (DBServer) - Genesys Telecommunications Laboratories, Inc. - D:\GCTI\DB Server\multiserver.exe <br/>O23 - Service: Genesys DB Server [OCS_DBServer] (DBServer_1) - Genesys Telecommunications Laboratories, Inc. - D:\GCTI\OCS_DBServer\multiserver.exe <br/>O23 - Service: Genesys DB Server [ICON_DBServer] (DBServer_2) - Genesys Telecommunications Laboratories, Inc. - C:\Program Files\GCTI\DB Server\ICON_DBServer\multiserver.exe <br/>O23 - Service: Genesys DB Server [DBServer_72] (DBServer_3) - Genesys Telecommunications Laboratories, Inc. - C:\Program Files\GCTI\DB Server\DBServer_72\multiserver.exe <br/>O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe <br/>O23 - Service: FLEXlm Service 1 - Macrovision Corporation - C:\FLEXlm\lmgrd.exe <br/>O23 - Service: Genesys Desktop [GAD75] (GDesktop) - Genesys Telecommunication Laboratories Inc. - C:\GCTI\GenesysDesktop\GAD75\bin\GDesktopDriver.exe <br/>O23 - Service: Genesys Desktop [GAD_76] (GDesktop_1) - Genesys Telecommunication Laboratories Inc. - C:\GCTI\GenesysDesktop\GAD_76\bin\GDesktopDriver.exe <br/>O23 - Service: Genesys Desktop [GAD_latest] (GDesktop_2) - Genesys Telecommunication Laboratories Inc. - C:\GCTI\GenesysDesktop\GAD_latest\bin\GDesktopDriver.exe <br/>O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: Genesys Interaction Concentrator [ICON_76] (ICon) - Genesys Telecommunications Laboratories, Inc. - C:\Program Files\GCTI\Interaction Concentrator\ICON_76\icon.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe <br/>O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe <br/>O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe <br/>O23 - Service: Genesys Message Server [Message_Server_71] (MsgServer) - Genesys Telecommunications Laboratories, Inc. - D:\GCTI\MsgServer\Message_Server_71\MessageServer.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: Genesys Outbound Contact Server [OCS76] (OCServer) - Genesys Telecommunications Laboratories, Inc. - D:\GCTI\OCS76\cm_server.exe <br/>O23 - Service: Genesys Outbound Contact Server [OCS_7610002] (OCServer_1) - Genesys Telecommunications Laboratories, Inc. - D:\GCTI\OCServer1\OCS_7610002\cm_server.exe <br/>O23 - Service: Genesys Outbound Contact Server [OC_Server_761] (OCServer_2) - Genesys Telecommunications Laboratories, Inc. - C:\Program Files\GCTI\OCServer\OC_Server_761\cm_server.exe <br/>O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe <br/>O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe <br/>O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe <br/>O23 - Service: Genesys Stat Server [StatServer75] (StatServer) - Genesys - D:\GCTI\StatServer75\statserv.exe <br/>O23 - Service: Genesys Stat Server [OCS_SS] (StatServer_1) - Genesys - C:\Program Files\GCTI\Stat Server\OCS_SS\statserv.exe <br/>O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe <br/>O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe <br/>O23 - Service: Genesys T-Server for Avaya Communication Manager [TServer_AvayaCM_72] (TSrvG3) - Unknown owner - D:\GCTI\TSrvG3\TServer_AvayaCM_72\g3tcp_server.exe <br/>O23 - Service: Genesys SIP Server [SIPServer_75] (TSrvSIP) - Unknown owner - D:\GCTI\SIPServer_75\sip_server.exe <br/>O23 - Service: Genesys SIP Server [SIPServer] (TSrvSIP_1) - Unknown owner - C:\Program Files\GCTI\SIPServer\sip_server.exe <br/>O23 - Service: Genesys SIP Server [SIP76] (TSrvSIP_2) - Unknown owner - C:\Program Files\GCTI\SIP Server\SIP76\sip_server.exe (file missing) <br/>O23 - Service: Genesys SIP Server [SIP_7500076] (TSrvSIP_3) - Unknown owner - C:\Program Files\GCTI\SIP Server\SIP_7500076\sip_server.exe <br/>O23 - Service: Genesys Stream Manager [SM_75] (VoIPSM) - Genesys Telecommunications Laboratories, Inc. - C:\Program Files\GCTI\IPMX\VoIPSM\SM_75\sm.exe <br/>O23 - Service: Genesys Stream Manager [SM_76] (VoIPSM_1) - Genesys Telecommunications Laboratories, Inc. - C:\Program Files\GCTI\IPMX\SM\SM_76\sm.exe <br/>O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe <br/>O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe <br/> <br/>-- <br/>End of file - 17245 bytes <br/> <br/><====== <br/> <br/>Many thanks! <br/> <br/>Best Regards, <br/>Roopali
Posted 9/24/2009 5:08 AM
#77685
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
I don´t know much about McAfee, but if it have a Firewall installed, it will deactivate Windows firewall. <br/> <br/> <br/>Post new hjackthis log, and do not change font or fontsize, as it is almost impossible (for me) to read.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/24/2009 7:12 AM
#77695
User avatar

tinasg Valued member

Date Joined Nov 2016
Total Posts: 13
Here are the logs that I have already posted above: <br/> <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 7:35:57 AM, on 9/24/2009 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 (7.00.6000.16791) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Intel\Wireless\Bin\EvtEng.exe <br/>C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe <br/>C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe <br/>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\Program Files\McAfee\Common Framework\FrameworkService.exe <br/>C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe <br/>C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe <br/>C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe <br/>C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe <br/>C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe <br/>C:\WINDOWS\system32\rundll32.exe <br/>C:\WINDOWS\stsystra.exe <br/>C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE <br/>C:\Program Files\McAfee\Common Framework\UdaterUI.exe <br/>C:\Program Files\Java\jre6\bin\jusched.exe <br/>C:\WINDOWS\vsnpstd3.exe <br/>C:\Program Files\McAfee\Common Framework\McTray.exe <br/>C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe <br/>C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe <br/>C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>C:\Program Files\Microsoft Office Communicator\communicator.exe <br/>C:\Program Files\Genesys VPN\Genesys VPN Client 4.8.02\cvpnd.exe <br/>C:\Program Files\Genesys VPN\Genesys VPN Client 4.8.02\vpngui.exe <br/>C:\Program Files\Genesys VPN\Genesys VPN Client 4.8.02\ipseclog.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\WINDOWS\system32\msiexec.exe <br/>C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE <br/>C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE <br/>C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 <br/>O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) <br/>O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll <br/>O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll <br/>O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll <br/>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll <br/>O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" <br/>O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start <br/>O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe <br/>O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE <br/>O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" <br/>O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe <br/>O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript <br/>O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM') <br/>O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user') <br/>O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe <br/>O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm <br/>O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm <br/>O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL <br/>O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe <br/>O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe <br/>O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.loksatta.com/daily/dynamic/wfplayer/tdserver.cab <br/>O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com.au/s/v/44.10/uploader2.cab <br/>O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab <br/>O16 - DPF: {4D1DA428-3B37-44E6-893A-D3A5BCE0E7E3} (Siebel High Interactivity Framework) - http://panorama.genesyslab.com/callcenter_enu/18382/applets/SiebelAx_HI_Client.cab <br/>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222781157203 <br/>O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://wiproes.webex.com/client/T26L/support/ieatgpc.cab <br/>O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ismartpanache.net <br/>O17 - HKLM\Software\..\Telephony: DomainName = ismartpanache.net <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{48EBEADD-7E14-4415-814C-1F6170845907}: NameServer = 192.168.20.167,192.168.20.134 <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{ECBA180A-E7AD-4CB6-BF08-9D25B4933EAE}: NameServer = 192.168.100.36 <br/>O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ismartpanache.net <br/>O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ismartpanache.net <br/>O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL <br/>O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <br/>O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>O23 - Service: Genesys Multitenant Configuration Server (ConfigServerMT) - Genesys Telecomm. Labs - C:\Program Files\GCTI\Multitenant Configuration Server\confserv.exe <br/>O23 - Service: Genesys Singletenant Configuration Server (ConfigServerST) - Genesys Telecomm. Labs - D:\GCTI\Singletenant Configuration Server\confserv.exe <br/>O23 - Service: Genesys Singletenant Configuration Server (1) (ConfigServerST_1) - Genesys Telecomm. Labs - D:\GCTI\Singletenant Configuration Server76\confserv.exe <br/>O23 - Service: Genesys Singletenant Configuration Server (2) (ConfigServerST_2) - Genesys Telecomm. Labs - C:\Program Files\GCTI\Singletenant Configuration Server\confserv.exe <br/>O23 - Service: Genesys Singletenant Configuration Server (3) (ConfigServerST_3) - Genesys Telecomm. Labs - C:\Program Files\GCTI\Singletenant Configuration Server (1)\confserv.exe <br/>O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Genesys VPN\Genesys VPN Client 4.8.02\cvpnd.exe <br/>O23 - Service: Genesys DB Server (DBServer) - Genesys Telecommunications Laboratories, Inc. - D:\GCTI\DB Server\multiserver.exe <br/>O23 - Service: Genesys DB Server [OCS_DBServer] (DBServer_1) - Genesys Telecommunications Laboratories, Inc. - D:\GCTI\OCS_DBServer\multiserver.exe <br/>O23 - Service: Genesys DB Server [ICON_DBServer] (DBServer_2) - Genesys Telecommunications Laboratories, Inc. - C:\Program Files\GCTI\DB Server\ICON_DBServer\multiserver.exe <br/>O23 - Service: Genesys DB Server [DBServer_72] (DBServer_3) - Genesys Telecommunications Laboratories, Inc. - C:\Program Files\GCTI\DB Server\DBServer_72\multiserver.exe <br/>O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe <br/>O23 - Service: FLEXlm Service 1 - Macrovision Corporation - C:\FLEXlm\lmgrd.exe <br/>O23 - Service: Genesys Desktop [GAD75] (GDesktop) - Genesys Telecommunication Laboratories Inc. - C:\GCTI\GenesysDesktop\GAD75\bin\GDesktopDriver.exe <br/>O23 - Service: Genesys Desktop [GAD_76] (GDesktop_1) - Genesys Telecommunication Laboratories Inc. - C:\GCTI\GenesysDesktop\GAD_76\bin\GDesktopDriver.exe <br/>O23 - Service: Genesys Desktop [GAD_latest] (GDesktop_2) - Genesys Telecommunication Laboratories Inc. - C:\GCTI\GenesysDesktop\GAD_latest\bin\GDesktopDriver.exe <br/>O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: Genesys Interaction Concentrator [ICON_76] (ICon) - Genesys Telecommunications Laboratories, Inc. - C:\Program Files\GCTI\Interaction Concentrator\ICON_76\icon.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe <br/>O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe <br/>O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe <br/>O23 - Service: Genesys Message Server [Message_Server_71] (MsgServer) - Genesys Telecommunications Laboratories, Inc. - D:\GCTI\MsgServer\Message_Server_71\MessageServer.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: Genesys Outbound Contact Server [OCS76] (OCServer) - Genesys Telecommunications Laboratories, Inc. - D:\GCTI\OCS76\cm_server.exe <br/>O23 - Service: Genesys Outbound Contact Server [OCS_7610002] (OCServer_1) - Genesys Telecommunications Laboratories, Inc. - D:\GCTI\OCServer1\OCS_7610002\cm_server.exe <br/>O23 - Service: Genesys Outbound Contact Server [OC_Server_761] (OCServer_2) - Genesys Telecommunications Laboratories, Inc. - C:\Program Files\GCTI\OCServer\OC_Server_761\cm_server.exe <br/>O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe <br/>O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe <br/>O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe <br/>O23 - Service: Genesys Stat Server [StatServer75] (StatServer) - Genesys - D:\GCTI\StatServer75\statserv.exe <br/>O23 - Service: Genesys Stat Server [OCS_SS] (StatServer_1) - Genesys - C:\Program Files\GCTI\Stat Server\OCS_SS\statserv.exe <br/>O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe <br/>O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe <br/>O23 - Service: Genesys T-Server for Avaya Communication Manager [TServer_AvayaCM_72] (TSrvG3) - Unknown owner - D:\GCTI\TSrvG3\TServer_AvayaCM_72\g3tcp_server.exe <br/>O23 - Service: Genesys SIP Server [SIPServer_75] (TSrvSIP) - Unknown owner - D:\GCTI\SIPServer_75\sip_server.exe <br/>O23 - Service: Genesys SIP Server [SIPServer] (TSrvSIP_1) - Unknown owner - C:\Program Files\GCTI\SIPServer\sip_server.exe <br/>O23 - Service: Genesys SIP Server [SIP76] (TSrvSIP_2) - Unknown owner - C:\Program Files\GCTI\SIP Server\SIP76\sip_server.exe (file missing) <br/>O23 - Service: Genesys SIP Server [SIP_7500076] (TSrvSIP_3) - Unknown owner - C:\Program Files\GCTI\SIP Server\SIP_7500076\sip_server.exe <br/>O23 - Service: Genesys Stream Manager [SM_75] (VoIPSM) - Genesys Telecommunications Laboratories, Inc. - C:\Program Files\GCTI\IPMX\VoIPSM\SM_75\sm.exe <br/>O23 - Service: Genesys Stream Manager [SM_76] (VoIPSM_1) - Genesys Telecommunications Laboratories, Inc. - C:\Program Files\GCTI\IPMX\SM\SM_76\sm.exe <br/>O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe <br/>O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe <br/> <br/>-- <br/>End of file - 17245 bytes <br/> <br/> <br/> <br/> <br/> <br/> <br/>Also I have the following queries: <br/> <br/>1) Can you tell the source of this virus/spyware? Is it the USB (i had given it to some one to use) or the network? <br/>2) Is there a way to identify the source? <br/>3) How can I avoid it or any such virus in future? I mean which is the best protection software or how do I take care of my notebook? <br/>4) How do I avoid the spywares through internet sites? <br/> <br/>Thanks. <br/> <br/>tina
Posted 9/25/2009 6:10 AM
#77722
User avatar

tinasg Valued member

Date Joined Nov 2016
Total Posts: 13
Hello, <br/> <br/>I noticed a member facing the same issue like me in the thread http://forum.bullguard.com/forum/10/Google-and-task-manager-not-wo_77138.html <br/> <br/>That is after running combo fix, the SQL service is not runing. <br/> <br/>Can you please let me know how do I resolve this as it is important for my daily office work. <br/> <br/>Many thanks. <br/> <br/>Regards, <br/>Roopali
Posted 9/25/2009 6:33 AM
#77724
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
First - Go to add/remove programs in controlpanel, and remove McAfee or Avast. <br/> <br/>Reboot. <br/> <br/>The SQL Server requires a Windows login for the service itself. Find this by going to My Computer | Manage | Services and Applications | Services | SQLAgent | Log On.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/1/2009 2:36 AM
#77943
User avatar

tinasg Valued member

Date Joined Nov 2016
Total Posts: 13
Thanks for the info. <br/> <br/>Can you please answer my following queries: <br/> <br/>1) Can you tell the source of this virus/spyware? Is it the USB (i had given it to some one to use) or the network? <br/>2) Is there a way to identify the source? <br/>3) How can I avoid it or any such virus in future? I mean which is the best protection software or how do I take care of my notebook? <br/>4) How do I avoid the spywares through internet sites? <br/> <br/>Thanks. <br/> <br/>Best Regards, <br/>tina
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 10, 2016, 1:48 PM (GMT +1)
There are a total of 61,164 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 4 reply posts.

Who's online

This forum has 37,970 registered members. Please welcome our newest member, MJD.
There are currently no users on-line.