Free Malware Removal Forum

[Makoto]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:09:55 م, on 07/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL (file missing)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الفيديو بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: تحميل الكل بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تحميل المحددة بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تحميل بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4640198484
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6352 bytes

[shinybeast]

Hello and welcome to Malware Removal Forums

My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.

Please follow these guidelines as we work to clean your computer.

• Read through the instructions before you perform them and if you have questions please ask before you perform them. Please do not guess. I will be happy to clarify or explain.
• Perform all instructions in the order given.
• Stick with the process until I give you an "all clean." If the symptoms are gone, it does not necessarily mean your computer is safe and secure.
• The instructions assume you are using an account with administrator privileges.
• Do not run any other tools to remove malware while we are working.
• Post all responses in a reply to this topic - Please do not start a new topic.
• If your security software throws up warnings about some of these tools, please allow these tools to run, they are safe.

NOTE: I am in training here at Malware Removal University.
I must get my replies to you approved by a malware expert which means it could take slightly longer to get back to you.
Your patience is appreciated.


Installed Program List

I would be helpful to see a list of programs installed on your computer.

• Please start Hijackthis
• Click the Open the Misc Tools section button
• Click the Open Uninstall Manager... under System Tools

You will see a list of programs installed on your computer.
Please click the Save List... button and specify where you would like to save the list.
Once you click Save, the list will open in Notepad. Simply copy and paste the entire contents of Notepad in your next post.


Please include the uninstall list and a new HijackThis log in a reply to this topic.
In addition, please briefly inform me of any malware issues you may be experiencing.

[Makoto]

Hello Mr.shinybeast
Nice to meet you & good luck with your training

Here is the uninstall list:

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 9
Choice Guard
Conexant AC-Link Audio
Data Fax SoftModem with SmartCP
Final Uninstaller
Free Download Manager 3.0
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet
InterVideo DeviceService
Japanese Fonts Support For Adobe Reader 9
Japanese Language Support
K-Lite Mega Codec Pack 4.8.5
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Arabic) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Arabic) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Arabic) 2007
Microsoft Office InfoPath MUI (Arabic) 2007
Microsoft Office OneNote MUI (Arabic) 2007
Microsoft Office Outlook MUI (Arabic) 2007
Microsoft Office PowerPoint MUI (Arabic) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proofing (Arabic) 2007
Microsoft Office Publisher MUI (Arabic) 2007
Microsoft Office Shared MUI (Arabic) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Word MUI (Arabic) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVC80_x86
MSVCRT
Nokia Connectivity Cable Driver
OGA Notifier 1.7.0105.35.0
PC Connectivity Solution
Segoe UI
Ulead VideoStudio 11
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (kb972691)
VobSub v2.23 (Remove Only)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows XP Service Pack 3
WinRAR archiver
برنامج إصلاح (Hotfix) لـ Windows XP (KB952287)‎
برنامج إصلاح (Hotfix) لـ Windows XP (KB970653-v3)‎
‏‏تحديث الأمان لـ Windows Media Player (KB952069)
‏‏تحديث الأمان لـ Windows Media Player (KB968816)
‏‏تحديث الأمان لـ Windows Media Player (KB973540)
تحديث أمان لـ Windows Internet Explorer 7 (KB938127-v2)‎
تحديث أمان لـ Windows Internet Explorer 7 (KB969897)‎
تحديث أمان لـ Windows Internet Explorer 7 (KB972260)‎
تحديث أمان لـ Windows XP (KB923561)‎
تحديث أمان لـ Windows XP (KB938464-v2)‎
تحديث أمان لـ Windows XP (KB946648)‎
تحديث أمان لـ Windows XP (KB950760)‎
تحديث أمان لـ Windows XP (KB950762)‎
تحديث أمان لـ Windows XP (KB950974)‎
تحديث أمان لـ Windows XP (KB951066)‎
تحديث أمان لـ Windows XP (KB951376-v2)‎
تحديث أمان لـ Windows XP (KB951748)‎
تحديث أمان لـ Windows XP (KB952004)‎
تحديث أمان لـ Windows XP (KB952954)‎
تحديث أمان لـ Windows XP (KB954459)‎
تحديث أمان لـ Windows XP (KB954600)‎
تحديث أمان لـ Windows XP (KB955069)‎
تحديث أمان لـ Windows XP (KB956572)‎
تحديث أمان لـ Windows XP (KB956744)‎
تحديث أمان لـ Windows XP (KB956802)‎
تحديث أمان لـ Windows XP (KB956803)‎
تحديث أمان لـ Windows XP (KB956844)‎
تحديث أمان لـ Windows XP (KB957097)‎
تحديث أمان لـ Windows XP (KB958644)‎
تحديث أمان لـ Windows XP (KB958687)‎
تحديث أمان لـ Windows XP (KB959426)‎
تحديث أمان لـ Windows XP (KB960225)‎
تحديث أمان لـ Windows XP (KB960803)‎
تحديث أمان لـ Windows XP (KB960859)‎
تحديث أمان لـ Windows XP (KB961371)‎
تحديث أمان لـ Windows XP (KB961373)‎
تحديث أمان لـ Windows XP (KB961501)‎
تحديث أمان لـ Windows XP (KB968537)‎
تحديث أمان لـ Windows XP (KB969897)‎
تحديث أمان لـ Windows XP (KB969898)‎
تحديث أمان لـ Windows XP (KB970238)‎
تحديث أمان لـ Windows XP (KB971557)‎
تحديث أمان لـ Windows XP (KB971633)‎
تحديث أمان لـ Windows XP (KB971657)‎
تحديث أمان لـ Windows XP (KB971961)‎
تحديث أمان لـ Windows XP (KB973346)‎
تحديث أمان لـ Windows XP (KB973354)‎
تحديث أمان لـ Windows XP (KB973507)‎
تحديث أمان لـ Windows XP (KB973869)‎
تحديث لـ Windows XP (KB951978)‎
تحديث لـ Windows XP (KB955839)‎
تحديث لـ Windows XP (KB961503)‎
تحديث لـ Windows XP (KB967715)‎
تحديث لـ Windows XP (KB968389)‎
تحديث لـ Windows XP (KB973815)‎
حزمة برامج تشغيل Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
مساعد تسجيل الدخول إلى Windows Live


The log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:08 ص, on 11/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL (file missing)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الفيديو بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: تحميل الكل بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تحميل المحددة بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تحميل بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4640198484
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5883 bytes

Sorry there are somethings in Arabic
do you need translations?

please briefly inform me of any malware issues you may be experiencing

well,i am not sure if it is a malware, but there is a proplem
happens sometimes & causes the computer to restart
then windows asks me to send an error report including:
C:\DOCUME~1\33DE~1\LOCALS~1\Temp\WER6ec7.dir00\appcompat.txt
C:\DOCUME~1\33DE~1\LOCALS~1\Temp\WER6ec7.dir00\svchost.exe.mdmp

Take your time

[shinybeast]

Hello Makoto,

Nice to meet you too, and thanks for wishing me well with my training.

Thanks also for your patience and sorry about the delay.

Have you made any recent changes to your computer that may be the source of the error? What, if anything, are you doing with the computer when the error happens? The error could be malware or it could be a legitimate program not working with Windows.


No Signs of Antivirus Software

I see no signs of anti-virus software running on your computer. Antivirus (AV) software is primarily necessary for preventing malicious software from taking up residence on your computer. Secondarily, AV software has the ability to disable and isolate existing malicious software. Having updated AV software running and scanning files that come in to your computer can greatly reduce your risk of infection in the future.

There are various free and paid antivirus programs from many vendors. I can recommend the free versions from the vendors listed below.
Please install one and only one now. Note: Running more than one antivirus can make your computer unstable and provides no additional benefit.

Avast! Home Edition
Avira AntiVir


Next, let's have a deeper look.

DDS Scan

• Please download DDS by sUBS from one of these links and save it to your desktop
  Link1 | Link 2
• Double-click the file to start the scan
• A black window will open and run the scan
• When it finishes, two logs will automatically open with Notepad (DDS.txt and Attach.txt)
• Save the logs to the desktop using Save As... and post the contents of both in your next reply

[Makoto]

Hi

*I changed the RAM.

*I used to run many AVs (1 a time) but
they are annoying & detect nothing.

*The logs

DDS (Ver_09-10-13.01) - NTFSx86
Run by ںéں«êî at 17:13:34.31 on Wed 10/14/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.2038.1607 [GMT 3:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\system32\notepad.exe
C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.sa/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: مساعد تسجيل الدخول إلى Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [fsm]
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [ZCfgSvc.exe] c:\windows\system32\ZCfgSvc.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [UVS11 Preload] c:\program files\ulead systems\ulead videostudio 11\uvPL.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\a007~1\7d39~1\d51d~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: تحميل الفيديو بواسطة Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: تحميل الكل بواسطة Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: تحميل المحددة بواسطة Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: تحميل بواسطة Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 4640198484
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/sh ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
Notify: igfxcui - igfxdev.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-11 16:27 <DIR> --d----- c:\docume~1\33de~1\applic~1\Software Informer
2009-10-11 16:26 <DIR> --d----- c:\program files\Software Informer
2009-10-11 16:26 <DIR> --d----- c:\docume~1\33de~1\applic~1\Free Download Manager
2009-10-11 16:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FreeDownloadManager.ORG
2009-10-10 22:19 <DIR> --d----- c:\docume~1\33de~1\applic~1\WinPatrol
2009-10-07 20:23 <DIR> --d----- c:\docume~1\33de~1\applic~1\AVG8
2009-10-07 20:11 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-07 19:09 <DIR> --d----- c:\program files\Trend Micro
2009-10-07 18:32 229,888 a------- c:\windows\PEV.exe
2009-10-07 18:32 161,792 a------- c:\windows\SWREG.exe
2009-10-07 18:32 98,816 a------- c:\windows\sed.exe
2009-10-07 18:32 <DIR> --d----- C:\ComboFix
2009-10-05 00:11 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-10-03 20:14 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-10-03 20:14 <DIR> --d----- C:\c4b7851f59969756ea756a1e85
2009-10-03 20:11 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-10-03 20:10 <DIR> --d----- c:\windows\SHELLNEW
2009-10-03 20:07 <DIR> --d----- c:\program files\FinalUninstaller
2009-10-03 20:06 <DIR> --d----- C:\Outerspace Software
2009-10-03 20:06 <DIR> --d----- C:\NOD
2009-10-03 19:58 <DIR> --d----- c:\docume~1\33de~1\applic~1\ESET
2009-10-02 01:13 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-10-02 01:08 <DIR> --d----- c:\program files\Skype
2009-10-02 00:27 <DIR> --d----- c:\program files\AxBx
2009-09-26 05:30 232 a------- c:\windows\itlog.dat
2009-09-23 22:17 <DIR> --d----- c:\program files\MSBuild(2)
2009-09-23 22:08 <DIR> --d----- c:\windows\SHELLNEW(2)
2009-09-23 21:59 <DIR> --d----- c:\program files\Microsoft Office(2)
2009-09-23 21:58 <DIR> --d----- C:\MSOCache(2)
2009-09-23 18:49 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-09-23 18:08 <DIR> --d----- c:\program files\PC Connectivity Solution(2)
2009-09-23 17:41 <DIR> --d----- c:\program files\DVD-RAM
2009-09-23 16:59 <DIR> --d----- c:\windows\system32\NtmsData
2009-09-23 16:47 244 a------- c:\windows\gercescp.dvr
2009-09-23 16:47 60 -------- c:\windows\dwpces23.dru
2009-09-23 16:47 <DIR> --d----- c:\program files\security
2009-09-20 09:14 218,624 a------- c:\windows\system32\uxtheme.dll.backup
2009-09-20 09:14 <DIR> --d----- c:\windows\NiwradSoft Shell Pack

==================== Find3M ====================

2009-10-14 16:50 251,946 a------- c:\windows\system32\perfh001.dat
2009-10-14 16:50 40,316 a------- c:\windows\system32\perfc001.dat
2009-10-14 03:38 3,932,160 a------- c:\documents and settings\الاسمى\ntuser.dat
2009-10-05 06:03 279,806 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1025.dat
2009-09-02 21:43 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-09-02 21:43 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-05 11:59 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 22:01 58,880 a------- c:\windows\system32\atl.dll
2009-06-14 17:16 6,710,419 a------- c:\program files\fdminst.exe
2009-06-10 16:20 2,398,736 a------- c:\program files\WLinstaller.exe
2008-12-10 16:14 4,411,392 a------- c:\program files\mplayerc.exe

============= FINISH: 17:13:45.60 ===============



DDS (Ver_09-10-13.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 07/05/2005 06:24:05 م
System Uptime: 14/10/2009 04:41:23 م (1 hours ago)

Motherboard: TOSHIBA | | Satellite L20
Processor: Intel(R) Pentium(R) M processor 1.86GHz | U1 | 1862/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 35.864 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP32: 16/07/2009 06:11:46 م - نقطة اختبار النظام
RP33: 17/07/2009 06:17:44 م - نقطة اختبار النظام
RP34: 20/07/2009 05:17:54 ص - نقطة اختبار النظام
RP35: 21/07/2009 04:37:20 م - نقطة اختبار النظام
RP36: 23/07/2009 05:14:01 ص - نقطة اختبار النظام
RP37: 24/07/2009 06:27:19 ص - نقطة اختبار النظام
RP38: 24/07/2009 01:42:03 م - Installed Microsoft Office Professional 2007
RP39: 24/07/2009 04:19:50 م - Removed Microsoft Office Professional 2007
RP40: 24/07/2009 04:26:08 م - Removed Microsoft Office Professional 2007
RP41: 24/07/2009 04:42:52 م - Installed Microsoft Office Enterprise 2007
RP42: 24/07/2009 04:58:42 م - ‏‏تم تثبيت برنامج تشغيل الطابعة Send To Microsoft OneNote Driv.
RP43: 25/07/2009 02:04:04 ص - Installed Ulead VideoStudio
RP44: 25/07/2009 10:49:54 ص - Software Distribution Service 3.0
RP45: 27/07/2009 01:29:38 ص - نقطة اختبار النظام
RP46: 28/07/2009 07:36:25 ص - Software Distribution Service 3.0
RP47: 28/07/2009 09:21:21 م - Software Distribution Service 3.0
RP48: 29/07/2009 09:17:39 ص - Software Distribution Service 3.0
RP49: 30/07/2009 02:01:19 م - نقطة اختبار النظام
RP50: 01/08/2009 06:36:10 ص - نقطة اختبار النظام
RP51: 03/08/2009 06:02:46 م - نقطة اختبار النظام
RP52: 03/08/2009 08:07:14 م - Software Distribution Service 3.0
RP53: 05/08/2009 03:15:40 م - نقطة اختبار النظام
RP54: 06/08/2009 10:59:20 م - نقطة اختبار النظام
RP55: 08/08/2009 07:31:30 م - نقطة اختبار النظام
RP56: 09/08/2009 09:36:15 م - نقطة اختبار النظام
RP57: 10/08/2009 10:48:59 م - نقطة اختبار النظام
RP58: 11/08/2009 03:24:47 ص - Software Distribution Service 3.0
RP59: 12/08/2009 05:12:04 ص - نقطة اختبار النظام
RP60: 12/08/2009 06:40:50 م - Software Distribution Service 3.0
RP61: 15/08/2009 08:00:00 ص - نقطة اختبار النظام
RP62: 16/08/2009 11:26:32 م - نقطة اختبار النظام
RP63: 18/08/2009 12:15:48 ص - نقطة اختبار النظام
RP64: 19/08/2009 07:56:42 ص - نقطة اختبار النظام
RP65: 22/08/2009 06:51:29 ص - نقطة اختبار النظام
RP66: 23/08/2009 09:19:44 ص - نقطة اختبار النظام
RP67: 24/08/2009 11:13:03 م - Software Distribution Service 3.0
RP68: 28/08/2009 07:35:19 م - نقطة اختبار النظام
RP69: 30/08/2009 05:29:24 ص - نقطة اختبار النظام
RP70: 02/09/2009 04:48:14 م - نقطة اختبار النظام
RP71: 02/09/2009 09:43:40 م - Installed Windows XP Wdf01007.
RP72: 05/09/2009 07:27:12 ص - نقطة اختبار النظام
RP73: 06/09/2009 10:56:07 م - Software Distribution Service 3.0
RP74: 08/09/2009 06:34:34 ص - عملية الاستعادة
RP75: 08/09/2009 08:19:01 م - Software Distribution Service 3.0
RP76: 12/09/2009 03:23:24 ص - نقطة اختبار النظام
RP77: 20/09/2009 05:30:44 ص - نقطة اختبار النظام
RP78: 20/09/2009 09:14:23 ص - Seven Remix XP: Installation
RP79: 22/09/2009 04:27:41 م - نقطة اختبار النظام
RP80: 23/09/2009 05:01:57 م - Installed TuneUp Utilities 2009
RP81: 23/09/2009 05:18:13 م - Removed ESET Smart Security
RP82: 23/09/2009 05:19:32 م - Removed TuneUp Utilities 2009
RP83: 23/09/2009 05:23:16 م - Avira AntiVir Personal - 04/10/1430 17:23
RP84: 23/09/2009 05:41:38 م - Installed InstallShield Restore Point
RP85: 23/09/2009 05:41:49 م - Installed DVD-RAM Driver
RP86: 23/09/2009 07:00:59 م - Installed Java(TM) 6 Update 11
RP87: 23/09/2009 07:02:28 م - Installed OpenOffice.org Installer 1.0
RP88: 23/09/2009 08:58:43 م - Installed Java(TM) 6 Update 15
RP89: 23/09/2009 09:16:09 م - Removed Microsoft Office Enterprise 2007
RP90: 23/09/2009 09:54:25 م - Installed Microsoft Office Enterprise 2007
RP91: 23/09/2009 09:58:29 م - Installed Microsoft Office Enterprise 2007
RP92: 23/09/2009 10:07:25 م - Installed Microsoft Office Enterprise 2007
RP93: 23/09/2009 10:18:00 م - ‏‏تم تثبيت برنامج تشغيل الطابعة Send To Microsoft OneNote Driv.
RP94: 24/09/2009 10:46:32 ص - Software Distribution Service 3.0
RP95: 25/09/2009 10:50:06 ص - نقطة اختبار النظام
RP96: 26/09/2009 03:25:52 ص - عملية الاستعادة
RP97: 26/09/2009 03:39:09 ص - Removed ESET Smart Security
RP98: 27/09/2009 01:38:35 ص - Avira AntiVir Personal - 08/10/1430 01:38
RP99: 28/09/2009 04:19:42 ص - نقطة اختبار النظام
RP100: 02/10/2009 08:18:06 ص - نقطة اختبار النظام
RP101: 03/10/2009 07:58:13 م - عملية الاستعادة
RP102: 05/10/2009 12:07:50 ص - Removed ESET Smart Security
RP103: 05/10/2009 12:10:32 ص - Avira AntiVir Personal - 16/10/1430 00:10
RP104: 05/10/2009 01:39:47 ص - Avira AntiVir Personal - 16/10/1430 01:39
RP105: 05/10/2009 01:43:50 ص - Avira AntiVir Personal - 16/10/1430 01:43
RP106: 05/10/2009 01:56:11 ص - Software Distribution Service 3.0
RP107: 07/10/2009 06:33:00 م - ComboFix created restore point
RP108: 07/10/2009 07:46:59 م - Avira AntiVir Personal - 18/10/1430 19:46
RP109: 07/10/2009 07:59:53 م - Installed Windows Defender
RP110: 07/10/2009 08:11:43 م - Software Distribution Service 3.0
RP111: 09/10/2009 03:43:49 م - نقطة اختبار النظام
RP112: 10/10/2009 08:15:33 م - Removed Windows Defender
RP113: 12/10/2009 12:52:33 ص - نقطة اختبار النظام
RP114: 13/10/2009 03:10:29 ص - نقطة اختبار النظام

==== Installed Programs ======================

‏‏تحديث الأمان لـ Windows Media Player (KB952069)
‏‏تحديث الأمان لـ Windows Media Player (KB968816)
‏‏تحديث الأمان لـ Windows Media Player (KB973540)
حزمة برامج تشغيل Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
برنامج إصلاح (Hotfix) لـ Windows XP (KB952287)‎
برنامج إصلاح (Hotfix) لـ Windows XP (KB970653-v3)‎
تحديث أمان لـ Windows Internet Explorer 7 (KB938127-v2)‎
تحديث أمان لـ Windows Internet Explorer 7 (KB969897)‎
تحديث أمان لـ Windows Internet Explorer 7 (KB972260)‎
تحديث أمان لـ Windows XP (KB923561)‎
تحديث أمان لـ Windows XP (KB938464-v2)‎
تحديث أمان لـ Windows XP (KB946648)‎
تحديث أمان لـ Windows XP (KB950760)‎
تحديث أمان لـ Windows XP (KB950762)‎
تحديث أمان لـ Windows XP (KB950974)‎
تحديث أمان لـ Windows XP (KB951066)‎
تحديث أمان لـ Windows XP (KB951376-v2)‎
تحديث أمان لـ Windows XP (KB951748)‎
تحديث أمان لـ Windows XP (KB952004)‎
تحديث أمان لـ Windows XP (KB952954)‎
تحديث أمان لـ Windows XP (KB954459)‎
تحديث أمان لـ Windows XP (KB954600)‎
تحديث أمان لـ Windows XP (KB955069)‎
تحديث أمان لـ Windows XP (KB956572)‎
تحديث أمان لـ Windows XP (KB956744)‎
تحديث أمان لـ Windows XP (KB956802)‎
تحديث أمان لـ Windows XP (KB956803)‎
تحديث أمان لـ Windows XP (KB956844)‎
تحديث أمان لـ Windows XP (KB957097)‎
تحديث أمان لـ Windows XP (KB958644)‎
تحديث أمان لـ Windows XP (KB958687)‎
تحديث أمان لـ Windows XP (KB959426)‎
تحديث أمان لـ Windows XP (KB960225)‎
تحديث أمان لـ Windows XP (KB960803)‎
تحديث أمان لـ Windows XP (KB960859)‎
تحديث أمان لـ Windows XP (KB961371)‎
تحديث أمان لـ Windows XP (KB961373)‎
تحديث أمان لـ Windows XP (KB961501)‎
تحديث أمان لـ Windows XP (KB968537)‎
تحديث أمان لـ Windows XP (KB969897)‎
تحديث أمان لـ Windows XP (KB969898)‎
تحديث أمان لـ Windows XP (KB970238)‎
تحديث أمان لـ Windows XP (KB971557)‎
تحديث أمان لـ Windows XP (KB971633)‎
تحديث أمان لـ Windows XP (KB971657)‎
تحديث أمان لـ Windows XP (KB971961)‎
تحديث أمان لـ Windows XP (KB973346)‎
تحديث أمان لـ Windows XP (KB973354)‎
تحديث أمان لـ Windows XP (KB973507)‎
تحديث أمان لـ Windows XP (KB973869)‎
تحديث لـ Windows XP (KB951978)‎
تحديث لـ Windows XP (KB955839)‎
تحديث لـ Windows XP (KB961503)‎
تحديث لـ Windows XP (KB967715)‎
تحديث لـ Windows XP (KB968389)‎
تحديث لـ Windows XP (KB973815)‎
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 9
Choice Guard
Conexant AC-Link Audio
Data Fax SoftModem with SmartCP
Final Uninstaller
Free Download Manager 3.0
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet
InterVideo DeviceService
Japanese Fonts Support For Adobe Reader 9
Japanese Language Support
K-Lite Mega Codec Pack 4.8.5
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Arabic) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Arabic) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Arabic) 2007
Microsoft Office InfoPath MUI (Arabic) 2007
Microsoft Office OneNote MUI (Arabic) 2007
Microsoft Office Outlook MUI (Arabic) 2007
Microsoft Office PowerPoint MUI (Arabic) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proofing (Arabic) 2007
Microsoft Office Publisher MUI (Arabic) 2007
Microsoft Office Shared MUI (Arabic) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Word MUI (Arabic) 2007
Microsoft Software Update for Web Folders (Arabic) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVC80_x86
MSVCRT
Nokia Connectivity Cable Driver
OGA Notifier 1.7.0105.35.0
PC Connectivity Solution
Segoe UI
Software Informer 1.0 BETA
Toshiba Hotkey Utility
Ulead VideoStudio 11
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (kb972691)
VideoStudio
VobSub v2.23 (Remove Only)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows XP Service Pack 3
WinRAR archiver
مساعد تسجيل الدخول إلى Windows Live

==== Event Viewer Messages From Past Week ========

13/10/2009 08:12:16 م, error: Dhcp [1002] - The IP address lease 192.168.0.10 for the Network Card with network address 001636104F9B has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
11/10/2009 06:23:12 م, error: Dhcp [1002] - The IP address lease 192.168.0.7 for the Network Card with network address 00166F3987CF has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/10/2009 08:20:02 م, error: W32Time [34] - The time service has detected that the system time needs to be changed by +86370 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.7:123->207.46.197.32:123) is working properly.
09/10/2009 02:39:27 م, error: Dhcp [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 00166F3987CF has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
08/10/2009 06:42:05 م, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: ‏‏أعد تشغيل الخدمة.
08/10/2009 06:42:03 م, error: WinDefend [5008] -
08/10/2009 06:41:12 م, error: WinDefend [5008] -
07/10/2009 06:37:22 م, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
07/10/2009 06:33:46 م, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
07/10/2009 06:32:44 م, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (‏‏أعد تشغيل الخدمة) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: ‏‏يتم مسبقاً تشغيل جلسة أخرى لهذه الخدمة.
07/10/2009 06:30:55 م, error: Dhcp [1002] - The IP address lease 192.168.0.8 for the Network Card with network address 00166F3987CF has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

[shinybeast]

Hi makoto,

Do you know the date when the errors started? So far there is nothing really suspicious and I am thinking that some software you installed is having compatibility issues with Windows (maybe it is hacked or otherwise altered). I notice you have been installing and uninstalling security software, has the computer had an infection recently? Did Combofix find anything? Does the log still exist (it would be located at C:\combofix.txt)?
One more question, is this a business PC?


Let's try a scan to check for rootkits...


Download and Run RootRepeal

Please download RootRepeal.zip from one of the following links and save it to your desktop.
Link 1 | Link 2 | Link 3

• Extract RootRepeal.zip to your desktop
• Disconnect from the Internet as your system will be unprotected while using this tool.
• Close all programs and temporarily disable your anti-virus, firewall and any anti-malware real-time protection before performing the scan.
• Double-click on RootRepeal.exe to launch RootRepeal
• After the program opens, click the Report tab at the bottom of the window, then click the Scan button.
• A dialog box will open and ask "What do you want to include in the scan?"
• Check all of the boxes, then click OK
• Another dialog box will open and read "Please select drives to scan:"
• Place a check next to all drives in the list, then click OK

[Makoto]

Tadaima,Beast-san...

*It started about 22/9

*No,it is personal

*The old log is gone,this is a new one

ComboFix 09-10-16.02 - الاسمى 10/16/2009 0:43.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.2038.1689 [GMT 3:00]
Running from: c:\documents and settings\الاسمى\سطح المكتب\ComboFix.exe
Command switches used :: c:\documents and settings\الاسمى\سطح المكتب\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: avast! antivirus 4.8.1356 [VPS 091016-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-10-15 03:55 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-15 03:55 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-15 03:55 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-15 03:55 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-15 03:55 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-15 03:55 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-15 03:55 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-15 03:55 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-15 03:55 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-15 03:55 . 2009-10-15 03:55 -------- d-----w- c:\program files\Alwil Software
2009-10-14 23:45 . 2009-10-14 23:45 51600 ----a-w- c:\windows\system32\RadLightMPCUninstall.exe
2009-10-11 13:27 . 2009-10-11 13:27 -------- d-----w- c:\documents and settings\الاسمى\Application Data\Software Informer
2009-10-11 13:26 . 2009-10-11 13:26 -------- d-----w- c:\program files\Software Informer
2009-10-11 13:26 . 2009-10-15 21:41 -------- d-----w- c:\documents and settings\الاسمى\Application Data\Free Download Manager
2009-10-11 13:26 . 2009-10-11 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-10-10 19:19 . 2009-10-10 19:19 -------- d-----w- c:\documents and settings\الاسمى\Application Data\WinPatrol
2009-10-07 20:20 . 2009-10-09 22:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-07 17:23 . 2009-10-07 17:23 -------- d-----w- c:\documents and settings\الاسمى\Application Data\AVG8
2009-10-07 17:11 . 2009-10-01 07:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-07 16:09 . 2009-10-07 16:09 -------- d-----w- c:\program files\Trend Micro
2009-10-04 21:11 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-03 17:14 . 2009-10-03 17:14 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-03 17:14 . 2009-10-03 17:14 -------- d-----w- C:\c4b7851f59969756ea756a1e85
2009-10-03 17:11 . 2009-10-03 17:11 -------- d-----w- c:\program files\PC Connectivity Solution
2009-10-03 17:10 . 2009-10-03 17:10 -------- d-----w- c:\program files\MSBuild
2009-10-03 17:10 . 2009-10-03 17:10 -------- d-----w- c:\windows\SHELLNEW
2009-10-03 17:10 . 2009-10-03 17:10 -------- d-----w- c:\program files\Microsoft Works
2009-10-03 17:08 . 2009-10-03 17:08 -------- d-----r- C:\MSOCache
2009-10-03 17:07 . 2009-10-03 17:12 -------- d-----w- c:\program files\FinalUninstaller
2009-10-03 17:06 . 2009-10-10 08:24 -------- d-----w- C:\Outerspace Software
2009-10-03 17:06 . 2009-10-03 17:06 -------- d-----w- C:\NOD
2009-10-03 17:06 . 2009-10-03 17:06 -------- d-----w- c:\program files\Gabest
2009-10-03 16:58 . 2009-10-03 17:14 -------- d-----w- c:\documents and settings\الاسمى\Application Data\PC Suite
2009-10-03 16:58 . 2009-10-03 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-10-03 16:58 . 2009-10-03 16:58 -------- d-----w- c:\documents and settings\الاسمى\Application Data\ESET
2009-10-01 22:13 . 2009-10-03 05:14 -------- d-----w- c:\documents and settings\الاسمى\Application Data\skypePM
2009-10-01 22:13 . 2009-10-01 22:13 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-01 22:10 . 2009-10-03 16:59 -------- d-----w- c:\documents and settings\الاسمى\Application Data\Skype
2009-10-01 22:10 . 2009-10-03 16:59 -------- d-----w- c:\program files\Google
2009-10-01 22:08 . 2009-10-03 16:59 -------- d-----w- c:\program files\Skype
2009-10-01 22:07 . 2009-10-03 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-01 21:27 . 2009-10-01 21:27 -------- d-----w- c:\program files\AxBx
2009-09-27 18:46 . 2009-09-27 18:46 -------- d-----w- c:\documents and settings\الاسمى\Local Settings\Application Data\Help
2009-09-26 02:30 . 2009-09-27 18:47 232 ----a-w- c:\windows\itlog.dat
2009-09-23 19:17 . 2009-09-23 19:17 -------- d-----w- c:\program files\MSBuild(2)
2009-09-23 19:08 . 2009-09-23 19:16 -------- d-----w- c:\windows\SHELLNEW(2)
2009-09-23 18:59 . 2009-10-03 17:08 -------- d-----w- c:\program files\Microsoft Office(2)
2009-09-23 18:58 . 2009-10-03 17:08 -------- d-----w- C:\MSOCache(2)
2009-09-23 16:01 . 2009-09-23 17:59 -------- d-----w- c:\program files\Java
2009-09-23 15:49 . 2009-10-03 17:11 -------- d-----w- c:\windows\system32\GroupPolicy
2009-09-23 15:08 . 2009-10-03 17:11 -------- d-----w- c:\program files\PC Connectivity Solution(2)
2009-09-23 14:41 . 2009-09-23 14:41 -------- d-----w- c:\program files\DVD-RAM
2009-09-23 13:59 . 2009-09-23 14:00 -------- d-----w- c:\windows\system32\NtmsData
2009-09-23 13:47 . 2009-09-23 13:47 -------- d-----w- c:\program files\security
2009-09-23 13:41 . 2009-09-23 13:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-09-20 06:14 . 2009-10-03 17:13 -------- d-----w- c:\windows\NiwradSoft Shell Pack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 21:36 . 2001-09-19 12:00 40316 ----a-w- c:\windows\system32\perfc001.dat
2009-10-15 21:36 . 2001-09-19 12:00 251946 ----a-w- c:\windows\system32\perfh001.dat
2009-10-11 13:27 . 2009-06-14 14:18 -------- d-----w- c:\program files\Free Download Manager
2009-10-03 17:14 . 2009-09-06 17:21 -------- d-----w- c:\program files\All2Chat
2009-10-03 17:11 . 2009-09-02 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-10-03 17:11 . 2009-09-02 18:42 -------- d-----w- c:\program files\DIFX
2009-10-03 17:11 . 2009-09-02 18:41 -------- d-----w- c:\program files\Nokia
2009-10-03 17:07 . 2009-07-24 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-23 14:41 . 2009-06-09 17:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-23 14:03 . 2009-06-10 13:17 111648 ----a-w- c:\documents and settings\الاسمى\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:17 . 2004-08-03 21:55 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 03:17 . 2009-06-09 17:26 -------- d-----w- c:\program files\CONEXANT
2009-09-04 21:03 . 2004-08-03 21:55 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 18:44 . 2009-09-02 18:43 -------- d-----w- c:\documents and settings\الاسمى\Application Data\Nokia
2009-09-02 18:43 . 2009-09-02 18:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-09-02 18:43 . 2009-09-02 18:43 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-29 07:25 . 2004-08-03 21:55 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:25 . 2004-08-03 21:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:25 . 2004-08-03 21:55 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-03 21:55 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 08:59 . 2004-08-03 21:55 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 19:56 . 2004-08-03 21:49 2190720 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:26 . 2004-08-04 00:48 2067584 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-24 22:49 . 2009-07-24 22:49 45 ---h--w- c:\windows\dsez0466.dat
2009-06-14 14:16 . 2009-06-14 14:16 6710419 ----a-w- c:\program files\fdminst.exe
2009-06-10 13:20 . 2009-06-10 13:20 2398736 ----a-w- c:\program files\WLinstaller.exe
2008-12-10 13:14 . 2009-06-10 17:57 4411392 ----a-w- c:\program files\mplayerc.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-07_15.37.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-15 21:32 . 2009-10-15 21:32 16384 c:\windows\temp\Perflib_Perfdata_650.dat
+ 2009-06-10 13:28 . 2009-05-26 11:40 17784 c:\windows\system32\spmsg.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 44544 c:\windows\system32\pngfilt.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 44544 c:\windows\system32\pngfilt.dll
- 2001-09-19 12:00 . 2009-10-07 15:36 40326 c:\windows\system32\perfc009.dat
+ 2001-09-19 12:00 . 2009-10-15 21:36 40326 c:\windows\system32\perfc009.dat
+ 2007-08-13 15:54 . 2009-08-29 07:25 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 15:54 . 2009-06-29 15:56 52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 15:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 15:39 . 2009-08-28 10:26 13824 c:\windows\system32\ieudinit.exe
- 2004-08-03 21:55 . 2009-06-29 15:56 44544 c:\windows\system32\iernonce.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 44544 c:\windows\system32\iernonce.dll
+ 2004-08-03 21:56 . 2009-08-28 10:26 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-03 21:56 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 15:36 . 2009-06-29 15:56 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 15:36 . 2009-08-29 07:25 63488 c:\windows\system32\icardie.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2009-06-12 04:54 . 2009-06-29 15:56 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-06-12 04:54 . 2009-08-29 07:25 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-06-12 04:54 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-06-12 04:54 . 2009-08-28 10:26 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-03 21:55 . 2009-08-29 07:25 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-03 21:56 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-03 21:56 . 2009-08-28 10:26 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-06-12 04:54 . 2009-06-29 15:56 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-06-12 04:54 . 2009-08-29 07:25 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-06-29 15:56 . 2009-06-29 15:56 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-29 15:56 . 2009-08-29 07:25 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll
+ 2009-10-15 04:59 . 2009-06-29 11:07 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe
+ 2009-10-15 04:59 . 2009-06-29 15:56 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll
+ 2009-10-15 04:59 . 2009-06-29 11:07 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe
+ 2009-10-15 04:59 . 2009-06-29 15:56 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 17408 c:\windows\ie7updates\KB974455-IE7\corpol.dll
+ 2004-08-03 21:55 . 2009-04-03 09:15 485376 c:\windows\system32\wmspdmod.dll
- 2004-08-03 21:55 . 2008-04-14 15:59 485376 c:\windows\system32\wmspdmod.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 233472 c:\windows\system32\webcheck.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 233472 c:\windows\system32\webcheck.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 105984 c:\windows\system32\url.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 105984 c:\windows\system32\url.dll
+ 2001-09-19 12:00 . 2009-10-15 21:36 311938 c:\windows\system32\perfh009.dat
- 2001-09-19 12:00 . 2009-10-07 15:36 311938 c:\windows\system32\perfh009.dat
- 2004-08-03 21:55 . 2009-06-29 15:56 102912 c:\windows\system32\occache.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 102912 c:\windows\system32\occache.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 671232 c:\windows\system32\mstime.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 671232 c:\windows\system32\mstime.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 193024 c:\windows\system32\msrating.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 193024 c:\windows\system32\msrating.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 15:54 . 2009-06-29 15:56 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 15:54 . 2009-08-29 07:25 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 15:34 . 2009-08-29 07:25 268288 c:\windows\system32\iertutil.dll
- 2007-08-13 15:34 . 2009-06-29 15:56 268288 c:\windows\system32\iertutil.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 385024 c:\windows\system32\iedkcs32.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 385024 c:\windows\system32\iedkcs32.dll
- 2007-07-11 09:27 . 2009-06-29 15:56 380928 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 09:27 . 2009-08-29 07:25 380928 c:\windows\system32\ieapfltr.dll
- 2001-09-19 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
+ 2001-09-19 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 153088 c:\windows\system32\ieakeng.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 153088 c:\windows\system32\ieakeng.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 133120 c:\windows\system32\extmgr.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 133120 c:\windows\system32\extmgr.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 214528 c:\windows\system32\dxtrans.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-03 21:55 . 2009-04-03 09:15 485376 c:\windows\system32\dllcache\wmspdmod.dll
- 2004-08-03 21:55 . 2008-04-14 15:59 485376 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 832512 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-03 21:55 . 2008-10-03 10:03 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-03 21:55 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-06-25 08:25 . 2009-09-11 14:17 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-06-12 04:54 . 2009-08-29 07:25 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-12 04:54 . 2009-06-29 15:56 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-09 15:43 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2009-06-12 04:54 . 2009-08-29 07:25 268288 c:\windows\system32\dllcache\iertutil.dll
- 2009-06-12 04:54 . 2009-06-29 15:56 268288 c:\windows\system32\dllcache\iertutil.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-06-12 04:54 . 2009-06-29 15:56 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-06-12 04:54 . 2009-08-29 07:25 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2001-09-19 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2001-09-19 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 124928 c:\windows\system32\advpack.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 124928 c:\windows\system32\advpack.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 827392 c:\windows\ie7updates\KB974455-IE7\wininet.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 105984 c:\windows\ie7updates\KB974455-IE7\url.dll
+ 2009-10-15 04:59 . 2009-05-26 11:40 380792 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll
+ 2009-10-15 04:59 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe
+ 2009-10-15 04:59 . 2009-06-29 15:56 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll
+ 2009-10-15 04:59 . 2009-06-29 08:35 634632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe
+ 2009-10-15 04:59 . 2009-06-29 15:56 268288 c:\windows\ie7updates\KB974455-IE7\iertutil.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 385024 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 380928 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll
+ 2009-10-15 04:59 . 2009-06-29 08:33 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll
+ 2009-10-15 01:47 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-03 21:55 . 2009-07-17 16:15 1433600 c:\windows\system32\query.dll
- 2004-08-03 21:55 . 2008-04-14 15:59 1433600 c:\windows\system32\query.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 3598336 c:\windows\system32\mshtml.dll
+ 2007-08-13 15:54 . 2009-08-29 07:25 6067200 c:\windows\system32\ieframe.dll
- 2007-08-13 15:54 . 2009-07-19 13:26 6067200 c:\windows\system32\ieframe.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-17 16:15 . 2009-07-17 16:15 1433600 c:\windows\system32\dllcache\query.dll
+ 2009-06-11 11:59 . 2009-08-04 19:56 2190720 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-06-11 11:59 . 2009-08-04 17:25 2025472 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-06-11 11:59 . 2009-02-09 11:22 2025472 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-10 16:03 . 2009-02-10 16:03 2067584 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-10 16:03 . 2009-08-04 17:26 2067584 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-06-11 11:59 . 2009-08-04 17:26 2146816 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-06-11 11:59 . 2009-02-09 11:22 2146816 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-03 21:55 . 2009-08-29 07:25 3598336 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-12 04:54 . 2009-08-29 07:25 6067200 c:\windows\system32\dllcache\ieframe.dll
- 2009-06-12 04:54 . 2009-07-19 13:26 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
+ 2009-10-15 04:59 . 2009-07-19 13:26 3597824 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
+ 2009-10-15 04:59 . 2009-07-19 13:26 6067200 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
+ 2009-06-11 11:59 . 2009-08-04 19:56 2190720 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-06-11 11:59 . 2009-02-09 11:22 2025472 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-06-11 11:59 . 2009-08-04 17:25 2025472 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-10 16:03 . 2009-02-10 16:03 2067584 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-10 16:03 . 2009-08-04 17:26 2067584 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-06-11 11:59 . 2009-08-04 17:26 2146816 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-06-11 11:59 . 2009-02-09 11:22 2146816 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-06-12 04:55 . 2009-10-02 18:01 25198016 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2005-08-01 1093632]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2006-08-03 639040]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-07-07 135168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-9 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2006-08-03 00:20 188482 ----a-w- c:\windows\system32\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/10/2009 06:55 ص 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/10/2009 06:55 ص 20560]
.
Contents of the 'Scheduled Tasks' folder

2009-10-14 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]

2009-10-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: تحميل الفيديو بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: تحميل الكل بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: تحميل المحددة بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: تحميل بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-fsm - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-16 00:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\LgNotify.dll

- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-10-15 0:47
ComboFix-quarantined-files.txt 2009-10-15 21:47
ComboFix2.txt 2009-10-07 15:38

Pre-Run: 38,234,386,432 bytes free
Post-Run: 38,198,177,792 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

358 --- E O F --- 2009-10-15 05:00

*RootRepeal report

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/16 00:54
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\DOCUME~1\33DE~1\LOCALS~1\Temp\catchme.sys
Address: 0xAA1B3000 Size: 31744 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9F6B000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79C3000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xF79C5000 Size: 6464 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9EEB000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb36b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb3574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb3a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb314c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb364e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb308c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb30f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb376e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb372e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb38ae

==EOF==

[shinybeast]

Hello makoto,

Your logs show nothing suspicious as far as malware is concerned.

I suspect NiwradSoft Shell Pack/Seven Remix XP may be responsible for your issues. I would uninstall it and if that does not solve your issue, I recommend you try one of these forums.

What The Tech
Techguy.org
PC Pitstop


Also, a warning about Free Download Manager. One of it's functions is Peer to Peer file sharing. I suggest you read this forum's thoughts on P2P here where it is explained why it is not a good idea to use P2P.


You can delete RootRepeal and DDS.

Please uninstall Combofix by doing the following:

Copy this line in bold-> "%userprofile%\سطح المكتب\ComboFix.exe" /u
Click Start, then click Run...
Paste the line you copied into the white area and click OK
This should uninstall Combofix

(I realize your menus are likely in Arabic. I hope you understand the above. )

[Makoto]

Hello

You think i can't understand سطح المكتب ?

I removed NiwradSoft Shell Pack/Seven Remix XP,but the problem is not resolved
I removed the download manager & combofix too

Thank you for your time & help
شكراً

[shinybeast]

Hello makoto,

You think i can't understand سطح المكتب ?

I know you understand it. I have never uninstalled Combofix in (or even used) an Arabic Windows. I just wanted to be sure your Windows understood it.

Sometimes a bad Adobe Flash can create issues. If the error occurs while web browsing, Flash may be to blame. You can try uninstalling Flash using the uninstaller found here. Follow the instructions provided. Reboot. Then install Flash again from this link. I would uncheck the Free McAfee Security Scan before you download.

Otherwise, I am out of ideas. I hope you find a solution to your issue.

shinybeast

[NonSuch]

As the remaining issue does not involve malware and therefore falls outside the scope of this forum, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal