asked on

Cant press Right click on IE 7 or 8 !

Hi All ,

I was attacked by spyware on my msn which send images and when i tried to remove it i was hit by a bunch of spywares and viruses as a result of a fake antispyware , but finally i got my laptop healty enough by running ,
Adaware - spybot-malwarebytes and mcafee antivirus

But i only had one obvious problem , which i cant remove it , which

When i press right click on IE no right menue appears , although it is working fine on on files and desktop .
I really ran out of ideas so i downloaded HJt and here is the log"in next reply" , actually i dont know what to do with it .
hope you can help me with it.
Operating system : XP professional with SP3
Laptop: Lenovo T400

Maherenstein

ASKER

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:33 PM, on 7/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ngvpnmgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINNT\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\IPSec Client\LucentIKESvc.exe
C:\Program Files\IPSec Client\LucentIKE.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\OPNET\AppCapture3.8\op_capture_server.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\TPHDEXLG.exe
C:\WINNT\system32\TpKmpSVC.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\WINNT\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINNT\system32\TpShocks.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINNT\PixArt\PAC207\Monitor.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINNT\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IPSec Client\trayicon.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\ngmonitor.exe
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoconf.eu.alcatel.com/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Monitor] C:\WINNT\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINNT\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSN Optimized;US)" -"http://www.freeonlinegames.com/sports-games/street-sesh.html"
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O4 - Global Startup: Aventail VPN Connection.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: IPSecClient Icon.lnk = C:\Program Files\IPSec Client\trayicon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
O15 - Trusted Zone: http://*.alcatel-lucent.com
O15 - Trusted Zone: http://*.alcatel.com
O15 - Trusted Zone: http://*.lucent.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233484425406
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ALCATEL.EG
O17 - HKLM\Software\..\Telephony: DomainName = ALCATEL.EG
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D77BB65-DEF0-4A12-B91D-7EDD61CB9C2F}: NameServer = 155.132.188.74 155.132.180.74
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ALCATEL.EG
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\DOCUME~1\AHMEDM~1\LOCALS~1\Temp\4067031113mmx.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINNT\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9ef56b5c6207a) (gupdate1c9ef56b5c6207a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hummingbird Exceed Display Management (HumDisplayServer) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LucentIKE - Unknown owner - C:\Program Files\IPSec Client\LucentIKESvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINNT\system32\ngvpnmgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OPNET Application Capture Agent - Unknown owner - C:\Program Files\OPNET\AppCapture3.8\op_capture_server.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\

--
End of file - 15876 bytes

HainKurt

try to reset IE settings
tools -> internet options -> advanced -> reset

try to remove disable or delete unused or unknown add-ons from IE
tools -> internet options -> programs-> manage add-ons

install SpyBot Search & destroy ( do not install tea timer or other option that copmes with SpyBot)
search & fix for spies...
select advanced menu
go to tools -> check all options, select system startup, disable/delete unused/unknown items (be careful before deleting, you may actually need some, so first disable, reboot)
go to activeX section, delete unused/unknown
go to BHOs, delete unused/unknown items

reboot...

HainKurt

here is the screen shot from SpyBot...

HainKurt

I missed the file...
SpyBot.gif

ASKER CERTIFIED SOLUTION

rpggamergirl

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Maherenstein

ASKER

oook first thanks HainKurt but it didnt work .
Second rpggamergirl: it is now working after the combo fix , but i had some issue to ask you about ,
when combofix started to run , it said that spyware doctor and mcafee are on , for macafee i know it is on , and somehow i cant disable it , dont know why actually , option is in grey
but spyware doctor i totally uninstall it from my computer !!! any hints .
second now mcafee is disabled after the restart , but i will try to do a reboot and see if it is enabled

Thanks so much for your help and am waiting to tell me the reason for what happend .

Maherenstein

ASKER

ComboFix 09-07-13.01 - ahmed.maher 07/14/2009 17:58.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1197 [GMT 3:00]
Running from: d:\documents and settings\ahmedmaher\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1137241160
c:\recycler\S-1-5-21-2645209000-5660436393-879092836-6312
c:\recycler\S-1-5-21-6881334539-1475835856-381520575-2464
c:\recycler\S-1-5-21-8931798572-7014533870-774769837-3149
c:\winnt\system32\hjgruigwwbhhos.dat
c:\winnt\system32\hjgruixakjallv.dat
d:\documents and settings\ahmedmaher\Application Data\bcrypt.html
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://eggizssus01.alcatel.eg
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6to4
-------\Legacy_pcmstub
-------\Service_hjgruinskiltmb

((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-14 13:06 . 2009-07-14 13:06      --------      d-----w-      c:\program files\Trend Micro
2009-07-13 00:03 . 2009-07-13 00:03      --------      d-----w-      d:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-13 00:01 . 2009-07-13 00:01      --------      d-sh--w-      d:\documents and settings\Administrator\PrivacIE
2009-07-13 00:00 . 2009-07-13 00:00      --------      d-sh--w-      d:\documents and settings\Administrator\IETldCache
2009-07-12 22:07 . 2009-07-03 14:49      15688      ----a-w-      c:\winnt\system32\lsdelete.exe
2009-07-12 20:18 . 2009-07-03 14:49      64160      ----a-w-      c:\winnt\system32\drivers\Lbd.sys
2009-07-12 20:13 . 2009-07-12 20:17      --------      d-----w-      d:\documents and settings\ahmedmaher\Local Settings\Application Data\Temp
2009-07-12 20:12 . 2009-07-12 20:12      --------      dc-h--w-      d:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-12 20:09 . 2009-07-12 20:18      --------      d-----w-      d:\documents and settings\All Users\Application Data\Lavasoft
2009-07-12 20:09 . 2009-07-12 20:09      --------      d-----w-      c:\program files\Lavasoft
2009-07-12 18:45 . 2009-07-12 18:45      --------      d-----w-      d:\documents and settings\ahmedmaher\Application Data\Malwarebytes
2009-07-12 18:44 . 2009-06-17 08:27      38160      ----a-w-      c:\winnt\system32\drivers\mbamswissarmy.sys
2009-07-12 18:44 . 2009-07-12 18:44      --------      d-----w-      d:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-12 18:44 . 2009-06-17 08:27      19096      ----a-w-      c:\winnt\system32\drivers\mbam.sys
2009-07-12 18:44 . 2009-07-12 18:45      --------      d-----w-      c:\program files\Malwarebytes' Anti-Malware
2009-07-12 11:32 . 2009-07-12 11:35      --------      d-----w-      C:\I386
2009-07-12 01:22 . 2009-07-12 01:22      --------      d-sh--w-      d:\documents and settings\NetworkService\IETldCache
2009-07-12 01:14 . 2009-07-12 01:15      --------      dc-h--w-      c:\winnt\ie8
2009-07-12 00:16 . 2009-07-12 00:20      --------      d-----w-      c:\program files\Spybot - Search & Destroy
2009-07-12 00:16 . 2009-07-12 00:20      --------      d-----w-      d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-11 17:54 . 2009-07-11 17:54      --------      d-----w-      c:\program files\Microsoft Silverlight
2009-07-11 13:35 . 2009-07-11 13:35      --------      d-----w-      c:\winnt\system32\config\systemprofile\Tracing
2009-07-11 12:42 . 2009-07-11 12:42      --------      d-sh--w-      c:\winnt\system32\config\systemprofile\PrivacIE
2009-07-11 12:35 . 2009-07-11 12:35      --------      d-----w-      c:\program files\Common Files\Wise Installation Wizard
2009-07-11 12:28 . 2009-07-11 12:28      --------      d-sh--w-      c:\winnt\system32\config\systemprofile\IETldCache
2009-07-11 12:28 . 2009-07-12 22:15      0      ----a-w-      c:\winnt\system32\drivers\c5b0c5dc.sys
2009-07-11 12:09 . 2009-07-11 12:09      --------      d-sh--w-      d:\documents and settings\LocalService\IETldCache
2009-07-11 11:58 . 2009-07-12 20:12      --------      d---a-w-      d:\documents and settings\All Users\Application Data\TEMP
2009-07-11 11:58 . 2009-07-12 20:47      --------      d-----w-      c:\program files\Spyware Doctor
2009-07-11 07:57 . 2009-07-12 20:13      1      ----a-w-      c:\winnt\AR.DAT
2009-07-11 07:56 . 2009-07-11 07:58      --------      d-----w-      c:\program files\AddRemove
2009-07-10 20:07 . 2009-07-10 20:07      --------      d-----w-      c:\program files\Common Files\Intel
2009-07-10 18:28 . 2009-07-10 18:28      --------      d-----w-      c:\winnt\35C03C043F1F42C2A989A757EE691F65.TMP
2009-07-10 09:22 . 2008-02-08 06:46      57408      ------w-      c:\winnt\system32\drivers\wsimd.sys
2009-07-10 09:22 . 2009-03-24 14:14      254022      ----a-w-      c:\winnt\system32\wsfwDS.dll
2009-07-10 09:22 . 2009-03-24 14:14      249924      ----a-w-      c:\winnt\system32\wsimd.dll
2009-07-10 09:22 . 2009-03-24 13:55      82017      ----a-r-      c:\winnt\system32\dsaNac.dll
2009-07-10 09:22 . 2009-03-24 13:55      1269854      ----a-r-      c:\winnt\system32\dsa.dll
2009-07-10 09:22 . 2008-11-05 16:09      1343616      ----a-w-      c:\winnt\system32\athw.sys
2009-07-10 09:22 . 2008-02-08 06:46      57408      ----a-w-      c:\winnt\system32\wsimd.sys
2009-07-10 09:22 . 2006-08-07 11:17      118784      ----a-w-      c:\winnt\system32\ATHCFG10.DLL
2009-07-07 21:04 . 2009-07-07 21:04      --------      d-----w-      d:\documents and settings\ahmedmaher\Local Settings\Application Data\Help
2009-07-07 10:46 . 2009-07-07 10:46      --------      d-----w-      c:\program files\Sierra
2009-07-07 10:46 . 2009-07-07 10:46      --------      d-----w-      c:\program files\WON
2009-07-06 17:00 . 2008-08-15 17:12      4224      ----a-w-      c:\winnt\system32\drivers\IBMBLDID.sys
2009-07-06 17:00 . 2008-08-15 17:12      11520      ----a-w-      c:\winnt\system32\drivers\ANC.sys
2009-07-01 18:23 . 2009-07-01 18:23      --------      d-----w-      c:\program files\iPod
2009-07-01 18:23 . 2009-07-01 18:23      --------      d-----w-      c:\program files\iTunes
2009-07-01 01:34 . 2009-07-04 20:32      45056      ----a-w-      c:\winnt\NCUNINST.EXE
2009-07-01 00:54 . 2009-07-01 00:54      --------      d-----w-      c:\program files\Common Files\SWF Studio
2009-06-24 04:11 . 2009-06-24 04:11      83028      ----a-w-      d:\documents and settings\ahmedmaher\catalina.2009-06-24.zip
2009-06-19 19:17 . 2009-06-20 12:07      10091520      ----a-w-      d:\documents and settings\ahmedmaher\Binary-Library.zip
2009-06-17 18:40 . 2009-06-17 18:40      --------      d-----w-      d:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-17 18:10 . 2009-06-17 18:10      --------      d-----w-      d:\documents and settings\ahmedmaher\Application Data\PC Suite
2009-06-17 18:10 . 2009-06-17 18:10      --------      d-----w-      d:\documents and settings\ahmedmaher\Application Data\Nokia
2009-06-17 18:10 . 2009-06-17 18:10      --------      d-----w-      d:\documents and settings\All Users\Application Data\PC Suite
2009-06-17 18:09 . 2007-09-17 12:53      21632      ----a-w-      c:\winnt\system32\drivers\pccsmcfd.sys
2009-06-17 18:09 . 2009-06-17 18:09      --------      d-----w-      c:\program files\PC Connectivity Solution
2009-06-17 18:09 . 2008-05-07 04:38      90624      ----a-w-      c:\winnt\system32\nmwcdcls.dll
2009-06-17 18:09 . 2009-06-17 18:09      --------      d-----w-      c:\program files\Nokia
2009-06-17 18:08 . 2009-06-17 18:08      --------      d-----w-      d:\documents and settings\All Users\Application Data\Installations
2009-06-17 14:20 . 2009-06-17 14:20      --------      d-----w-      d:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-17 14:19 . 2009-07-12 20:18      --------      d-----w-      d:\documents and settings\ahmedmaher\Local Settings\Application Data\Google
2009-06-17 14:19 . 2009-07-12 20:17      --------      d-----w-      c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 15:03 . 2009-07-14 15:03      100880      ----a-w-      c:\winnt\system32\WPRO_40_1040woem.tmp
2009-07-14 14:58 . 2009-04-05 12:20      --------      d-----w-      d:\documents and settings\ahmedmaher\Application Data\Skype
2009-07-14 06:56 . 2009-04-05 12:21      --------      d-----w-      d:\documents and settings\ahmedmaher\Application Data\skypePM
2009-07-14 06:47 . 2009-01-29 11:54      40840      -c--a-w-      d:\documents and settings\ahmedmaher\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-11 14:52 . 2008-09-12 18:33      182656      -c--a-w-      c:\winnt\system32\drivers\ndis.sys
2009-07-11 14:38 . 2009-02-09 00:52      --------      d-----w-      d:\documents and settings\ahmedmaher\Application Data\uTorrent
2009-07-11 13:29 . 2009-07-11 12:30      4      ---h--w-      c:\winnt\Fonts\mlog
2009-07-11 12:28 . 2009-02-01 10:47      --------      d-----w-      c:\program files\IDM Computer Solutions
2009-07-11 08:48 . 2009-03-17 13:51      --------      d-----w-      c:\program files\Windows Live
2009-07-10 20:07 . 2009-01-28 18:44      --------      d-----w-      c:\program files\Intel
2009-07-10 18:27 . 2009-04-01 12:26      --------      d-----w-      d:\documents and settings\ahmedmaher\Application Data\DMCache
2009-07-10 09:23 . 2009-07-10 09:23      --------      d--h--r-      d:\documents and settings\All Users\Application Data\Atheros
2009-07-10 09:22 . 2009-01-28 18:42      --------      d-----w-      c:\program files\Lenovo
2009-07-10 09:22 . 2008-09-12 17:14      --------      d--h--w-      c:\program files\InstallShield Installation Information
2009-06-30 22:39 . 2009-04-09 14:33      --------      d-----w-      c:\program files\ACE Mega CoDecS Pack
2009-06-11 22:37 . 2009-06-11 22:37      1148      ----a-w-      c:\winnt\system32\ezdigsgn.dat
2009-06-11 21:06 . 2009-06-07 23:38      230432      ----a-w-      C:\PA207.DAT
2009-06-03 21:01 . 2009-06-03 21:01      --------      d-----w-      c:\program files\Common Files\Look110
2009-06-03 21:01 . 2009-06-03 21:01      --------      d-----w-      c:\program files\Look 110
2009-06-03 21:01 . 2009-06-03 21:01      --------      d-----w-      d:\documents and settings\ahmedmaher\Application Data\InstallShield
2008-02-02 10:27 . 2008-09-12 16:58      67696      ----a-w-      c:\program files\mozilla firefox\components\jar50.dll
2008-02-02 10:27 . 2008-09-12 16:58      54376      -c--a-w-      c:\program files\mozilla firefox\components\jsd3250.dll
2008-02-02 10:27 . 2008-09-12 16:58      34952      ----a-w-      c:\program files\mozilla firefox\components\myspell.dll
2008-02-02 10:27 . 2008-09-12 16:58      46720      ----a-w-      c:\program files\mozilla firefox\components\spellchk.dll
2008-02-02 10:27 . 2008-09-12 16:58      172144      -c--a-w-      c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-12-05 3900936]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\winnt\system32\igfxtray.exe" [2008-10-13 150040]
"HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2008-10-13 178712]
"Persistence"="c:\winnt\system32\igfxpers.exe" [2008-10-13 150040]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-07-29 242976]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-28 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-28 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-09 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-09 124248]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Monitor"="c:\winnt\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-05-18 136512]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-15 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-08-15 143360]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-02-27 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-27 1202448]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-27 111952]
"TpShocks"="TpShocks.exe" - c:\winnt\system32\TpShocks.exe [2008-06-06 181536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-12-05 3900936]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

d:\documents and settings\ahmedmaher\Start Menu\Programs\Startup\
TypeItIn.lnk - c:\program files\TypeItIn\TypeItIn.exe [2009-2-1 858624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37      34344      ----a-w-      c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 14:02      34080      ----a-w-      c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2008-08-15 18:37      32768      ----a-w-      c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages      REG_MULTI_SZ       scecli ACGina

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2774792575-1536966407-3611087897-1004\Scripts\Logoff\0\0]
"Script"=KEYBOARD.CMD

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2774792575-1536966407-3611087897-1004\Scripts\Logoff\0\1]
"Script"=c:\program files\Profile Light\Logoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2774792575-1536966407-3611087897-500\Scripts\Logoff\0\0]
"Script"=KEYBOARD.CMD

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2774792575-1536966407-3611087897-500\Scripts\Logoff\0\1]
"Script"=c:\program files\Profile Light\Logoff.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Documents and Settings\\ahmedmaher\\Desktop\\1-sbcl\\SBCL v1.0i.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\WINNT\\system32\\ftp.exe"=
"c:\\Program Files\\AR System\\HOME\\ALPrograms\\wget.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AR System\\User\\alert.exe"=
"d:\\PES2009\\pes2009.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 Fasttrak;Fasttrak;c:\winnt\system32\drivers\Fasttrak.sys [9/12/2008 9:35 PM 75520]
R0 lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [7/12/2009 11:18 PM 64160]
R0 Shockprf;Shockprf;c:\winnt\system32\drivers\ApsX86.sys [5/14/2008 7:21 PM 114728]
R0 TPDIGIMN;TPDIGIMN;c:\winnt\system32\drivers\ApsHM86.sys [5/14/2008 7:21 PM 19496]
R1 TPPWRIF;TPPWRIF;c:\winnt\system32\drivers\TPPWRIF.SYS [1/28/2009 10:01 PM 4442]
R2 HumDisplayServer;Hummingbird Exceed Display Management;c:\program files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe [7/23/2003 5:19 PM 53248]
R2 I2C;I2C;c:\winnt\system32\wbem\agent\ci\i2cnt.sys [1/28/2009 9:50 PM 35704]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 5:49 PM 1029456]
R2 LucentIKE;LucentIKE;c:\program files\IPSec Client\lucentikesvc.exe [1/28/2009 10:34 PM 147456]
R2 NgVpnMgr;Aventail VPN Client;c:\winnt\system32\ngvpnmgr.exe [11/19/2007 4:21 PM 205381]
R2 OPNET Application Capture Agent;OPNET Application Capture Agent;c:\program files\OPNET\AppCapture3.8\op_capture_server.exe [9/12/2008 8:14 PM 929792]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\winnt\system32\drivers\e1y5132.sys [9/12/2008 9:34 PM 244368]
R3 LuIPSec;Alcatel-Lucent VPN Miniport;c:\winnt\system32\drivers\luipsec.sys [1/28/2009 10:34 PM 320768]
R3 NgLog;Aventail VPN Logging;c:\winnt\system32\drivers\nglog.sys [11/19/2007 4:19 PM 25240]
R3 NgVpn;Aventail VPN Adapter;c:\winnt\system32\drivers\ngvpn.sys [11/19/2007 4:20 PM 76440]
R3 WPRO_40_1040;WinPcap Packet Driver (WPRO_40_1040);c:\winnt\system32\drivers\WPRO_40_1040.sys --> c:\winnt\system32\drivers\WPRO_40_1040.sys [?]
R3 WSIMD;wsimd Service;c:\winnt\system32\drivers\wsimd.sys [7/10/2009 12:22 PM 57408]
S1 c5b0c5dc;c5b0c5dc;c:\winnt\system32\drivers\c5b0c5dc.sys [7/11/2009 3:28 PM 0]
S2 gupdate1c9ef56b5c6207a;Google Update Service (gupdate1c9ef56b5c6207a);c:\program files\Google\Update\GoogleUpdate.exe [6/17/2009 5:20 PM 133104]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [1/28/2009 10:01 PM 94208]
S3 NgFilter;Aventail VPN Filter;c:\winnt\system32\drivers\ngfilter.sys [11/19/2007 4:20 PM 20632]
S3 NgWfp;Aventail VPN Callout;c:\winnt\system32\drivers\ngwfp.sys [11/19/2007 4:20 PM 21656]
S3 NPF;NetGroup Packet Filter Driver;c:\winnt\system32\drivers\npf.sys [11/6/2007 11:22 PM 34064]
S3 PAC207;Look 110;c:\winnt\system32\drivers\PFC027.SYS [6/4/2009 12:01 AM 507264]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12      REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{Profile}]
d:\config\master\profile\profile.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{QIESettings_10}]
c:\program files\IEsettings_10\cu.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Hibernate]
powercfg /CHANGE Portable/Laptop /hibernate-timeout-ac 0

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Office Communicator 2005]
c:\winnt\Installer\Microsoft Office Communicator 2005\AFTER.EXE /S

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MSOffice_2003]
c:\program files\Microsoft Office\Office11\cu.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OfficeTemplates_10]
c:\program files\Microsoft Office\Templates\Alcatel-Lucent\Templates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PDFCreator_091]
c:\winnt\Installer\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}\PDFCreator_CU.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\QuickTime_745]
d:\documents and settings\All Users\Application Data\Apple Computer\QuickTime\cu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\RealPlayer_1061]
c:\program files\Real\RealPlayer\cu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Shockwave11]
c:\winnt\INSTALLER\MACROMEDIA\cu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\SonicDigitalMediaPlus_70]
c:\program files\Common Files\Sonic Shared\Sonic Central\cu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Standby]
powercfg /CHANGE Portable/Laptop /standby-timeout-ac 0

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7WMP_USER]
c:\program files\Windows Media Player\cu.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-07-14 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 14:19]

2009-07-14 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 14:19]

2009-07-14 c:\winnt\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-01-28 17:43]

2009-07-14 c:\winnt\Tasks\User_Feed_Synchronization-{EE86FC14-8562-4813-8147-8473A7131BF7}.job
- c:\winnt\system32\msfeedssync.exe [2007-08-13 01:31]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-RunOnce-Shockwave Updater - c:\winnt\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = tux-04.net.alcatel.be:1080
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: alcatel-lucent.com
Trusted Zone: alcatel-lucent.de
Trusted Zone: alcatel-lucent.fr
Trusted Zone: alcatel.com
Trusted Zone: alcatel.de
Trusted Zone: alcatel.fr
Trusted Zone: frillslib01
Trusted Zone: lucent.com
Trusted Zone: alcatel-lucent.com
Trusted Zone: alcatel-lucent.de
Trusted Zone: alcatel-lucent.fr
Trusted Zone: alcatel.com
Trusted Zone: alcatel.de
Trusted Zone: alcatel.fr
Trusted Zone: automation.local
Trusted Zone: frillslib01
Trusted Zone: frmeus0dvp01
Trusted Zone: lucent.com
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 18:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\user preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,b4,36,b6,28,ca,26,45,ba,4c,c4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,b4,36,b6,28,ca,26,45,ba,4c,c4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1676)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(1732)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll

- - - - - - - > 'explorer.exe'(1640)
c:\winnt\system32\btmmhook.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\OneX.DLL
c:\winnt\system32\eappprxy.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\program files\Hummingbird\Connectivity\9.00\Hummingbird Neighborhood\heshell.dll
c:\winnt\system32\btncopy.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\winnt\system32\jsproxy.dll
c:\winnt\system32\netprovcredman.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\winnt\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\IPSec Client\lucentike.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\winnt\system32\TPHDEXLG.exe
c:\winnt\system32\TpKmpSvc.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\winnt\system32\igfxsrvc.exe
c:\winnt\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\winnt\system32\wbem\unsecapp.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\winnt\system32\wbem\unsecapp.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\ThinkPad\Bluetooth Software\BTTray.exe
c:\program files\IPSec Client\trayicon.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-07-14 18:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-14 15:08

Pre-Run: 22,125,293,568 bytes free
Post-Run: 22,070,697,984 bytes free

405      --- E O F ---      2009-05-19 00:06

rpggamergirl

Spyware doctor is still there, if you've already uninstalled it then we will removed its leftovers.

You have some archives showing in the log which I assume you recognized them ( I haven't checked them).

Run combofix again using this script.

1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
------------------------------------------------------------------------
File::
c:\winnt\system32\drivers\c5b0c5dc.sys

Folder::
c:\program files\Spyware Doctor

DirLook::
c:\winnt\Fonts\mlog

Driver::
c5b0c5dc

------------------------------------------------------------------------
3. Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

I'm not sure why the option is greyed out, usually nasties add restrictions so you can't change it after the virus has disabled it but with yours it was still enabled.

To disable McAfee:(thanks to b0lsc0tt)
Open McAfee Security Center, go to the Advanced menu, click on 'Configure' and then run through "computer and files", "internet", and "email and IM" categories; in each on there is a manual option to turn off the protection (click the off bubble).