Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Alert In System Tray By The Clock


  • This topic is locked This topic is locked
3 replies to this topic

#1 hoffemail

hoffemail

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 04 August 2008 - 02:02 PM

Hi,

I've had an infection. I researched and performed the combofix/recovery tool programs and seem to be back to normal. Can you please check these logs and make sure there are no traces? Thank you in advance

**EDIT**
I also seem to not be able to establish an internet connection. I can do so with other laptops(the one I'm on) on the same wireless network, but cannot with the infected one, still.


HIJACKTHIS LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 3945 bytes


DSS LOG:
Deckard's System Scanner v20071014.68
Run by Chris on 2008-08-04 14:57:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-08-04 18:57:26 UTC - RP311 - Deckard's System Scanner Restore Point
1: 2008-08-04 18:00:16 UTC - RP310 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Chris.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Chris\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chris.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 3946 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080110-215640-510 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080110-215640-594 O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
backup-20080110-215640-731 O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
backup-20080110-215641-193 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080110-215641-696 O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
backup-20080804-114557-176 O4 - HKCU\..\Run: [\Win47.exe] C:\Windows\system32\Win47.exe
backup-20080804-114557-215 O2 - BHO: (no name) - {C04934F1-27B4-4BC1-88F4-B4FA0DD477BF} - C:\WINDOWS\system32\nnnoNeEu.dll
backup-20080804-114557-223 O4 - HKLM\..\Run: [BM1bb851f3] Rundll32.exe "C:\WINDOWS\system32\jrotjxda.dll",s
backup-20080804-114557-291 O4 - HKLM\..\Run: [\Win47.exe] C:\Windows\system32\Win47.exe
backup-20080804-114557-336 O4 - HKCU\..\Run: [\Win4A.exe] C:\Windows\system32\Win4A.exe
backup-20080804-114557-400 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
backup-20080804-114557-417 O4 - HKCU\..\Run: [\Win48.exe] C:\Windows\system32\Win48.exe
backup-20080804-114557-469 O4 - HKLM\..\Run: [\Win46.exe] C:\Windows\system32\Win46.exe
backup-20080804-114557-479 O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
backup-20080804-114557-486 O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
backup-20080804-114557-559 O4 - HKLM\..\Run: [\Win48.exe] C:\Windows\system32\Win48.exe
backup-20080804-114557-565 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
backup-20080804-114557-670 O2 - BHO: (no name) - {7DE5D989-8EAD-490B-943C-AE8319EFC8F3} - C:\WINDOWS\system32\mgsegmap.dll
backup-20080804-114557-671 O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
backup-20080804-114557-693 O4 - HKCU\..\Run: [\Win49.exe] C:\Windows\system32\Win49.exe
backup-20080804-114557-731 O4 - HKLM\..\Run: [\Win4A.exe] C:\Windows\system32\Win4A.exe
backup-20080804-114557-738 O4 - HKLM\..\Run: [\Win49.exe] C:\Windows\system32\Win49.exe
backup-20080804-114557-746 O4 - HKCU\..\Run: [\Win46.exe] C:\Windows\system32\Win46.exe
backup-20080804-114557-820 O2 - BHO: (no name) - {9B904910-78A4-489D-A825-5111B883A5B2} - C:\WINDOWS\system32\yayxyvwx.dll
backup-20080804-114557-821 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20080804-114557-870 O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
backup-20080804-114557-977 O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
backup-20080804-114558-384 O21 - SSODL: tfnslopk - {72571799-4CC3-4CE8-9449-9C0FAC4C298F} - C:\WINDOWS\tfnslopk.dll
backup-20080804-114558-596 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080804-114558-949 O20 - Winlogon Notify: yayxyvwx - C:\WINDOWS\SYSTEM32\yayxyvwx.dll
backup-20080804-114559-275 O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
backup-20080804-114559-294 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
backup-20080804-114559-341 O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
backup-20080804-114559-403 O21 - SSODL: xokvrpwg - {C9CBFEC5-4CD9-4D04-8823-3AF1F368554C} - C:\WINDOWS\xokvrpwg.dll
backup-20080804-114559-404 O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
backup-20080804-114559-407 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20080804-114559-457 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20080804-114559-489 O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
backup-20080804-114559-590 O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
backup-20080804-114559-790 O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
backup-20080804-114559-821 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
backup-20080804-114559-923 O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
backup-20080804-114559-930 O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
backup-20080804-114559-992 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
backup-20080804-114710-809 O2 - BHO: QXK Olive - {37355961-6141-4D45-845C-BE65438D9F66} - C:\WINDOWS\wnlmdakqpmr.dll
backup-20080804-114711-118 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20080804-114711-261 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
backup-20080804-114711-339 O2 - BHO: (no name) - {C04934F1-27B4-4BC1-88F4-B4FA0DD477BF} - C:\WINDOWS\system32\nnnoNeEu.dll
backup-20080804-114711-355 O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
backup-20080804-114711-448 O2 - BHO: (no name) - {9B904910-78A4-489D-A825-5111B883A5B2} - C:\WINDOWS\system32\yayxyvwx.dll
backup-20080804-114711-590 O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
backup-20080804-114711-604 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20080804-114711-695 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
backup-20080804-114711-771 O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
backup-20080804-114711-829 O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
backup-20080804-114711-870 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20080804-114711-899 O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
backup-20080804-123237-671 O2 - BHO: (no name) - {9B904910-78A4-489D-A825-5111B883A5B2} - C:\WINDOWS\system32\yayxyvwx.dll
backup-20080804-123237-802 O2 - BHO: (no name) - {C04934F1-27B4-4BC1-88F4-B4FA0DD477BF} - C:\WINDOWS\system32\nnnoNeEu.dll
backup-20080804-134847-661 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
backup-20080804-134847-741 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080804-134847-761 O3 - Toolbar: bgrqfetx - {29752075-A2DA-4AB7-97E9-C07AC3138561} - C:\WINDOWS\bgrqfetx.dll (file missing)
backup-20080804-134847-892 O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
backup-20080804-134848-307 O17 - HKLM\System\CCS\Services\Tcpip\..\{9A164B3D-FD45-41E0-B384-E98D6CC5E619}: NameServer = 68.105.28.11,68.105.29.11

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>
R4 catchme - c:\combofix\catchme.sys (file missing)

S3 pwi_bus (Curitel PC Card Composite Device driver (WDM)) - c:\windows\system32\drivers\pwi_bus.sys (file missing)
S3 pwi_mdfl (Curitel PC Card Filter) - c:\windows\system32\drivers\pwi_mdfl.sys (file missing)
S3 pwi_mdm (Curitel PC Card Drivers) - c:\windows\system32\drivers\pwi_mdm.sys (file missing)
S3 pwi_oflt (Curitel PC Card OHCI Filter) - c:\windows\system32\drivers\pwi_oflt.sys (file missing)
S3 pwi_serd (Curitel PC Card Diagnostic Serial Port (WDM)) - c:\windows\system32\drivers\pwi_serd.sys (file missing)
S3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\program files\verizon wireless\vzaccess manager\smndis5.sys <Not Verified; Smith Micro Software, Inc.; QuickLink Wi-Fi>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2004-06-03 05:30:20 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 14:45:25 0 d-------- C:\cmdcons
2008-08-04 14:44:32 68096 --a------ C:\WINDOWS\zip.exe
2008-08-04 14:44:32 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-04 14:44:32 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-04 14:44:32 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-04 14:44:32 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-04 14:44:32 98816 --a------ C:\WINDOWS\sed.exe
2008-08-04 14:44:32 80412 --a------ C:\WINDOWS\grep.exe
2008-08-04 14:44:32 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-04 13:31:26 0 dr-h----- C:\$VAULT$.AVG
2008-08-04 12:37:33 0 d--h----- C:\WINDOWS\PIF
2008-08-04 11:36:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-08-04 11:36:42 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-04 11:36:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-08-04 11:36:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-08-04 11:36:41 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-08-04 11:36:41 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-08-04 11:36:41 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-08-04 11:36:41 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-08-04 11:36:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-08-04 11:36:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-08-04 11:36:40 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-08-04 11:36:40 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-08-04 11:36:40 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-08-04 11:36:40 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-08-04 11:36:40 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-08-04 11:36:40 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-08-04 11:36:39 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-08-04 11:36:39 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-08-04 11:36:39 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-08-04 11:36:37 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-04 11:21:10 233472 --a------ C:\WINDOWS\xokvrpwg.dll
2008-08-04 11:21:10 200704 --a------ C:\WINDOWS\tfnslopk.dll
2008-08-04 11:21:10 86016 --a------ C:\WINDOWS\lnvegaow.exe
2008-08-04 11:07:52 0 d-------- C:\Documents and Settings\Chris\Application Data\WinRAR
2008-07-28 18:18:16 0 d-------- C:\Documents and Settings\Chris\Application Data\Music Editor Free
2008-07-28 18:17:02 348160 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
2008-07-28 18:17:01 417792 --a------ C:\WINDOWS\system32\NCTTextToAudio2.dll <Not Verified; Online Media Technologies Ltd.; NCTTextToAudio2 ActiveX DLL>
2008-07-28 18:17:01 475136 --a------ C:\WINDOWS\system32\NCTAudioVisualizationEx2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioVisualizationEx2 ActiveX DLL>
2008-07-28 18:17:01 479232 --a------ C:\WINDOWS\system32\NCTAudioVisualization2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioVisualization2 ActiveX DLL>
2008-07-28 18:17:01 602112 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioTransform2 ActiveX DLL>
2008-07-28 18:17:01 458752 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioRecord2 ActiveX DLL>
2008-07-28 18:17:01 458752 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioPlayer2 ActiveX DLL>
2008-07-28 18:17:00 1212416 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-07-28 18:17:00 1986560 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-07-28 18:17:00 880640 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioEditor2 ActiveX DLL>
2008-07-28 18:16:59 417792 --a------ C:\WINDOWS\system32\NCTAudioDisplay2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioDisplay2 ActiveX DLL>
2008-07-28 18:16:59 2084864 --a------ C:\WINDOWS\system32\NCTAudioDesign2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioDesign2 ActiveX DLL>
2008-07-28 18:16:59 835584 --a------ C:\WINDOWS\system32\NCTAudioCDGrabber2.dll <Not Verified; NCT; NCTAudioCDGrabber2 ActiveX DLL>
2008-07-22 20:16:55 0 d-------- C:\Program Files\uTorrent
2008-07-22 20:16:51 0 d-------- C:\Documents and Settings\Chris\Application Data\uTorrent
2008-07-21 22:51:31 0 d-------- C:\Documents and Settings\Chris\Application Data\Kazaa Lite
2008-07-21 21:56:48 0 d-------- C:\WINDOWS\system32\LogFiles


-- Find3M Report ---------------------------------------------------------------

2008-08-04 14:46:18 0 d-------- C:\Program Files\Common Files
2008-08-04 14:04:10 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-08-04 13:57:18 0 d-------- C:\Documents and Settings\Chris\Application Data\AVG7
2008-08-04 07:55:30 0 d-------- C:\Documents and Settings\Chris\Application Data\OpenOffice.org2
2008-07-28 19:29:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-24 08:34:09 0 d-------- C:\Program Files\Serif
2008-07-24 08:29:18 0 d-------- C:\Program Files\OpenLibraries
2008-07-23 07:36:10 0 d-------- C:\Documents and Settings\Chris\Application Data\LimeWire
2008-07-15 23:33:17 0 d-------- C:\Documents and Settings\Chris\Application Data\gtk-2.0
2008-07-01 20:21:35 0 d-------- C:\Documents and Settings\Chris\Application Data\Inkscape
2008-07-01 20:21:18 0 d-------- C:\Program Files\Inkscape
2008-07-01 18:17:46 0 d-------- C:\Documents and Settings\Chris\Application Data\Mozilla
2008-06-30 15:56:58 0 d-------- C:\Documents and Settings\Chris\Application Data\Help
2008-06-19 11:59:40 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-09 20:31:53 0 d-------- C:\Program Files\CURITEL
2008-06-09 20:31:52 0 d-------- C:\Program Files\Verizon Wireless
2008-06-09 18:33:25 0 d-------- C:\Documents and Settings\Chris\Application Data\Smith Micro
2008-05-04 22:33:40 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 13:39]

C:\Documents and Settings\Chris\Start Menu\Programs\Startup\
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [6/9/2008 6:31:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup
????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashIcon]
C:\Program Files\Generic\USB Card Reader Driver v2.2e4\FlashIcon.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe




-- End of Deckard's System Scanner: finished at 2008-08-04 14:58:28 ------------


COMBOFIX LOG:
ComboFix 08-08-03.05 - Chris 2008-08-04 14:45:37.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.972 [GMT -4:00]
Running from: C:\Documents and Settings\Chris\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Chris\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Chris\Application Data\macromedia\Flash Player\#SharedObjects\PSMR9Y5T\interclick.com
C:\Documents and Settings\Chris\Application Data\macromedia\Flash Player\#SharedObjects\PSMR9Y5T\interclick.com\ud.sol
C:\Documents and Settings\Chris\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Chris\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Chris\Favorites\Error Cleaner.url
C:\Documents and Settings\Chris\Favorites\Privacy Protector.url
C:\Documents and Settings\Chris\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\BM1bb851f3.txt
C:\WINDOWS\BM1bb851f3.xml
C:\WINDOWS\eefq.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\scins.dll
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\ssqRJbca.dll
C:\WINDOWS\system32\uEeNonnn.ini
C:\WINDOWS\system32\uEeNonnn.ini2
C:\WINDOWS\system32\xxyyxyWO.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-04 13:31 . 2008-08-04 14:09 <DIR> dr-h----- C:\$VAULT$.AVG
2008-08-04 12:37 . 2008-08-04 12:37 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-04 12:16 . 2008-08-04 12:16 86 --a------ C:\WINDOWS\wininit.ini
2008-08-04 11:36 . 2004-06-03 07:36 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-08-04 11:36 . 2004-06-03 07:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-08-04 11:36 . 2004-06-03 07:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-08-04 11:36 . 2004-06-03 07:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-08-04 11:36 . 2008-08-04 11:36 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-04 11:21 . 2008-08-04 07:01 233,472 --a------ C:\WINDOWS\xokvrpwg.dll
2008-08-04 11:21 . 2008-08-04 07:01 200,704 --a------ C:\WINDOWS\tfnslopk.dll
2008-08-04 11:21 . 2008-08-04 07:01 86,016 --a------ C:\WINDOWS\lnvegaow.exe
2008-07-28 18:18 . 2008-07-28 18:40 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Music Editor Free
2008-07-28 18:16 . 2005-03-29 07:57 2,084,864 --a------ C:\WINDOWS\system32\NCTAudioDesign2.dll
2008-07-28 18:16 . 2004-11-04 13:31 835,584 --a------ C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2008-07-28 18:16 . 2005-03-28 15:56 417,792 --a------ C:\WINDOWS\system32\NCTAudioDisplay2.dll
2008-07-22 20:16 . 2008-07-22 20:16 <DIR> d-------- C:\Program Files\uTorrent
2008-07-22 20:16 . 2008-08-04 10:53 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\uTorrent
2008-07-21 22:51 . 2008-07-21 22:51 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Kazaa Lite
2008-07-21 21:56 . 2008-07-21 21:56 <DIR> d-------- C:\WINDOWS\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 18:04 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-04 17:57 --------- d-----w C:\Documents and Settings\Chris\Application Data\AVG7
2008-08-04 11:55 --------- d-----w C:\Documents and Settings\Chris\Application Data\OpenOffice.org2
2008-07-28 23:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-24 12:34 --------- d-----w C:\Program Files\Serif
2008-07-24 12:29 --------- d-----w C:\Program Files\OpenLibraries
2008-07-23 11:36 --------- d-----w C:\Documents and Settings\Chris\Application Data\LimeWire
2008-07-16 03:33 --------- d-----w C:\Documents and Settings\Chris\Application Data\gtk-2.0
2008-07-02 00:21 --------- d-----w C:\Program Files\Inkscape
2008-07-02 00:21 --------- d-----w C:\Documents and Settings\Chris\Application Data\Inkscape
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 15:59 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 00:31 --------- d-----w C:\Program Files\Verizon Wireless
2008-06-10 00:31 --------- d-----w C:\Program Files\CURITEL
2008-06-09 22:33 --------- d-----w C:\Documents and Settings\Chris\Application Data\Smith Micro
2008-05-05 02:33 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-05 02:33 249,856 ------w C:\WINDOWS\Setup1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]

C:\Documents and Settings\Chris\Start Menu\Programs\Startup\
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-06-09 18:31:00 1733936]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-01-28 14:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2007-12-27 09:06 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2003-08-15 10:59 70816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashIcon]
--a------ 2004-01-14 18:16 49152 C:\Program Files\Generic\USB Card Reader Driver v2.2e4\FlashIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2002-12-09 20:19 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
--a------ 2003-08-16 04:24 124096 C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-06-03 05:18 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2004-06-03 05:21 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-11-01 12:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 13:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2003-10-31 10:46 499712 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2003-10-31 10:46 98304 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2007-12-04 22:55 26112 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-12-04 12:18 64000 C:\WINDOWS\soundman.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 HSFHWVIA;HSFHWVIA;C:\WINDOWS\system32\DRIVERS\HSFHWVIA.sys [2003-09-22 05:29]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);C:\WINDOWS\system32\DRIVERS\PTDWBus.sys [2007-04-06 03:49]
S3 PTDWMdm;Curitel PC Card Drivers (UDP);C:\WINDOWS\system32\DRIVERS\PTDWMdm.sys [2007-04-06 03:49]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);C:\WINDOWS\system32\DRIVERS\PTDWVsp.sys [2007-04-06 03:49]
S3 PWCTLDRV;The NECHostController Filter Driver;C:\WINDOWS\system32\drivers\PWCTLDRV.sys [2007-04-09 01:25]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pwi_bus.sys []
S3 pwi_mdfl;Curitel PC Card Filter;C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys []
S3 pwi_mdm;Curitel PC Card Drivers;C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys []
S3 pwi_oflt;Curitel PC Card OHCI Filter;C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys []
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\pwi_serd.sys []
.
Contents of the 'Scheduled Tasks' folder

2004-06-03 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-06-19 10:17]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0E41E372-C9A7-4886-A012-A62BEF929ABD} - C:\WINDOWS\system32\nnnoNeEu.dll
Notify-yayxyvwx - yayxyvwx.dll
MSConfigStartUp-ares - C:\Program Files\Ares\Ares.exe
MSConfigStartUp-Orb - C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
MSConfigStartUp-RoxioAudioCentral - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
MSConfigStartUp-RoxioDragToDisc - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
MSConfigStartUp-RoxioEngineUtility - C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe
MSConfigStartUp-Search Defender - C:\Program Files\Speeditup Free\SearchDefender.exe
MSConfigStartUp-SpeedItUpEX - C:\Program Files\Speeditup Free\SpeedItUp.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\dichiijw.default\
FF -: plugin - C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\dichiijw.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npoji610.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 14:49:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Completion time: 2008-08-04 14:53:42 - machine was rebooted [Chris]
ComboFix-quarantined-files.txt 2008-08-04 18:53:37

Pre-Run: 44,955,881,472 bytes free
Post-Run: 43,963,359,232 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

203 --- E O F --- 2008-08-04 18:06:18

Edited by hoffemail, 04 August 2008 - 02:08 PM.


BC AdBot (Login to Remove)

 


m

#2 hoffemail

hoffemail
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 04 August 2008 - 09:07 PM

I've ran everything I know of to run.

It says I am connected to my wireless router. But Firefox or IE won't connect to anything.

Any ideas. I'm desperate

Thanks

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:22 AM

Posted 16 August 2008 - 05:04 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please see here for instructions
how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.

Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with HijackThis log and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:22 AM

Posted 21 August 2008 - 03:40 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users