Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Connect to Internet After Infection


  • This topic is locked This topic is locked
3 replies to this topic

#1 joshvc

joshvc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 25 April 2009 - 11:07 AM

Hi all, I just want to plead to anyone who might can offer some help - it would be most appreciated. I looked around, and read the other topic close to this one with another user who is unable to log onto the internet, but did not find anything I thought would help me. So far I have not been able to find a name for the infection.

I'm on Windows XP, have DSL with a westell modem and will be posting a Hijackthis log in just a second but I'll explain what all happened first.

Yesterday, against my better judgment, I opened a setup.exe file from a less than reputable site I found through a google search. I had scanned the file first with AVG, then malwarebites and thought I would be alright even if it was a trick, as I've struggled and removed malwares many times in the past. How wrong I was. After opening the file I received an error that said something along the lines of "File not compatible with this version of Windows", so I hit OK and immediately the computer restarted. I knew something bad was up, but had an even worse feeling when it started to boot back up and I saw a few screens (including a blue screen after the boot options screen, that abruptly changed) that I didn't recognize.

So, right before Windows came back up - the computer rebooted again. This time it actually made it all the way to windows, but takes forever for the desktop to load. Right after logging into my user (admin), I see my desktop wallpaper - but the icons just take roughly three to four minutes to load. In that time, I hear a Windows error-noise. Each time I end up clicking the Windows button and hitting CTRL+ALT+DEL, and it actually appears to speed up the process of the desktop actually loading - but that could just be my imagination.

After that, I get this error from Symantec:

Symantec Email Proxy
TCP/IP is not installed. Disable email scanning in your symantec product options or install TCP/IP.
1003-3

So, after everything boots up and I close the symantec error and open either Internet Explorer or Firefox - I get nothing. Just a cannot connect error. Now, here's my Hijackthis log which probably isn't the solution to my problems but maybe it'll help point someone in the right direction:

-----------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:05 PM, on 4/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.variedcelluloid.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6FB8FFD4-5448-46E1-9E19-59B5F4887D3E} - \
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: spellchecker - C:\Program Files\Autospell60\IEspellchecker.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5A9D4578-6649-4692-921B-ACA9ADAB007C} (UFC Class) - http://evideo.ufc.com/ufc/cabfiles/UFC_3_6_0_6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238571698386
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://evideo.ufc.com/ufc/cabfiles/Entriq_...0_15_Silent.cab
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Documents and Settings\Owner\Desktop\security suite\ewidoctrl.exe (file missing)
O23 - Service: Icecast-trunk Streaming Media Server (Icecast-trunk) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pdccpulcace - VSO Software - (no file)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 11954 bytes
-------------------------------------------------------------------------------------------------

Any help you guys can provide would be very much appreciated. So far, I updated AVG and Malwarebites through a jumpdrive, scanned it with both and found a few errors that were fixed but have not stopped any of the problems. I've also ran Combofix, with the same results. I'm completely lost on this one - and I really suck with network stuff to boot, which I'm assuming I'll have to delve into for this problem. Just goes to show you, never open anything you're not 100% sure of!

BC AdBot (Login to Remove)

 


#2 joshvc

joshvc
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 25 April 2009 - 11:11 PM

Well, I tried running DDS but after clicking on the file all I could get is "System Cannot Find the File Specified". Kind of odd. So, I ran combofix and got a new log from it. So, here's that:

-----------------------------------------------------------------------------------------------------------------------------

ComboFix 09-01-21.04 - Owner 2009-04-25 21:35:15.4 - NTFSx86 MINIMAL
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-03-26 to 2009-04-26 )))))))))))))))))))))))))))))))
.

2009-04-25 00:03 . 2009-04-25 00:11 <DIR> d-------- C:\Rustbfix
2009-04-24 13:27 . 2009-04-24 13:27 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\AVG7
2009-04-24 13:05 . 2009-04-24 13:05 <DIR> d-------- c:\program files\DAEMON Tools Pro
2009-04-24 13:05 . 2009-04-24 13:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-04-24 12:52 . 2009-04-24 12:52 <DIR> d-------- c:\documents and settings\Owner\Application Data\DAEMON Tools Pro
2009-04-24 12:52 . 2009-04-24 12:52 721,904 --a------ c:\windows\system32\drivers\sptd.sys
2009-04-23 14:50 . 2009-04-23 14:50 171 --a------ c:\windows\icecast2.ini
2009-04-23 14:46 . 2009-04-23 14:46 <DIR> d-------- c:\program files\Icecast2 Win32
2009-04-23 14:42 . 2009-04-23 14:52 <DIR> d-------- c:\documents and settings\Owner\Application Data\vlc
2009-04-23 14:41 . 2009-04-23 23:42 <DIR> d-------- c:\program files\VideoLAN
2009-04-15 14:41 . 2009-04-15 14:41 1,409 --a------ c:\windows\system32\tmpDF093.FOT
2009-04-15 14:41 . 2009-04-15 14:41 1,409 --a------ c:\windows\system32\tmpD8393.FOT
2009-04-15 14:41 . 2009-04-15 14:41 1,409 --a------ c:\windows\system32\tmpB5193.FOT
2009-04-15 14:41 . 2009-04-15 14:41 1,409 --a------ c:\windows\system32\tmp9B193.FOT
2009-04-15 14:41 . 2009-04-15 14:41 1,409 --a------ c:\windows\system32\tmp93493.FOT
2009-04-15 14:41 . 2009-04-15 14:41 1,409 --a------ c:\windows\system32\tmp70293.FOT
2009-04-15 14:41 . 2009-04-15 14:41 1,409 --a------ c:\windows\system32\tmp4EF83.FOT
2009-04-15 14:41 . 2009-04-15 14:41 1,409 --a------ c:\windows\system32\tmp46293.FOT
2009-04-15 14:41 . 2009-04-15 14:41 1,409 --a------ c:\windows\system32\tmp2C293.FOT
2009-04-15 14:41 . 2009-04-15 14:41 1,409 --a------ c:\windows\system32\tmp08093.FOT
2009-04-15 14:41 . 2009-04-15 14:41 1,409 --a------ c:\windows\system32\tmp03393.FOT
2009-04-09 19:54 . 2009-04-09 19:54 1,409 --a------ c:\windows\system32\tmpE8242.FOT
2009-04-09 19:54 . 2009-04-09 19:54 1,409 --a------ c:\windows\system32\tmpD9032.FOT
2009-04-09 19:54 . 2009-04-09 19:54 1,409 --a------ c:\windows\system32\tmpD8612.FOT
2009-04-09 19:54 . 2009-04-09 19:54 1,409 --a------ c:\windows\system32\tmpAB7F1.FOT
2009-04-09 19:54 . 2009-04-09 19:54 1,409 --a------ c:\windows\system32\tmp62D02.FOT
2009-04-09 19:54 . 2009-04-09 19:54 1,409 --a------ c:\windows\system32\tmp5AF12.FOT
2009-04-09 19:54 . 2009-04-09 19:54 1,409 --a------ c:\windows\system32\tmp59932.FOT
2009-04-09 19:54 . 2009-04-09 19:54 1,409 --a------ c:\windows\system32\tmp41C42.FOT
2009-04-09 19:54 . 2009-04-09 19:54 1,409 --a------ c:\windows\system32\tmp27302.FOT
2009-04-09 19:54 . 2009-04-09 19:54 1,409 --a------ c:\windows\system32\tmp11822.FOT
2009-04-09 19:54 . 2009-04-09 19:54 1,409 --a------ c:\windows\system32\tmp00FE1.FOT
2009-04-02 19:37 . 2009-04-24 13:13 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-04-02 03:17 . 2009-04-02 03:17 <DIR> d-------- c:\program files\MSXML 6.0
2009-04-02 01:23 . 2009-04-02 01:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\SpeedBit
2009-04-01 13:38 . 2009-04-01 13:38 <DIR> d-------- c:\documents and settings\Owner\Application Data\Xilisoft Corporation
2009-04-01 13:34 . 2008-06-13 08:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-04-01 13:34 . 2008-06-13 08:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-04-01 13:25 . 2008-12-20 18:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-04-01 13:25 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-04-01 13:25 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-01 13:25 . 2008-12-20 18:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-04-01 13:25 . 2008-12-20 18:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-04-01 13:25 . 2008-12-20 18:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-04-01 13:25 . 2008-12-20 18:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-04-01 13:25 . 2008-12-20 18:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-01 13:25 . 2008-12-19 04:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-04-01 02:43 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-04-01 02:43 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-04-01 02:43 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-04-01 02:43 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 05:17 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-25 01:52 --------- d-----w c:\documents and settings\Owner\Application Data\AVG7
2009-04-24 18:20 42,688 ----a-w c:\windows\system32\drivers\tdtcp.sys
2009-04-24 18:20 42,688 ----a-w c:\windows\system32\drivers\tdpipe.sys
2009-04-24 18:20 42,688 ----a-w c:\windows\system32\drivers\scdemu.sys
2009-04-24 18:20 42,688 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-24 18:17 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2009-04-24 09:50 --------- d-----w c:\documents and settings\Owner\Application Data\Vso
2009-04-20 02:24 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-04-16 15:43 --------- d-----w c:\documents and settings\Owner\Application Data\DVD Shrink
2009-04-16 00:25 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-15 03:16 --------- d-----w c:\program files\nbpro
2009-04-10 00:52 --------- d-----w c:\program files\The Rosetta Stone
2009-04-03 18:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-02 06:41 --------- d-----w c:\program files\DAP
2009-04-01 18:36 --------- d-----w c:\program files\Xilisoft
2009-04-01 18:34 --------- d-----w c:\program files\Maxis
2009-04-01 18:32 --------- d-----w c:\program files\Womble MPEG Editor
2009-04-01 18:32 --------- d-----w c:\program files\MediaMonkey
2009-04-01 18:29 --------- d-----w c:\program files\DVDlabPro
2009-04-01 18:29 --------- d-----w c:\program files\DVDlab
2009-04-01 18:28 --------- d-----w c:\program files\Coding Workshop
2009-04-01 18:26 --------- d-----w c:\program files\Avi2Dvd
2009-04-01 18:26 --------- d-----w c:\program files\AllToAVI
2009-04-01 18:25 --------- d-----w c:\program files\ElcomSoft
2009-04-01 18:08 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-03-26 21:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 21:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-20 18:56 --------- d-----w c:\program files\LimeWire
2008-12-25 19:04 0 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2008-09-13 22:51 47,360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
2006-10-12 02:50 2,352 ----a-w c:\documents and settings\Owner\Application Data\mpauth.dat
2006-06-23 03:04 248 ----a-w c:\documents and settings\Owner\n.bat
2006-05-17 06:20 17 ----a-w c:\program files\d.bat
2003-11-03 22:07 499,712 ----a-w c:\program files\msvcp71.dll
2003-11-03 22:07 348,160 ----a-w c:\program files\msvcr71.dll
2003-05-30 14:22 344,064 ----a-r c:\program files\msvcr70.dll
2002-01-05 08:40 487,424 ----a-w c:\program files\msvcp70.dll
2005-10-12 06:16 12,208 --sha-w c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\ndis.sys
2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
2004-08-04 14:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys
2009-04-24 13:20 42688 0e5dedc29615f43c3233ec07c973d9bb c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 368,706 2002-09-11 02:26:26 c:\program files\BroadJump\Client Foundation\bak\CFD.exe

----a-w 58,992 2005-07-15 03:16:00 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 58,488 2004-08-13 19:17:38 c:\program files\Common Files\Symantec Shared\ccApp.exe

----a-w 106,496 2003-09-04 02:33:54 c:\program files\Lexmark 3100 Series\bak\lxbrbmgr.exe

----a-w 294,912 2003-06-13 14:57:18 c:\program files\Lexmark 3100 Series\bak\LXBRKsk.exe

----a-w 303,104 2005-09-23 00:29:08 c:\program files\McAfee.com\Agent\bak\mcagent.exe

----a-w 212,992 2006-01-11 18:05:42 c:\program files\McAfee.com\Agent\bak\mcupdate.exe

----a-w 11,776 2005-05-10 21:04:50 c:\program files\Musicmatch\Musicmatch Jukebox\bak\mimboot.exe

----a-w 131,072 2004-06-04 04:51:54 c:\program files\NVIDIA Corporation\NvMixer\bak\NVMixerTray.exe

----a-w 155,648 2006-03-02 02:37:38 c:\program files\QuickTime\bak\qttask.exe
----a-w 385,024 2008-02-01 05:13:08 c:\program files\QuickTime\QTTask.exe

----a-w 26,112 2004-01-14 19:53:43 c:\program files\Real\RealPlayer\bak\RealPlay.exe
----a-w 214,448 2007-03-14 01:07:42 c:\program files\Real\RealPlayer\realplay.exe

----a-w 100,056 2005-05-29 03:24:54 c:\program files\SymNetDrv\bak\SNDMon.exe

----a-w 245,760 2006-09-29 07:27:35 c:\program files\Trojan Remover\bak\Trjscan.exe

----a-w 1,089,024 2005-02-19 21:36:48 c:\program files\TrojanHunter 4.2\bak\THGuard.exe

----a-w 212,992 2002-09-13 20:42:26 c:\windows\SMINST\bak\RECGUARD.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FB8FFD4-5448-46E1-9E19-59B5F4887D3E}]
2009-04-25 21:35 0 d-ahs---- \

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [N/A]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-13 58488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-08-13 5562368]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-25 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.DIV3"= DivXc32.dll
"VIDC.DIV4"= DivXc32f.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^afktk.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\afktk.exe
backup=c:\windows\pss\afktk.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AutoBackup Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\AutoBackup Launcher.lnk
backup=c:\windows\pss\AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Morpheus.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Morpheus.lnk
backup=c:\windows\pss\Morpheus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TA_Start.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\TA_Start.lnk
backup=c:\windows\pss\TA_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Zeno.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Zeno.lnk
backup=c:\windows\pss\Zeno.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Z_Start.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Z_Start.lnk
backup=c:\windows\pss\Z_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-03-19 17:17 78960 c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoSpell]
--a------ 2004-03-17 06:45 118784 c:\program files\Autospell60\autospel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2009-03-31 19:26 590848 c:\progra~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-08-13 14:17 58488 c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpue]
c:\windows\system32\RACLE~1\regedit.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
c:\\dfndra.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dljlf]
c:\windows\system32\hwxser.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
--a------ 2003-07-25 11:15 536576 c:\program files\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
c:\program files\Free Download Manager\fdm.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftexc]
c:\windows\system32\mptft.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhl7RfpJ]
c:\windows\system32\ssn6tuu.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hocjep]
c:\windows\system32\hwxser.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ifnqvkeA]
c:\windows\ifnqvkeA.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
c:\\kybrd.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\progra~1\mcafee.com\agent\mcagent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\progra~1\mcafee.com\agent\McUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager]
c:\windows\system32\totbutwx.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-05-10 16:04 110592 c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-08-13 19:04 5562368 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-06-02 16:03 1957888 c:\progra~1\Ahead\NEROBA~1\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net]
c:\progra~1\NEWDOT~1\NEWDOT~1.DLL [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
c:\\nwnm.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewsRaider]
--a------ 2005-05-11 12:16 1814528 c:\program files\NewsRaider\NewsRaider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-07-07 02:34 167936 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-03-13 20:07 214448 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--------- 2002-02-04 23:32 53248 c:\program files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 22:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
--a------ 2007-04-26 19:03 2693248 c:\program files\Enigma Software Group\SpyHunter\SpyHunter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
--a------ 2004-07-25 14:45 1277952 c:\program files\Support.com\BellSouth\hcenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
c:\windows\SYSC00.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
c:\program files\TrojanHunter 4.2\THGuard.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tinySpell]
c:\program files\tinySpell\tinyspell.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToneThis]
--a------ 2007-06-26 17:26 675840 c:\program files\ToneThis 3.0\ToneThis.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
c:\program files\Trojan Remover\Trjscan.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UFC Media Manager Tray]
--a------ 2007-03-12 23:15 387152 c:\program files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-01 23:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 13:29 35328 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wwozicmA]
c:\windows\wwozicmA.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
--a------ 2004-10-19 04:00 114688 c:\program files\McAfee\McAfee AntiSpyware\Msscli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{C9-95-57-73-ZN}]
c:\windows\system32\pqdsregj.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csr]
csrrs.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-07-12 04:50 843776 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3c3af7d.dll]
w3c3af7d.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"mspeupx.exe"= mspeupx.exe:mspeupx
"c:\\Program Files\\BPFTP Server\\bpftpserver.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27441:TCP"= 27441:TCP:BitComet 27441 TCP
"27441:UDP"= 27441:UDP:BitComet 27441 UDP

R1 ewido security suite driver;ewido security suite driver; [x]
R1 gcvcd;gcvcd; [x]
R1 SydexFDD;Sydex Diskette Driver; [x]
R2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files\Icecast2 Win32\icecastService.exe [2008-05-24 417792]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2005-09-20 2368]
R3 HPUATA;HP CD Writer Plus Controller Driver;c:\windows\system32\DRIVERS\HPUATA.sys [2001-09-24 75776]
R3 MAC607;MAC607 Filter;c:\windows\system32\DRIVERS\MAC607.sys [2007-03-05 22144]
R3 Pdccpulcace;Pdccpulcace; [x]
R3 samhid;samhid;c:\windows\system32\drivers\samhid.sys [2006-01-06 7548]
R3 XBox;XBox Filter;c:\windows\system32\DRIVERS\XBox.sys [2007-03-05 22528]


--- Other Services/Drivers In Memory ---

*Deregistered* - abp480n5
*Deregistered* - adpu160m
*Deregistered* - agp440
*Deregistered* - agpCPQ
*Deregistered* - Aha154x
*Deregistered* - aic78u2
*Deregistered* - aic78xx
*Deregistered* - AliIde
*Deregistered* - alim1541
*Deregistered* - amdagp
*Deregistered* - amsint
*Deregistered* - asc
*Deregistered* - asc3350p
*Deregistered* - asc3550
*Deregistered* - AvgClean
*Deregistered* - cbidf
*Deregistered* - cd20xrnt
*Deregistered* - CmdIde
*Deregistered* - Cpqarray
*Deregistered* - CryptSvc
*Deregistered* - dac2w2k
*Deregistered* - dac960nt
*Deregistered* - DcomLaunch
*Deregistered* - dpti2o
*Deregistered* - Fastfat
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - giveio
*Deregistered* - helpsvc
*Deregistered* - hpn
*Deregistered* - i2omp
*Deregistered* - ini910u
*Deregistered* - IntelIde
*Deregistered* - KSecDD
*Deregistered* - mcdbus
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - mraid35x
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - PartMgr
*Deregistered* - perc2
*Deregistered* - perc2hib
*Deregistered* - ql1080
*Deregistered* - Ql10wnt
*Deregistered* - ql12160
*Deregistered* - ql1240
*Deregistered* - ql1280
*Deregistered* - RpcSs
*Deregistered* - sisagp
*Deregistered* - Sparrow
*Deregistered* - speedfan
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - swenum
*Deregistered* - sym_hi
*Deregistered* - sym_u3
*Deregistered* - symc810
*Deregistered* - symc8xx
*Deregistered* - TermDD
*Deregistered* - TosIde
*Deregistered* - ultra
*Deregistered* - Update
*Deregistered* - Vax347b
*Deregistered* - Vax347s
*Deregistered* - VgaSave
*Deregistered* - viaagp
*Deregistered* - ViaIde
*Deregistered* - VolSnap
*Deregistered* - winmgmt
*Deregistered* - WudfPf

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31cce11b-f8d3-11dd-bb28-0040ca2072c2}]
\Shell\AutoRun\command - E:\InstallSeagateManager.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eb81a13-ffd9-11d9-a432-0040ca2072c2}]
\Shell\AutoRun\command - F:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaa974b8-7521-11dc-bab0-806d6172696f}]
\shell\PlayWithPowerDVD\Command - "c:\program files\CyberLink\PowerDVD\PowerDVD.exe" "%L"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe5ed77b-4ea1-11dd-bad0-0040ca2072c2}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-18 c:\windows\Tasks\McAfee AntiSpyware.job
- c:\progra~1\McAfee\MCAFEE~1\McSpy.exe [2004-10-19 04:00]

2009-04-18 c:\windows\Tasks\McAfee AntiSpyware.job
- c:\progra~1\McAfee\MCAFEE~1 [2005-10-20 01:19]

2009-04-18 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-10-19 12:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.variedcelluloid.net/
uDefault_Search_URL = hxxp://ie.search.msn.com
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: spellchecker - c:\program files\Autospell60\IEspellchecker.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: musicmatch.com\online
DPF: {5A9D4578-6649-4692-921B-ACA9ADAB007C} - hxxp://evideo.ufc.com/ufc/cabfiles/UFC_3_6_0_6.cab
DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://evideo.ufc.com/ufc/cabfiles/Entriq_3_6_0_15_Silent.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ywrfkgvy.default\
FF - prefs.js: browser.startup.homepage - hxxp://retailer.installationexcellence.com/select_vehicle.aspx?RetailerId=1944&sid=C269B6BF-0596-4EB0-BE79-59FB7FE992C2
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 21:36:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:e7,b2,60,cf,eb,ac,ce,ec,22,9a,ee,f2,0d,25,c1,13,f7,05,b3,15,3d,
fc,2d,fb,1a,02,52,30,c9,1b,cd,ad,57,46,16,9c,ba,5f,35,2b,d5,ff,20,56,05,3c,\

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2454552:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{F725210F-FC7C-09D2-C665-01FFF4089F2D}\Version 1.1]
@DACL=
"dat"="806585365:{4C010691-B0EE-89AA-3A26-7BDF61D4376F}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2454573:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{1912DC2D-0D74-C112-1FE7-53F916F48783}*\Install*Loc\xga-1\dat]
@DACL=
"default"="516231227:{FA80A208-3A52-0D73-03E4-D0654479251A}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{F725210F-FC7C-09D2-C665-01FFF4089F2D}\Version 3.x]
@DACL=
"dat"="1767914624:{6E6C30C7-51C6-D395-401E-DE9F843BC12B}"

[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver]
@DACL=
"KnownSvcs"="923715268:{483F962A-E273-7BF8-A12C-D53D19FA4B7E}"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:e7,b2,60,cf,eb,ac,ce,ec,22,9a,ee,f2,0d,25,c1,13,f7,05,b3,15,3d,
fc,2d,fb,1a,02,52,30,c9,1b,cd,ad,57,46,16,9c,ba,5f,35,2b,d5,ff,20,56,05,3c,\

[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{158ED30C-8BC9-CC79-B8F4-B8DFAAF6C7D0}\xga-1\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234522384:{CC204574-4011-0EE4-B988-C62FC63BDF0D}"

[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="7:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
Completion time: 2009-04-25 21:54:06
ComboFix-quarantined-files.txt 2009-04-26 02:53:44
ComboFix2.txt 2009-04-25 01:49:28
ComboFix3.txt 2009-01-28 16:51:45

Pre-Run: 3,581,714,432 bytes free
Post-Run: 3,571,187,712 bytes free

508 --- E O F --- 2009-04-24 08:00:31

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:07:35 PM

Posted 07 May 2009 - 08:55 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Since you cannot run DDS, please post a fresh HJT log as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Do not run COMBOFIX again. Note the warning at the top of this page.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:07:35 PM

Posted 12 May 2009 - 06:23 PM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users