Experiencing inability to load certain antivirus websites like safer-networking.com [Archive]

View Full Version : Experiencing inability to load certain antivirus websites like safer-networking.com

unwilling

2009-01-26, 10:30

possibly zlob dnschanger trojan i may have used a program to track down the registry keys and i removed them "aquaplay" was the key name used
Sorry if this doesn't look right, i did everything just like the post said to

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:43 AM, on 1/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\ircN\system\mirc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.11.200/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/us/en/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: ircN.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184456900817
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183586350750
O17 - HKLM\System\CCS\Services\Tcpip\..\{52789839-819F-46C4-8E04-36B5FF591F32}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 9229 bytes

unwilling

2009-01-26, 11:02

Access Help
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
Apple Software Update
AviSynth 2.5
Codec Pack - All In 1 6.0.3.0
Diskeeper Lite
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Easy Video to MP4 Converter 1.3.2
eMedia Beginner Guitar Lessons
ERUNT 1.1j
Google Toolbar for Firefox
GOTCHA! 3.0
GPGNet
GPL MPEG-1/2 DirectShow Decoder Filter
Help Center
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HSF2014 56K Data Fax Modem
InLink
InterVideo WinDVD
InterVideo WinDVD Creator 3
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Lenovo Care
Lenovo Care Supplement
Lenovo Care System Update Toolbar Button for IE
Logitech SetPoint
MediaLife
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 7
neroxml
NVIDIA Drivers
NVIDIA nTune
NVIDIA PhysX
NZBLeecher
Oblivion
OpenOffice.org Installer 1.0
PC-Doctor 5 for Windows
Picasa 2
PowerISO
QuickTime
RarZilla Free Unrar 1.00
Rescue and Recovery
Roxio Digital Media LE
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SatFinder Portable - Scenery Beta 2008 Edition 1.3.2
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Sonic Icons for Lenovo
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Steam
Supreme Commander
System Update
ThinkVantage Technologies Welcome Message
TightVNC 1.3.9
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VideoLAN VLC media player 0.8.6a
Wallpapers
Winamp
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
XP Themes

unwilling

2009-01-26, 11:57

i hate to say it but i am an impatient person sometimes...:oops:
i ran combofix! it works! i can now surf freely again...i'm sure i have other viruses can someone look at this log from combofix and just tell me my credit cards are going to be okay? i may have already been a victim of credit fraud...i use my social security number often on this computer because i am unemployed and it is a requirement of unemployment for me to enter it in every time i claim...oh god i hope someone doesn't have a credit card or something in my name...i'm only 27 don't know if i could recover from something like that

anyways... here's my combofix log help if you can...sorry bout the bump but i'm just looking at similar posts just like the original post says not to do lol!:angel:

ComboFix 09-01-21.04 - key 2009-01-26 2:37:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1688 [GMT -8:00]
Running from: c:\documents and settings\key\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\gaopdxsmpyvypu.sys
c:\windows\system32\drivers\gaopdxxujngwrq.sys
c:\windows\system32\gaopdxpqyiowyl.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((( Files Created from 2008-12-26 to 2009-01-26 )))))))))))))))))))))))))))))))
.

2009-01-26 00:57 . 2009-01-26 00:57 <DIR> d-------- c:\program files\Trend Micro
2009-01-26 00:44 . 2009-01-26 00:45 <DIR> d-------- c:\program files\ERUNT
2009-01-26 00:28 . 2009-01-26 00:46 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-25 23:21 . 2009-01-25 23:21 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-01-25 23:21 . 2009-01-25 23:21 1,152 --a------ c:\windows\system32\windrv.sys
2009-01-25 19:31 . 2009-01-25 19:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Media Center Programs
2009-01-25 19:18 . 2009-01-25 19:18 <DIR> d-------- c:\documents and settings\key\Application Data\InstallShield
2009-01-25 04:49 . 2009-01-25 04:49 <DIR> d-------- c:\program files\QuickTime
2009-01-25 04:49 . 2009-01-25 04:49 <DIR> d-------- c:\program files\Apple Software Update
2009-01-25 04:49 . 2009-01-25 04:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-25 02:40 . 2009-01-25 02:40 <DIR> d-------- c:\windows\system32\AGEIA
2009-01-25 02:40 . 2009-01-25 02:40 <DIR> d-------- c:\program files\DIFX
2009-01-25 02:40 . 2009-01-25 02:40 <DIR> d-------- c:\program files\AGEIA Technologies
2009-01-25 02:40 . 2006-07-01 22:39 36,864 --a------ c:\windows\system32\drivers\AmdK8.sys
2009-01-25 02:39 . 2009-01-25 02:42 <DIR> d-------- c:\windows\NV1843424.TMP
2009-01-24 02:33 . 2009-01-24 02:35 <DIR> d-------- c:\windows\NV27123340.TMP
2009-01-23 23:52 . 2009-01-23 23:59 <DIR> d-------- c:\program files\pspvc
2009-01-23 23:52 . 2009-01-23 23:59 <DIR> d-------- c:\program files\AviSynth 2.5
2009-01-23 23:52 . 2009-01-23 23:59 22 --a------ c:\windows\pspvc_path.ini
2009-01-18 02:45 . 2009-01-18 02:45 <DIR> d-------- c:\windows\system32\scripting
2009-01-18 02:45 . 2009-01-18 02:45 <DIR> d-------- c:\windows\system32\en
2009-01-18 02:45 . 2009-01-18 02:45 <DIR> d-------- c:\windows\system32\bits
2009-01-18 02:45 . 2009-01-18 02:45 <DIR> d-------- c:\windows\l2schemas
2009-01-18 02:44 . 2009-01-18 02:44 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-18 02:41 . 2009-01-18 02:41 <DIR> d-------- c:\windows\EHome
2009-01-17 19:33 . 2008-10-15 17:00 1,499,136 --------- c:\windows\system32\dllcache\shdocvw.dll
2009-01-17 19:33 . 2008-10-15 17:00 619,520 --------- c:\windows\system32\dllcache\urlmon.dll
2009-01-17 19:32 . 2008-08-14 02:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-17 19:32 . 2008-08-14 02:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-17 19:32 . 2008-08-14 01:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-17 19:32 . 2008-08-14 01:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-17 19:32 . 2008-09-15 04:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2009-01-17 19:30 . 2008-04-11 11:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-01-17 19:30 . 2008-10-24 03:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-17 19:30 . 2008-10-15 08:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-01-17 19:30 . 2008-12-11 02:57 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-01-17 19:30 . 2008-05-01 06:33 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-01-15 08:19 . 2009-01-15 08:19 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax
2009-01-14 22:11 . 2009-01-14 22:11 268 ---h----- C:\sqmdata08.sqm
2009-01-14 22:11 . 2009-01-14 22:11 244 ---h----- C:\sqmnoopt08.sqm
2009-01-14 19:42 . 2009-01-14 19:42 268 ---h----- C:\sqmdata07.sqm
2009-01-14 19:42 . 2009-01-14 19:42 244 ---h----- C:\sqmnoopt07.sqm
2009-01-14 11:54 . 2009-01-14 11:54 268 ---h----- C:\sqmdata06.sqm
2009-01-14 11:54 . 2009-01-14 11:54 244 ---h----- C:\sqmnoopt06.sqm
2009-01-10 20:00 . 2009-01-10 20:00 <DIR> d-------- c:\program files\InPulse Team
2009-01-10 19:44 . 2009-01-10 19:44 268 ---h----- C:\sqmdata05.sqm
2009-01-10 19:44 . 2009-01-10 19:44 244 ---h----- C:\sqmnoopt05.sqm
2009-01-08 21:56 . 2009-01-08 21:56 268 ---h----- C:\sqmdata04.sqm
2009-01-08 21:56 . 2009-01-08 21:56 244 ---h----- C:\sqmnoopt04.sqm
2009-01-08 01:03 . 2009-01-08 01:03 268 ---h----- C:\sqmdata03.sqm
2009-01-08 01:03 . 2009-01-08 01:03 244 ---h----- C:\sqmnoopt03.sqm
2009-01-05 16:18 . 2009-01-05 16:18 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2009-01-05 16:18 . 2009-01-05 16:18 57,344 --a------ c:\windows\system32\QuickTime.qts
2009-01-05 10:16 . 2009-01-05 10:50 754 --------- c:\windows\WORDPAD.INI
2009-01-02 15:27 . 2009-01-02 15:27 <DIR> d-------- c:\program files\THQ
2008-12-31 18:19 . 2008-12-31 18:19 268 ---h----- C:\sqmdata02.sqm
2008-12-31 18:19 . 2008-12-31 18:19 244 ---h----- C:\sqmnoopt02.sqm
2008-12-31 18:14 . 2008-12-31 18:14 268 ---h----- C:\sqmdata01.sqm
2008-12-31 18:14 . 2008-12-31 18:14 244 ---h----- C:\sqmnoopt01.sqm
2008-12-31 18:12 . 2008-12-31 18:12 268 ---h----- C:\sqmdata00.sqm
2008-12-31 18:12 . 2008-12-31 18:12 244 ---h----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 10:42 --------- d-----w c:\program files\Steam
2009-01-26 03:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-26 00:46 --------- d-----w c:\program files\eMedia Beginner Guitar Lessons
2009-01-25 10:39 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-24 07:31 --------- d-----w c:\program files\VideoLAN
2009-01-20 13:05 361,600 ------w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-01-20 13:05 361,600 ------w c:\windows\system32\drivers\TCPIP.SYS
2009-01-20 12:53 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-20 10:08 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-19 21:08 --------- d-----w c:\program files\Common Files\Adobe
2009-01-19 02:54 --------- d-----w c:\program files\DivX
2009-01-15 16:19 6,301,248 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-01-10 04:31 49,152 ------w c:\documents and settings\key\ul_install.exe
2009-01-08 23:12 --------- d-----w c:\documents and settings\key\Application Data\dvdcss
2008-12-16 01:25 --------- d--h--r c:\documents and settings\key\Application Data\SecuROM
2008-12-11 10:57 333,952 ------w c:\windows\system32\drivers\srv.sys
2005-03-22 22:55 200,767 ------w c:\documents and settings\key\ul_format.exe
.

------- Sigcheck -------

2007-10-30 08:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 02:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 03:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 03:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 02:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2006-01-13 09:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$NtUninstallKB917953$\tcpip.sys
2007-05-08 10:19 360576 bb4d3a8e6f7eb1d370bc4ad27ab23368 c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2007-10-30 09:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2009-01-20 05:05 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\dllcache\TCPIP.SYS
2009-01-20 05:05 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2009-01-18 1410296]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-14 503808]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]
"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [2007-05-07 589824]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"MediaLifeService"="c:\program files\Logitech\MediaLife\MediaLifeService.exe" [2005-05-12 110739]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 c:\windows\KHALMNPR.Exe]

c:\documents and settings\key\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
ircN.lnk - c:\ircn\system\mirc.exe [2008-10-17 2810880]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-08-27 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-25 18:20 40448 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\ircN\\system\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R4 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]
R4 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-25 3456]
S3 Philipscam2;Philips 646 Digital Camera; Video;c:\windows\system32\drivers\philcam1.sys [2007-05-07 75776]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com c:
\Shell\Open\command - c:\resycled\ntldr.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\X]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com x:
\Shell\Open\command - x:\resycled\ntldr.com x:
.
Contents of the 'Scheduled Tasks' folder

2009-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
HKLM-Run-URLLSTCK.exe - c:\program files\Norton Internet Security\UrlLstCk.exe
HKLM-Run-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://192.168.11.200/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {52789839-819F-46C4-8E04-36B5FF591F32} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\key\Application Data\Mozilla\Firefox\Profiles\l35ioadh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 02:42:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll

- - - - - - - > 'lsass.exe'(980)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\rundll32.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-01-26 2:45:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-26 10:45:18

Pre-Run: 28,468,314,112 bytes free
Post-Run: 28,603,240,448 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

259 --- E O F --- 2009-01-19 07:49:54 :eek: