Services and Controller app has encountered a problem and needs to close

[NightDrifter]

Well, this is my problem... I boot up my Computer, load up Windows and then, after some seconds of waiting, a Message Box pops up, saying:

Services and Controller app has encountered a problem and needs to close

If not:

services.exe has encountered a problem and needs to close

Then, a shutdown timer starts. I heard it may be related to some malware, and searched on "Google", but didn't find any answers. Installed AND updated my software, but didn't fix anything.

I scanned my System with "Spyware Doctor" and "Malwarebytes' Anti-Malware", and they both found nothing.

I don't use/have/can't afford an Antivirus, and i just dislike "AVG" and "Avast!".

Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:27 PM, on 11/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Kerio\WinRoute Firewall\winroute.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kerio\WinRoute Firewall\avServer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Exploder
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live ????? ???? - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Badongo Toolbar - {eadb5c49-abd7-447d-81ee-d5245b6f3929} - C:\Program Files\Badongo Toolbar\toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: e&xportar a microsoft excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: send by bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: send via &message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O8 - Extra context menu item: upload linked file to badongo - C:\Program Files\Badongo Toolbar\uploadfile.html
O8 - Extra context menu item: upload this image to badongo - C:\Program Files\Badongo Toolbar\uploadimage.html
O9 - Extra button: Enviar a OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O13 - Gopher Prefix:
O16 - DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} (CKKeyPro Crypto support Class (CKNhnInst)) - http://www.hangame.com/common/CKKeyProInst.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://pubid.hangame.com/common/HanSetup1020.cab
O18 - Protocol: groovelocalgws - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: BlueSoleilCS (bluesoleilcs) - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS (bshelpcs) - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS (bsmobilecs) - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Imapi Helper (imapi helper) - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU (nmsaccessu) - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA (pnkbstra) - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB (pnkbstrb) - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
O23 - Service: Kerio WinRoute Firewall (winroute) - Kerio Technologies - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Zwunzi Service (zwunzi service) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Zwunzi\zwunzi121.exe (file missing)

--
End of file - 10939 bytes


There's something missing there, and it's quite obvious what it is.

I had to do "shutdown -a" in order to maintain the system. It took me a lot to get the browser working, because it just wouldn't launch, and the system is quite unstable without services.exe working, often crashing the whole OS.



Extra Information about this Computer:

It's mostly used for playing games, the system is barely average, not a gaming machine. It can play all of the newest games though, and i'm just happy with that.

It is also used for homework, although there's often no homework to do.

Any help is appreciated, i know i'm in capable hands here :

Thanks,

~NightDrifter

 

[Shaba]

Hi NightDrifter

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

 

[NightDrifter]

Here's the list you asked for:

µTorrent
7-Zip 4.65
Adobe Flash Player 10 Plugin
AI War
AI War: Fleet Command
America's Army 3
Ares 2.1.1
Ask Toolbar
ASRock WiFi-802.11g
Audiosurf
Badongo Toolbar v1.0
Battleforge
Blender (remove only)
Bluesoleil 6.4.249.0
CABAL Online
CDBurnerXP
Cheat Engine 5.5
ÇÑ°ÔÀÓ ÀÚµ¿ ÀνºÅç·¯
DAEMON Tools Toolbar
dBpoweramp m4a Codec
dBpoweramp Musepack Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Download Accelerator Plus (DAP)
Dxtory 1.0.79
FATAL/FAKE
Foxit Reader
Free Sound Recorder v8.1.1
GameSpy Arcade
Garry's Mod
Half-Life
Half-Life 2: Deathmatch
HashCheck Shell Extension (x86-32)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HyperCam 2
ISO Recorder
Java(TM) 6 Update 17
Junk Mail filter update
Left 4 Dead 2 Demo
LimeWire 5.3.6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Halo
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Groove MUI (Spanish) 2007
Microsoft Office InfoPath MUI (Spanish) 2007
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Silverlight
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 Redistributable
Modem Booster
Monster Hunter Frontier Online 9.1.7
Mozilla Firefox (3.5.5)
MSVCRT
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 6.0 Parser (KB927977)
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
ObjectDock
Open Command Prompt Shell Extension (x86-32)
Paint.NET v3.36
Project64 1.6
PunkBuster Services
Python 2.6.4
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Segoe UI
Skype web features
Skype™ 4.1
SlimDX Redistributable (March 2009)
Source Dedicated Server
Source SDK Base
SourceOP Beta Version 0.9.0.74
SourceOP DF_admins.txt Helper 1.0
SpeedBit Video Accelerator
SpeedBit Video Downloader
Spybot - Search & Destroy
Spyware Doctor 6.1
SpywareBlaster 4.2
Starcraft
Steam
Sven Co-op 4.0B
TeamSpeak 2 RC2
TeamViewer 4
Ultimate Paint 2.88 Freeware Edition
Unlocker 1.8.7
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.2
WindowBlinds
Windows Live ???
Windows Live ????? ??????
Windows Live ?????? ???
Windows Live ???????
Windows Live ???????
Windows Live Call
Windows Live Communications Platform
Windows Live Messenger
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinRAR archiver
XecureCK Keyboard Protector with E2E
Zombie Panic! Source
Zwunzi 1.0 build 121

 

[NightDrifter]

Sorry for the double post, but i forgot to mention:

I scanned my system with Spyware Doctor and detected a Trojan.Buzus a few minutes ago, i re-scanned 3 times, pressing "Fix problems" each time, and every time, the same results came up: Trojan.Buzus

Says something about a very high risk level, and it doesn't delete the Trojan. I kept repeating the scanning, and now, Trojan.Buzus doesn't show up anymore... But, i am aware that it might still be on my System, although i'm not sure it is related to my Issue.

Since Spyware Doctor could not delete this Trojan, i went to the C:\ folder, and deleted some files myself using the Eraser tool.

On the other hand, i use the Peer 2 Peer programs, to distribute my own homemade VB6 applications on the Internet, and on my LAN, via either a Torrent or LimeWire. Uninstalling them if needed is fine, as i don't make that much applications, and they arent used that much either.

Thanks,

~NightDrifter

 

[Shaba]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
Ares 2.1.1
LimeWire 5.3.6


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall also this:

Ask Toolbar

Please run a new uninstall list scan when finished and post the log back here.

 

[NightDrifter]

Done, uninstalled those four programs. Here's the list:

7-Zip 4.65
Adobe Flash Player 10 Plugin
AI War
AI War: Fleet Command
America's Army 3
ASRock WiFi-802.11g
Audiosurf
Badongo Toolbar v1.0
Battleforge
Blender (remove only)
Bluesoleil 6.4.249.0
CABAL Online
CDBurnerXP
Cheat Engine 5.5
ÇÑ°ÔÀÓ ÀÚµ¿ ÀνºÅç·¯
DAEMON Tools Toolbar
dBpoweramp m4a Codec
dBpoweramp Musepack Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Download Accelerator Plus (DAP)
Dxtory 1.0.79
EVEREST Corporate Edition v5.30
FATAL/FAKE
Foxit Reader
Free Sound Recorder v8.1.1
GameSpy Arcade
Garry's Mod
Half-Life
Half-Life 2: Deathmatch
HashCheck Shell Extension (x86-32)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HyperCam 2
ISO Recorder
Java(TM) 6 Update 17
Junk Mail filter update
Left 4 Dead 2 Demo
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Halo
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Groove MUI (Spanish) 2007
Microsoft Office InfoPath MUI (Spanish) 2007
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Silverlight
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 Redistributable
Modem Booster
Monster Hunter Frontier Online 9.1.7
Mozilla Firefox (3.5.5)
MSVCRT
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 6.0 Parser (KB927977)
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
ObjectDock
Open Command Prompt Shell Extension (x86-32)
Paint.NET v3.36
Project64 1.6
PunkBuster Services
Python 2.6.4
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Segoe UI
Skype web features
Skype™ 4.1
SlimDX Redistributable (March 2009)
Source Dedicated Server
Source SDK Base
SourceOP Beta Version 0.9.0.74
SourceOP DF_admins.txt Helper 1.0
SpeedBit Video Accelerator
SpeedBit Video Downloader
Spybot - Search & Destroy
Spyware Doctor 6.1
SpywareBlaster 4.2
Starcraft
Steam
Sven Co-op 4.0B
TeamSpeak 2 RC2
TeamViewer 4
Ultimate Paint 2.88 Freeware Edition
Unlocker 1.8.7
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.2
WindowBlinds
Windows Live ???
Windows Live ????? ??????
Windows Live ?????? ???
Windows Live ???????
Windows Live ???????
Windows Live Call
Windows Live Communications Platform
Windows Live Messenger
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinRAR archiver
XecureCK Keyboard Protector with E2E
Zombie Panic! Source
Zwunzi 1.0 build 121

So, what's the next procedure?

D:


Thanks

~NightDrifter

 

[Shaba]

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

 

[NightDrifter]

Guess it's done... This is the ComboFix log you asked for.



ComboFix 09-11-08.03 - Owner 11/09/2009 11:34.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1395 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
ADS - svchost.exe: deleted 31744 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Custom Settings\TaskBarCmd v1.1.exe
c:\documents and settings\Owner\Application Data\Desktopicon
c:\documents and settings\Owner\Application Data\Desktopicon\eBayShortcuts.exe
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\01d00098f732f640c6a5c8d431515b46.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\049497fd8947e722ae04b02eab871c18.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\067a9fd1541da872bb757c3da6a33d92.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\0783fa07a21528ab730a1df23334399c.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\0999dc9d92e75202025b885f39592438.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\0ba4ed06c78b5997716890d067fe2f51.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\0bb985ae9fc3a38262b3fd4c5cb03a3e.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\0ccc70e9bd23465e9e97d9445314fa13.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\0d5b5b246d05342352b6c776e1cf5212.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\11e75649feaf8ef009c4ed99aafe8310.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\1ba01a94a454af76ad1d723478b7127d.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\1ec397e7e85d3c521dc4c849c4e3ea0f.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\1f840d5d0d14655c624d157818b7003d.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\24c8b24d8a5c9889dac59d968fa1b8d8.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\251f27bb0e06e757f562bc1dc84a615f.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\25e9c02c9d769d249732f66e042c290e.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\28358b19588cf08bbb5de8b51850fe3a.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\288a0b7430370eb282f72b7e015c3c9a.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\28e51fb50e37beadbd134e4ae50e8f63.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\2a066ba87c16f28ec9819e3285252403.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\2c5a2cabd3b78548df720c3ee90efb41.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\2c86ccbe1c6e19b40bb8de244b0ba1e7.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\2d0afc3654f0a438f23598fb84be758c.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\2dfb42d5ca2c7ccc627743d095dfbac9.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\2eacacaddf4a71fe74de2b3f14074ac6.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\354c633ff9bf6fb3ecfad0ad65113c47.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\366a8f1bc352313a1074df76fdbce056.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\393e4d90773d8bbc9b905d903b618bdf.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\397bc65516fb1e815aa106a3d14d5305.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\3c1498e5ef362e757dc43d17482960f3.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\3ca41046bcb79924498d631f343d4371.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\461b3a8e7cfacb0c812e36aed9447c6d.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\46ceb001bfdc384ffe00657d8c567973.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\46eb2cd25804a00a1f22c69c4020c7e5.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\47d1dba34092ceb5412ac6f70c51e606.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\485d27cb769c9983f17e3d9eb5d03c5c.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\4b377d6eea3966e34c9a3ac2c647e5e5.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\4e216d83dc7da9779966ea4d31e236dd.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\4e6865e0bf7cf90244ce414917cc6556.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\51303604fcc7ede3ff317e6daac0c19a.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\52b483be9d71439ea530fb17638e5382.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\56613b7bd5cb1c3e01ecaa7a811022a9.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\59a83ef1238e50bddcc7caeb618d1824.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\59d3e0ea0c210c7674fea90f5382090c.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\5af1fa38e21413b7b2f5c6371f706543.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\5c5edcfe25ff895bc5c6a8d734710c5c.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\5f45a68915125fa8ad11a60ebffe29ee.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\6166b09fdf1ac1eaa1ae57a6eb20c03b.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\63eb5d17d60101356a7bbfdaae9afa57.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\654f8818ae39026c29f34808452fb02f.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\69482b1568b01b43c70d0ace76055f7e.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\6ab204a5ef9f916fe93d527a421ffdda.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\741983fb8768fa4d118c8ca59f82bb83.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\7cef98e862160d452cf773da8f4e2064.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\7f1d8b588793a67a9e8271b309c497c8.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\82724e37ddf746e5c798c9541a83d990.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\877d5ef68d1b6d7922fd09e955289803.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\8abcdf24b4bfa351f3b767c4232c6d02.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\91a1315c3d05215b1504e5899d32b936.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\9a40bf533c72981026081869543bbde2.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\9a846edeab464b62f0f2a74c54059f0b.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\9c5178781b9775c8036205fa67727330.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\9f9c2aa3ed1b1b0f922524c5a5260d1c.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\a26ba057241a8c2ae219a8db7335f51c.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\a67e0c2d6a842bf89983192c7e42d7c7.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\a9583053db1a9b326763e99e2321c517.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ad63fa05a8e976a9e0939831eb5ba308.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\b2c8a6ebad81932fcbe8461599d71865.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\b527594c48bbaad67924ced89a416e20.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\b86745632d1223fab788478c41828d9a.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\b88e5980318f9688b4348228079f4f04.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\c25b7660062dfaf312f7142d2126cf2e.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\c2a9bad2a6f3c5b8aba800c2646abbf0.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\c36f2f770b74dd9e49947e924f85eeea.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\c636b5bf68f8ea6811c91dd569143b63.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\c73959eceda75ddf82609033ed2756e9.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ccbebc209ee7342ed2a62b6d6e996645.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\d0d1583aaf54f587014b422167bddd89.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\d41d8cd98f00b204e9800998ecf8427e.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\d7c0d1ef6446382c3f7bb71308ba122f.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\d8c72d47eaed4bf47aa5d4f291a7c350.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\d909bf9e40d3de9bfa779059a90ff834.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\dc973701a6a9f218f60e389f479684db.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\dcc3ea4461b925db5858951892b5fa12.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\df0ea822d926c8fa5e9401e70f2cea67.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\e09d50f5972f50e03ca6be41cf66e0b5.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\e261f32b2da3462f5a3f10d0e3cb11c7.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\e52ee3c662672a47bf85d717ebb4ae8e.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\e5c061252396f14b1dca59f288bf9c20.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ebc4635e6aeb6c62f3801a378bdfaa4d.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ecb246b7273dc7466b406d7b8b10c09e.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\f63720489499e58792f33295e3dfbf29.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\f9531b586c797615c6b11c5d9e8b7302.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fd44d831ab115f692f560f8ea07c9868.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fe5046d3ac6595d8f385d8a45126456e.bmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fe6d388665fbc8cdfabaa8dc587839f7.bmp
c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1858
c:\recycler\S-1-5-21-2515692050-3951781386-664637758-4387
c:\recycler\S-1-5-21-3960351061-0147686217-620205669-3838
c:\recycler\S-1-5-21-515967899-842925246-682003330-1003
c:\recycler\S-1-5-21-5478708572-8337656310-807184546-8180
c:\windows\system32\drivers\79104c4a.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_npf
-------\Service_npf
-------\Service_79104c4a


((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.

2009-11-08 06:58 . 2009-11-08 06:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\TeamViewer
2009-11-08 06:33 . 2009-11-08 06:33 -------- d-----w- c:\program files\Lavalys
2009-11-06 23:58 . 2009-11-07 00:17 -------- d-----w- C:\tmp
2009-11-06 23:40 . 2009-11-06 23:41 -------- d-----w- C:\Python26
2009-11-06 23:37 . 2009-11-06 23:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Blender Foundation
2009-11-06 23:37 . 2009-11-06 23:37 -------- d-----w- c:\program files\Blender Foundation
2009-11-06 02:48 . 2009-11-06 03:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Stardock
2009-11-06 02:47 . 2009-11-06 02:47 -------- d-----w- c:\program files\Common Files\Stardock
2009-11-05 19:22 . 2009-11-05 19:22 -------- d-----w- c:\program files\Arcen Games, LLC
2009-11-05 19:22 . 2009-11-05 19:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Arcen Games, LLC
2009-11-04 23:29 . 2009-11-05 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-04 23:29 . 2009-11-04 23:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-04 18:17 . 2009-11-04 18:17 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 05:31 . 2009-11-05 19:21 -------- d-----w- c:\windows\LastGood
2009-11-03 01:28 . 2009-11-03 01:38 -------- d-----w- c:\documents and settings\Owner\Application Data\Bioshock
2009-11-03 01:23 . 2009-11-03 01:23 -------- d--h--r- c:\documents and settings\Owner\Application Data\SecuROM
2009-11-03 01:23 . 2009-11-03 01:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-02 20:42 . 2005-07-01 14:20 198144 ------w- c:\windows\eiunin2.exe
2009-11-02 20:42 . 2009-11-02 20:42 -------- d-----w- c:\program files\Lights
2009-11-02 14:24 . 2009-11-02 14:24 -------- d-----w- c:\program files\Microsoft Works
2009-11-02 14:22 . 2009-11-02 14:22 -------- d-----w- c:\program files\Microsoft.NET
2009-11-02 14:22 . 2009-11-02 14:22 -------- d-----w- c:\program files\SpywareBlaster
2009-11-02 14:19 . 2009-11-02 14:19 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-02 14:18 . 2009-11-02 14:23 -------- d-----w- c:\windows\SHELLNEW
2009-11-02 14:17 . 2009-11-02 14:17 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Help
2009-11-02 14:17 . 2009-11-02 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-02 14:16 . 2009-11-02 14:16 -------- d-----r- C:\MSOCache
2009-11-02 13:49 . 2009-11-02 13:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Kerio
2009-11-02 13:47 . 2009-11-02 13:47 -------- d-----w- c:\program files\Kerio
2009-11-02 13:19 . 2009-11-02 13:19 -------- d-----w- c:\program files\Trend Micro
2009-11-01 18:45 . 2009-09-04 23:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-01 18:45 . 2009-09-04 23:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-01 18:45 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-01 18:45 . 2009-09-04 23:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-01 18:45 . 2009-09-04 23:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-01 18:45 . 2009-09-04 23:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-01 18:44 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-01 18:44 . 2009-11-01 18:44 -------- d--h--w- c:\windows\msdownld.tmp
2009-10-31 17:45 . 2009-10-31 17:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Canneverbe_Limited
2009-10-31 17:45 . 2009-10-31 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-10-31 17:44 . 2009-09-29 01:57 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-10-31 17:44 . 2009-10-31 17:44 -------- d-----w- c:\program files\CDBurnerXP
2009-10-31 17:41 . 2009-10-31 17:41 3638 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{DFC6573E-124D-4026-BFA4-B433C9D3FF21}\_2cd672ae.exe
2009-10-31 17:40 . 2009-10-31 17:40 -------- d-----w- c:\program files\Alex Feinman
2009-10-31 07:45 . 2009-11-08 06:47 165232 ---ha-w- c:\documents and settings\Owner\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2009-10-31 07:44 . 2009-10-31 07:44 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-10-31 07:02 . 2009-10-31 07:02 -------- d-----w- c:\program files\Paint.NET
2009-10-31 07:02 . 2009-11-04 04:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Paint.NET
2009-10-31 04:09 . 2009-11-01 07:40 -------- d-----w- c:\windows\logs
2009-10-31 04:09 . 2009-10-31 04:11 -------- d-----w- c:\windows\inis
2009-10-31 04:09 . 2009-10-31 04:11 -------- dc----w- c:\windows\memcards
2009-10-31 04:09 . 2009-10-31 04:09 -------- d-----w- c:\windows\sstates
2009-10-31 00:13 . 2009-10-31 00:13 -------- d-----w- c:\program files\UP
2009-10-30 16:51 . 2009-10-30 16:51 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\bluesoleil
2009-10-30 01:24 . 2009-10-30 01:24 -------- d-----w- c:\program files\IVT Corporation
2009-10-29 18:13 . 2009-10-29 18:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Subversion
2009-10-29 15:18 . 2009-10-30 06:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Badongo Toolbar
2009-10-29 15:18 . 2009-10-29 15:18 -------- d-----w- c:\program files\Badongo Toolbar
2009-10-29 14:09 . 2009-10-29 14:09 -------- d-----w- c:\program files\inKline Global
2009-10-27 21:13 . 2009-10-27 21:13 -------- d-----w- c:\program files\directx
2009-10-27 21:03 . 2009-10-27 21:03 -------- d-----w- c:\program files\Majesco Entertainment
2009-10-26 16:48 . 2009-10-26 16:48 -------- d-----w- c:\windows\system32\xircom
2009-10-26 16:48 . 2009-10-26 16:48 -------- d-----w- c:\windows\system32\wbem\snmp
2009-10-26 16:48 . 2009-10-26 16:48 -------- d-----w- c:\windows\system32\oobe
2009-10-26 16:48 . 2009-10-26 16:48 -------- d-----w- c:\program files\microsoft frontpage
2009-10-26 14:24 . 2009-10-26 14:24 2149888 ----a-w- c:\windows\system32\python26.dll
2009-10-26 04:19 . 2009-10-26 04:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PunkBuster
2009-10-26 04:17 . 2009-10-26 04:19 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-26 04:17 . 2009-10-26 04:17 139152 ----a-w- c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-10-26 04:17 . 2009-10-26 04:50 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-26 04:17 . 2009-10-26 04:17 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-26 04:17 . 2009-10-26 04:17 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-26 04:17 . 2009-10-26 04:17 -------- d-----w- c:\windows\system32\LogFiles
2009-10-25 19:48 . 2009-10-25 19:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-25 19:48 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 19:48 . 2009-10-25 19:48 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2009-10-25 19:48 . 2009-10-25 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-25 19:48 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 18:31 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-25 18:31 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-25 18:31 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-25 18:31 . 2009-10-25 18:33 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-25 18:31 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-25 18:31 . 2009-10-25 19:54 -------- d-----w- c:\program files\Spyware Doctor
2009-10-25 18:31 . 2009-10-25 18:31 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2009-10-25 18:31 . 2009-10-25 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-25 18:05 . 2009-10-25 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\69341730
2009-10-25 18:04 . 2009-10-25 18:04 195165 ----a-w- C:\wtcqrqjr.exe
2009-10-25 06:04 . 2009-10-25 06:04 12264 ----a-w- c:\windows\scunin.dat
2009-10-25 06:04 . 2009-10-25 06:04 967 ----a-w- c:\windows\ScUnin.pif
2009-10-25 06:04 . 2009-10-25 06:04 68096 ----a-w- c:\windows\ScUnin.exe
2009-10-25 06:04 . 2009-10-26 16:48 -------- d-----w- c:\program files\Starcraft
2009-10-25 06:01 . 2009-10-25 06:01 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Pro
2009-10-24 22:56 . 2009-10-24 22:56 -------- d-----w- c:\program files\SourceOP
2009-10-24 18:29 . 2009-10-24 18:36 199097 ----a-w- C:\xvqdt.exe
2009-10-23 18:42 . 2009-10-25 22:18 -------- d-----w- c:\program files\Cheat Engine
2009-10-23 18:42 . 2007-12-26 22:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-10-23 18:42 . 2007-12-26 22:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-10-22 18:30 . 2009-10-22 18:30 8854 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-10-22 18:30 . 2009-10-22 18:30 40960 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-10-22 18:30 . 2009-10-22 18:30 40960 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-10-22 18:30 . 2009-10-22 18:30 -------- d-----w- c:\program files\Project64 1.6
2009-10-21 17:40 . 2009-10-21 17:40 -------- d-----w- c:\documents and settings\Owner\Application Data\teamspeak2
2009-10-21 17:38 . 2009-10-21 17:40 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-10-19 01:06 . 2005-01-01 09:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-10-19 01:04 . 2009-10-19 01:04 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-10-19 00:06 . 2009-10-19 00:06 -------- d-----w- c:\documents and settings\Default User\Application Data\skypePM
2009-10-18 23:46 . 2009-11-06 03:52 -------- d-----w- c:\program files\Stardock
2009-10-18 23:46 . 2007-07-11 20:06 42672 ----a-w- c:\windows\system32\wbsys.dll
2009-10-18 21:19 . 2009-11-03 22:08 -------- d-----w- C:\HanPurple
2009-10-18 21:19 . 2009-07-06 20:09 176832 ----a-w- c:\windows\system32\HGReport.dll
2009-10-18 21:19 . 2009-08-07 16:52 161224 ----a-w- c:\windows\system32\PubPlugin.dll
2009-10-18 21:15 . 2009-09-23 16:58 1147576 ----a-w- c:\windows\system32\HanWebMsg1058.dll
2009-10-17 20:05 . 2009-10-17 20:05 3283 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Musepack Codec.dat
2009-10-17 20:04 . 2009-10-17 20:04 3625 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2009-10-17 20:01 . 2009-10-17 20:01 3065 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2009-10-17 19:58 . 2009-10-17 19:58 -------- d-----w- c:\documents and settings\Owner\Application Data\AccurateRip
2009-10-17 19:58 . 2009-10-17 20:05 593272 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-10-17 19:58 . 2009-10-17 19:58 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-10-17 19:57 . 2009-10-17 19:57 -------- d-----w- c:\program files\Illustrate
2009-10-16 23:34 . 2009-11-07 01:16 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-10-16 23:33 . 2009-10-16 23:33 -------- d-----w- c:\program files\VideoLAN
2009-10-16 01:11 . 2009-11-08 20:21 -------- d-----w- c:\program files\CABAL Online (GSC)
2009-10-15 01:34 . 2009-10-15 01:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AaaaaRecklessDisregard
2009-10-15 01:24 . 2009-11-01 21:17 -------- d-----w- c:\documents and settings\Owner\Application Data\TeamViewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 17:41 . 2009-10-12 22:12 -------- d-----w- c:\program files\Steam
2009-11-09 17:40 . 2009-11-02 13:48 70619 ----a-w- c:\windows\system32\drivers\kwfupper.log
2009-11-09 17:40 . 2009-11-02 13:48 107430 ----a-w- c:\windows\system32\drivers\kwflower.log
2009-11-09 17:21 . 2009-10-12 22:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-09 04:13 . 2009-11-02 18:49 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-11-03 23:16 . 2009-10-12 22:28 90736 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-02 14:24 . 2009-10-12 23:11 -------- d-----w- c:\program files\MSBuild
2009-10-30 19:32 . 2009-10-12 23:31 -------- d-----w- c:\program files\Unlocker
2009-10-30 16:50 . 2009-10-26 19:41 -------- d-----w- c:\program files\Zwunzi
2009-10-29 14:09 . 2009-10-12 23:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 19:41 . 2009-10-26 19:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Free Sound Recorder
2009-10-26 19:41 . 2009-10-26 19:40 -------- d-----w- c:\program files\Free Sound Recorder
2009-10-25 19:06 . 2009-10-12 23:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-25 18:04 . 2009-07-19 16:02 14848 ----a-w- c:\windows\system32\svchost.exe
2009-10-24 19:04 . 2009-10-13 02:41 -------- d-----w- c:\program files\DivX
2009-10-24 19:04 . 2009-10-13 02:41 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-12 23:32 . 2009-10-12 23:32 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2009-10-12 23:32 . 2009-10-12 23:32 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-12 23:31 . 2009-10-12 23:11 94248 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-12 23:31 . 2009-10-12 23:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit
2009-10-12 23:31 . 2009-10-12 23:31 -------- d-----w- c:\program files\Foxit Software
2009-10-12 23:30 . 2009-10-12 23:30 -------- d-----w- c:\program files\7-Zip
2009-10-12 23:23 . 2009-10-12 23:23 -------- d-----w- c:\program files\Intel
2009-10-12 23:21 . 2009-10-12 23:21 -------- d-----w- c:\program files\Realtek
2009-10-12 23:21 . 2009-10-12 23:21 315392 ----a-w- c:\windows\HideWin.exe
2009-10-12 23:21 . 2009-10-12 23:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-12 23:20 . 2009-10-12 23:20 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-12 23:20 . 2009-10-12 23:20 -------- d-----w- c:\program files\ASRock WiFi-802.11g
2009-10-12 23:11 . 2009-10-12 23:11 -------- d-----w- c:\program files\Reference Assemblies
2009-10-12 23:05 . 2009-10-12 23:05 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-12 23:04 . 2009-10-12 23:04 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-12 23:03 . 2009-10-12 23:03 -------- d-----w- c:\program files\MSXML 4.0
2009-10-12 23:02 . 2009-10-12 23:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-12 22:55 . 2009-10-12 22:55 -------- d-----r- c:\program files\Skype
2009-10-12 22:55 . 2009-10-12 22:55 -------- d-----w- c:\program files\Common Files\Skype
2009-10-12 22:55 . 2009-10-12 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-12 22:46 . 2009-10-12 22:28 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-10-12 22:41 . 2009-10-12 22:40 -------- d-----w- c:\program files\Windows Live
2009-10-12 22:41 . 2009-10-12 22:41 -------- d-----w- c:\program files\Microsoft
2009-10-12 22:40 . 2009-10-12 22:40 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-12 22:28 . 2009-10-12 22:28 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-12 22:28 . 2009-10-12 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-10-12 22:28 . 2009-10-12 22:28 91648 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-10-12 22:17 . 2009-10-12 22:17 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-12 22:17 . 2009-10-12 22:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-12 22:17 . 2009-10-12 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-10-12 22:17 . 2009-10-12 22:17 -------- d-----w- c:\program files\NVIDIA Corporation
2009-10-12 22:11 . 2009-10-12 22:09 -------- d-----w- c:\program files\DAP
2009-10-12 22:11 . 2009-10-12 22:11 3317784 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA3_DapSo.exe
2009-10-12 22:09 . 2009-10-12 22:09 -------- d-----w- c:\program files\SpeedBit Video Downloader
2009-10-12 22:04 . 2009-10-12 22:04 0 ----a-w- c:\windows\nsreg.dat
2009-10-12 21:56 . 2009-10-12 21:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-27 23:20 . 2009-09-27 23:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 23:20 . 2009-09-27 23:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 23:19 . 2009-09-27 23:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 23:19 . 2009-09-27 23:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 23:19 . 2009-09-27 23:19 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 23:19 . 2009-09-27 23:19 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 23:19 . 2009-09-27 23:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 23:19 . 2009-09-27 23:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 23:19 . 2009-09-27 23:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 23:19 . 2009-09-27 23:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 23:19 . 2009-09-27 23:19 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 23:19 . 2009-09-27 23:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 23:19 . 2009-09-27 23:19 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 21:12 . 2009-10-12 21:38 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 21:12 . 2009-10-12 21:38 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 21:12 . 2009-09-27 21:12 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 21:12 . 2009-09-27 21:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 21:12 . 2009-09-27 21:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 21:12 . 2009-09-27 21:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 21:12 . 2009-09-27 21:12 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 21:12 . 2009-09-27 21:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 21:12 . 2009-09-27 21:12 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 21:12 . 2009-09-27 21:12 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-04 23:44 . 2009-10-12 23:03 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-14 18:36 . 2009-08-14 18:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2009-07-19 . 6F986564076C2A3A94285AA2BBD11AA4 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys


c:\windows\system32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]
2009-10-12 22:09 2655736 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-11-03 1217808]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WrCtrl"="c:\program files\Kerio\WinRoute Firewall\wrctrl.exe" [2008-11-24 120680]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes Anti-Malware\mbam.exe" [2009-09-10 1312080]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-11-22 16858112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-07-19 128512]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-11-5 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-09-23 15:10 229376 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASRock WiFi-802.11g.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ASRock WiFi-802.11g.lnk
backup=c:\windows\pss\ASRock WiFi-802.11g.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"Spooler"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"Alerter"=2 (0x2)
"TapiSrv"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\reeve291\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\reeve291\\zombie panic! source\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Source HL2DM Server\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\ai war fleet command\\AIWar.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Source HL2DM Server\\srcds.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 bthidbus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/7/2009 10:39 PM 20744]
R0 pctcore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/25/2009 12:31 PM 206256]
R2 bsmobilecs;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2/27/2009 3:40 PM 143467]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
R2 winroute;Kerio WinRoute Firewall;c:\program files\Kerio\WinRoute Firewall\winroute.exe [11/24/2008 3:19 PM 3987304]
R3 btnetbus;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 11:44 AM 30088]
R3 ivtbtbus;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 1:58 PM 26248]
R3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [6/24/2008 9:36 AM 65024]
R3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\drivers\kwflower.sys [7/2/2008 10:10 AM 100352]
R3 kwfupper;Kerio WinRoute Firewall Driver - Upper Layer;c:\windows\system32\drivers\kwfupper.sys [11/24/2008 3:36 PM 123952]
S2 zwunzi service;Zwunzi Service;"c:\documents and settings\All Users\Application Data\Zwunzi\zwunzi121.exe" "c:\program files\Zwunzi\zwunzi.dll" Service --> c:\documents and settings\All Users\Application Data\Zwunzi\zwunzi121.exe [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/25/2009 12:31 PM 348752]
S3 XDva297;XDva297;\??\c:\windows\system32\XDva297.sys --> c:\windows\system32\XDva297.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-09 c:\windows\Tasks\User_Feed_Synchronization-{5D7F6256-FE76-4F7C-ADC9-BC314DA9C61A}.job
- c:\windows\system32\msfeedssync.exe [2009-07-19 16:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: e&xportar a microsoft excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: send by bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: send via &message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: upload linked file to badongo - c:\program files\Badongo Toolbar\uploadfile.html
IE: upload this image to badongo - c:\program files\Badongo Toolbar\uploadimage.html
LSP: c:\progra~1\SPEEDB~2\sblsp.dll
DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - hxxp://www.hangame.com/common/CKKeyProInst.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://pubid.hangame.com/common/HanSetup1020.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\gl7wcekd.default\
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\gl7wcekd.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 11:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spaq.sys hal.dll >>UNKNOWN [0x89BC0938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF7978B40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\securom\!caution! never delete or change any key*]
"??"=hex:fc,83,46,a1,04,bb,66,ad,3a,bd,f2,f2,a5,c1,50,53,9b,fe,28,f4,aa,7a,8b,
8a,e1,bf,34,1f,82,0b,39,68,8b,02,ce,f8,6e,2d,e5,f5,49,3a,3e,39,e7,ce,4a,23,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1256)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'lsass.exe'(1312)
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\windows\system32\WININET.dll
c:\program files\SpeedBit Video Accelerator\CommPipe.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll

- - - - - - - > 'explorer.exe'(3872)
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\progra~1\SPEEDB~2\VideoAcceleratorEngine.exe
c:\program files\Kerio\WinRoute Firewall\avServer.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-11-09 11:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-09 17:55

Pre-Run: 5,680,791,552 bytes free
Post-Run: 5,820,628,992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - C431BA5E4245DA826DE9AFCD533EAD1D



So, how to proceed now?


Thanks,

~NightDrifter

 

[Shaba]

Please click this link-->Jotti

Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

c:\windows\system32\drivers\tcpip.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

 

[NightDrifter]

Guess this file is no malware.


Jotti:
Filename: tcpip.sys
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Mon 9 Nov 2009 19:41:42 (CET) Permalink

Virustotal:
MD5: 6f986564076c2a3a94285aa2bbd11aa4
First received: 2009.09.16 08:39:57 UTC
Date: 2009.09.16 08:39:57 UTC [>54D]
Results: 0/41



I'm not sure about what to do next...

So, what's the next procedure?

Hah, i'm sorry if i'm being too much trouble here.




Thanks,

~NightDrifter

 

[Shaba]

Yes it might not be.

Have you patched that file?

 

[NightDrifter]

I think i did some time ago, because some people were deciding to make my PC a Server host (hence, Source HL2DM Server in ComboFix logs)

I mostly run 12 servers at a time, sometimes more, sometimes less. Which lags my connection a lot. It's 100 Mbps, so i have nothing to worry about.


......I shouldnt have patched that file, right? D:

 

[Shaba]

No I just need to know if it has been you or malware

Please do a search for wscntfy.exe and let me know if you got any hits.

 

[NightDrifter]

Search Completed. No results if using .exe extension. Theres wscntfy.vlkj in C:\WINDOWS though.

File size: 0 Kb

 

[Shaba]

Do you have windows CD handy?

 

[NightDrifter]

No, sorry. I don't have any Windows CD at hand.

This computer came with Windows already pre-installed on the Hard Drive, it came with no backup/format disc nor anything like that, though.

I used to have a Windows XP SP2 CD, but the case broke, and there was no place to put it in, so it got scratched over-time, and it doesn't work anymore.

...The only discs that are still working, that came with my computer, is the Motherboard Drivers CD and Wireless Drivers disc. Although i never use Wireless, as i have an Ethernet cable :\


I can buy another copy of Windows, if needed, though.

 

[Shaba]

No need to buy but you need to borrow one

Let me know when it is done and we will continue.

 

[NightDrifter]

Okay, just borrowed a Windows CD from a friend, so, what should i do now? D:

 

[Shaba]

Please insert CD and search for wscntfy.exe or wscntfy.ex_ from it

 

[NightDrifter]

I think i have a problem, i got the wscntfy.exe file, but i cant use it. Each time i copy it into the Hard Drive, there's a popup on my taskbar, that says that the file is corrupted. :sad:

Any ideas on what is going on? I don't want to run Chkdsk because it "might" delete something that is related to the possible infection.

So, what do i do?

Also, have a cookie

reo: