Active [Cannot open MS website, DNS server or Encryption error]

mitul2601 · 2009/02/18

[Active] [Cannot open MS website, DNS server or Encryption error]

Hi, I am having a problem with my Mozilla Firefox and IE 7. I can not open Microsoft website using any of browser. There are some DNS server or Encryption errors.

In windows security alert it show's virus protection not found. When i install AVG or Kasper sky After installation virus protection say's that NOT MONITORED
Help Me

Here is my Rootrepeal report

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/02/18 13:10
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: artz1me6.SYS
Image Path: C:\WINDOWS\System32\Drivers\artz1me6.SYS
Address: 0xB95C8000 Size: 421888 File Visible: No
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6F72000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADF8000 Size: 8192 File Visible: No
Status: -

Name: PCI_NTPNP8492
Image Path: \Driver\PCI_NTPNP8492
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB5A59000 Size: 45056 File Visible: No
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "sptd.sys" at address 0xba6be0d0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xba6c3fb2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xba6c4340

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xba6be0b0

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xba6c4418

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xba6c4298

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xba6c44aa

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a7d81e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8a84b1e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8a84b1e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a84b1e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a84b1e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8a84b1e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a84b1e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8a84b1e8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a607410 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a607410 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a607410 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a607410 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a607410 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a607410 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a607410 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a607410 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a607410 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a607410 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a607410 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8a5fa1e8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8a5fa1e8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a5fa1e8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a5fa1e8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8a5fa1e8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a5fa1e8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8a5fa1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8a7da1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8a7da1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8a7da1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a7da1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a7da1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a7da1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a7da1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8a7da1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8a7da1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a7da1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8a7da1e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x88dfe1e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x88dfe1e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88dfe1e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88dfe1e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x88dfe1e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x88dfe1e8 Size: -

Object: Hidden Code [Driver: artz1me6ࠅ扏煓ࠁం浍瑓ᣀᓄ, IRP_MJ_CREATE]
Process: System Address: 0x8a5b71e8 Size: -

Object: Hidden Code [Driver: artz1me6ࠅ扏煓ࠁం浍瑓ᣀᓄ, IRP_MJ_CLOSE]
Process: System Address: 0x8a5b71e8 Size: -

Object: Hidden Code [Driver: artz1me6ࠅ扏煓ࠁం浍瑓ᣀᓄ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a5b71e8 Size: -

Object: Hidden Code [Driver: artz1me6ࠅ扏煓ࠁం浍瑓ᣀᓄ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a5b71e8 Size: -

Object: Hidden Code [Driver: artz1me6ࠅ扏煓ࠁం浍瑓ᣀᓄ, IRP_MJ_POWER]
Process: System Address: 0x8a5b71e8 Size: -

Object: Hidden Code [Driver: artz1me6ࠅ扏煓ࠁం浍瑓ᣀᓄ, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a5b71e8 Size: -

Object: Hidden Code [Driver: artz1me6ࠅ扏煓ࠁం浍瑓ᣀᓄ, IRP_MJ_PNP]
Process: System Address: 0x8a5b71e8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8a5cd5d0 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8a5cd5d0 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a5cd5d0 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a5cd5d0 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8a5cd5d0 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a5cd5d0 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8a5cd5d0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x88def1e8 Size: -

Object: Hidden Code [Driver: Cdfsࠅఉ瑎捦܉@考, IRP_MJ_CREATE]
Process: System Address: 0x8a55b790 Size: -

Object: Hidden Code [Driver: Cdfsࠅఉ瑎捦܉@考, IRP_MJ_CLOSE]
Process: System Address: 0x8a55b790 Size: -

Object: Hidden Code [Driver: Cdfsࠅఉ瑎捦܉@考, IRP_MJ_READ]
Process: System Address: 0x8a55b790 Size: -

Object: Hidden Code [Driver: Cdfsࠅఉ瑎捦܉@考, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a55b790 Size: -

Object: Hidden Code [Driver: Cdfsࠅఉ瑎捦܉@考, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a55b790 Size: -

Object: Hidden Code [Driver: Cdfsࠅఉ瑎捦܉@考, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a55b790 Size: -

Object: Hidden Code [Driver: Cdfsࠅఉ瑎捦܉@考, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a55b790 Size: -

Object: Hidden Code [Driver: Cdfsࠅఉ瑎捦܉@考, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a55b790 Size: -

Object: Hidden Code [Driver: Cdfsࠅఉ瑎捦܉@考, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a55b790 Size: -

Object: Hidden Code [Driver: Cdfsࠅఉ瑎捦܉@考, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a55b790 Size: -

Object: Hidden Code [Driver: Cdfsࠅఉ瑎捦܉@考, IRP_MJ_CLEANUP]
Process: System Address: 0x8a55b790 Size: -

Object: Hidden Code [Driver: Cdfsࠅఉ瑎捦܉@考, IRP_MJ_PNP]
Process: System Address: 0x8a55b790 Size: -

Hidden Services
-------------------
Service Name: bdzmjirv
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

PeteC · 2009/02/18

Please do not hijack an existing thread especially not in this forum where each analysis/recommendation is specific to the OP's system. Moved to new thread.

Did you read *** READ THIS BEFORE POSTING IN THIS FORUM *** at the head of the forum?

noahdfear · 2009/02/23

Welcome to WindowsBBS mitul2601

If you're still in need of assistance, please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix

Download ComboFix by sUBs from here, saving the file to your desktop.

Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click ComboFix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

mitul2601 · 2009/02/28

Combofix log file

ComboFix 09-02-27.02 - Administrator 2009-02-28 17:35:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1455 [GMT 5.5:30]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\services.exe.exe
c:\windows\wiupdt.log

.
((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.

2009-02-28 14:51 . 2009-02-28 14:51 <DIR> d-------- c:\program files\Webroot
2009-02-28 14:51 . 2009-02-28 14:51 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Webroot
2009-02-28 14:51 . 2009-02-28 14:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2009-02-28 14:51 . 2009-02-28 14:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Webroot
2009-02-28 14:32 . 2009-02-28 14:51 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Webroot(2)
2009-02-28 14:32 . 2009-02-28 14:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot(2)
2009-02-24 09:03 . 2009-02-28 14:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-02-24 09:01 . 2009-02-28 14:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-23 23:46 . 2009-02-27 18:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\skypePM
2009-02-23 23:46 . 2009-02-23 23:46 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-02-23 22:59 . 2009-02-28 14:52 <DIR> d-------- c:\program files\Skype
2009-02-23 22:59 . 2009-02-28 14:52 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Skype
2009-02-23 22:58 . 2009-02-28 14:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-02-23 12:18 . 2009-02-28 14:52 <DIR> d-------- c:\program files\iTunes
2009-02-23 12:18 . 2009-02-23 12:18 <DIR> d-------- c:\program files\iPod
2009-02-23 12:18 . 2009-02-28 14:54 <DIR> d-------- c:\program files\Bonjour
2009-02-22 09:45 . 2007-03-01 19:54 144,960 --a------ c:\windows\system32\drivers\ssidrv.sys
2009-02-22 09:45 . 2007-03-01 19:54 22,080 --a------ c:\windows\system32\drivers\sshrmd.sys
2009-02-22 09:45 . 2007-03-01 19:54 21,056 --a------ c:\windows\system32\drivers\sskbfd.sys
2009-02-22 09:45 . 2007-03-01 19:54 20,544 --a------ c:\windows\system32\drivers\SSFS0509.sys
2009-02-22 09:04 . 2009-02-22 09:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 09:04 . 2009-02-22 09:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-22 08:56 . 2009-02-22 08:56 <DIR> d-------- c:\program files\Enigma Software Group
2009-02-21 20:52 . 2009-02-21 20:52 <DIR> d-------- c:\windows\system32\Adobe
2009-02-20 23:47 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-02-20 23:47 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-20 23:47 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-20 23:47 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-02-20 22:49 . 2009-02-20 22:49 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-02-20 22:49 . 2009-02-20 22:49 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-02-20 22:49 . 2009-02-20 22:49 <DIR> d-------- c:\program files\Common Files\Nokia
2009-02-20 22:49 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2009-02-18 16:43 . 2009-02-18 16:43 <DIR> d-------- c:\program files\Pretty Tools
2009-02-18 15:36 . 1999-06-19 02:19 165,888 --a------ c:\windows\Ckconfig.exe
2009-02-18 15:36 . 2000-06-29 14:15 52,224 --a------ c:\windows\system32\Crypserv.exe
2009-02-18 15:36 . 1996-05-03 21:51 27,648 -ra------ c:\windows\Setup_ck.exe
2009-02-18 15:36 . 2000-02-04 01:23 24,608 --a------ c:\windows\system32\Ckldrv.sys
2009-02-18 15:36 . 1996-05-03 20:06 18,432 --a------ c:\windows\Setup_ck.dll
2009-02-18 15:36 . 1995-07-04 23:03 11,776 --a------ c:\windows\Ckrfresh.exe
2009-02-18 15:35 . 2009-02-18 15:35 <DIR> d-------- c:\program files\Common Files\NavisWorks 5
2009-02-18 15:34 . 2009-02-18 15:35 <DIR> d-------- c:\program files\NavisWorks 5
2009-02-18 15:34 . 2009-02-18 15:34 <DIR> d-------- c:\program files\Common Files\NavisWorks
2009-02-18 15:24 . 2009-02-18 15:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\NavisWorks 4
2009-02-18 15:24 . 2009-02-18 15:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\NavisWorks 4
2009-02-17 22:26 . 2009-02-17 22:26 <DIR> d-------- c:\program files\Trend Micro
2009-02-17 19:00 . 2009-02-17 19:03 2,262 --a------ C:\WirelessDiagLog.csv
2009-02-17 14:35 . 2009-02-18 01:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-17 14:21 . 2009-02-17 14:21 <DIR> d-------- c:\program files\Common Files\xing shared
2009-02-17 12:52 . 2009-02-17 12:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-02-17 07:11 . 2009-02-17 08:17 <DIR> d-------- C:\Hard Drive Backup
2009-02-17 06:56 . 2009-02-17 06:56 0 --a------ c:\windows\nsreg.dat
2009-02-17 06:43 . 2009-02-17 06:43 <DIR> d-------- c:\program files\Disk Recoup 2.1
2009-02-16 17:27 . 2009-02-16 17:27 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-02-16 17:25 . 2009-02-16 17:25 <DIR> d-------- c:\program files\Apple Software Update
2009-02-16 17:24 . 2009-02-23 12:18 <DIR> d-------- c:\program files\Common Files\Apple
2009-02-16 17:24 . 2009-02-16 17:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-02-12 15:14 . 2009-02-17 07:11 <DIR> d-------- c:\program files\SimpleCenter
2009-02-12 15:14 . 2009-02-12 15:14 <DIR> d-------- c:\program files\Common Files\i4j_jres
2009-02-12 15:09 . 2009-02-20 22:49 <DIR> d-------- c:\program files\Nokia
2009-02-12 14:21 . 2009-02-12 16:03 <DIR> d--hs---- c:\documents and settings\Administrator\Phone Browser
2009-02-12 14:21 . 2009-02-12 14:21 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Datalayer
2009-02-12 14:15 . 2009-02-12 16:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-02-12 10:44 . 2009-02-17 07:18 <DIR> d-------- C:\QUARANTINE
2009-02-12 09:46 . 2009-02-12 09:46 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-11 20:12 . 2009-02-11 20:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\NavisWorks 5
2009-02-11 19:57 . 2009-02-11 19:58 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Autodesk
2009-02-11 19:51 . 2009-02-11 19:51 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-11 19:51 . 2009-02-11 19:51 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 09:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Yahoo!
2009-02-27 15:44 --------- d-----w c:\documents and settings\All Users\Application Data\NavisWorks Licensing System
2009-02-24 03:33 --------- d-----w c:\program files\Yahoo!
2009-02-21 15:22 --------- d-----w c:\program files\Common Files\Adobe
2009-02-21 04:30 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-20 17:11 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-02-18 10:13 --------- d-----w c:\program files\NavisWorks Licensing
2009-02-18 10:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 10:05 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-02-17 15:41 376,832 ----a-w c:\windows\system32\AegisI5Installer.exe
2009-02-17 15:41 21,361 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-02-17 15:41 21,361 ----a-w c:\windows\AegisP.sys
2009-02-17 08:51 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-02-17 08:51 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-17 08:51 --------- d-----w c:\program files\Common Files\Real
2009-02-16 11:57 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-12 08:59 --------- d-----w c:\program files\instant LOCK
2009-02-12 08:59 --------- d-----w c:\program files\Google
2009-02-12 08:46 --------- d-----w c:\program files\DIFX
2009-01-16 12:15 --------- d-----w c:\documents and settings\Jason.Isaac-Henry\Application Data\NavisWorks 5
2009-01-16 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\NavisWorks 5
2009-01-16 10:41 --------- d-----w c:\program files\MSXML 4.0
2009-01-16 10:33 --------- d-----w c:\documents and settings\Jason.Isaac-Henry\Application Data\PC Suite
2009-01-16 10:08 --------- d-----w c:\program files\AutoCAD 2007
2009-01-16 10:07 --------- d-----w c:\program files\AnswerWorks 4.0
2009-01-16 10:01 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-01-16 09:59 --------- d-----w c:\program files\Autodesk
2009-01-16 09:55 --------- d-----w c:\documents and settings\Jason.Isaac-Henry\Application Data\AVGTOOLBAR
2009-01-16 09:26 --------- d-----w c:\documents and settings\Jason.Isaac-Henry\Application Data\Autodesk
2009-01-16 09:06 --------- d-----w c:\program files\DAEMON Tools
2009-01-16 09:05 --------- d-----w c:\documents and settings\Jason.Isaac-Henry\Application Data\TOSHIBA
2009-01-16 09:03 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-16 08:45 --------- d-----w c:\program files\Dell_HostCD
2004-08-04 10:00 165,025 --sha-r c:\windows\system32\imybqwwo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PC Suite Tray "= "c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"QuickTime Task "= "c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2009-01-05 413696]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-17 185872]
"SpySweeper "= "c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 4865600]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"NVHotkey "= "nvHotkey.dll" [2007-11-17 c:\windows\system32\nvhotkey.dll]
"SigmatelSysTrayApp "= "stsystra.exe" [2006-03-25 c:\windows\stsystra.exe]
"nwiz "= "nwiz.exe" [2007-11-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-11 2150400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264 "= x264vfw.dll
"VIDC.3iv2 "= 3ivxVfWCodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra------ 2005-10-08 07:43 176128 c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-08-04 07:21 1032192 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2007-10-08 14:13 1101824 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2007-10-08 14:18 995328 c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-17 15:33 81920 c:\windows\system32\nvmctray.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7636:TCP "= 7636:TCP:ntvsoyo

R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2003-07-11 14912]
R2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe [2005-09-06 35840]
R2 RDXmon;RDXmon 1.16;c:\program files\RD1000\Service\RDXmon.exe [2007-05-05 45056]
S2 bdzmjirv;Config Shell;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bdzmjirv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d1eb234-2494-11dd-8214-0019d27b144a}]
\Shell\AutoRun\command - E:\PMB_P.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e6114e4-57f6-11dd-82ef-0019d27b144a}]
\Shell\Auto\command - E:\system.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - E:\system.exe
\Shell\Open\command - E:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9373b5f2-484c-11dd-82a2-001641dd11a2}]
\Shell\AutoRun\command - e:\system\Security\DriveGuard.exe -run
\Shell\Explore\Command - e:\system\Security\DriveGuard.exe -run
\Shell\Open\Command - e:\system\Security\DriveGuard.exe -run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca40d41e-33a9-11dd-823e-001641dd11a2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
.
Contents of the 'Scheduled Tasks' folder

2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-Nokia - c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\82oskpcp.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
.
------- File Associations -------
.
inifile=c:\smss.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 17:36:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bdzmjirv]
"ServiceDll "= "c:\windows\system32\imybqwwo.dll "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\WRLogonNTF.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2009-02-28 17:38:05
ComboFix-quarantined-files.txt 2009-02-28 12:08:03

Pre-Run: 92,754,210,816 bytes free
Post-Run: 92,836,491,264 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

246 --- E O F --- 2009-02-17 03:03:46

Log in or Sign up

Active [Cannot open MS website, DNS server or Encryption error]

mitul2601 Inactive Thread Starter

PeteC SuperGeek Staff

noahdfear Inactive

mitul2601 Inactive Thread Starter

Share This Page

Log in or Sign up

Active [Cannot open MS website, DNS server or Encryption error]

mitul2601 Inactive Thread Starter

PeteC SuperGeek Staff

noahdfear Inactive

mitul2601 Inactive Thread Starter

Share This Page

Useful Searches