1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Touble connecting to Internet through Firefox (and other apps) [HJT Log]

Discussion in 'Malware and Virus Removal Archive' started by bds460, 2007/07/19.

  1. 2007/07/19
    bds460

    bds460 Inactive Thread Starter

    Joined:
    2007/07/19
    Messages:
    3
    Likes Received:
    0
    Recently my computer started not allowing me to connect to the internet through Firefox. I thought maybe the problem was isolated to Firefox, but when I tried using IE, Safari, and AIM I was able to connect. I did have errors though when trying to update with Ad-Aware, Spybot, and again Firefox. With Spybot I got an error saying Socket Error # 10061 Connection Refused. With Firefox, besides getting the Unable to Connect message, I got an error saying AUS: Connection Refused when I tried to update. With Ad-Aware I got an error saying could not connect. This problem arised recently and very abruptly. When watching a video on youtube, I went to change to another video and Firefox didn't work. I thought maybe it was an issue with firewalls, but I disabled the Windows Firewall and Norton's is not running (in fact when I tried to run Norton's to run a virus scan the program froze up). I've been trying to figure out what the problem is, but I have not idea so far.

    Here's my process log from HijackThis:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 8:07:47 PM, on 7/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\OPSCAN.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Documents and Settings\Sean Wright\Desktop\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070531
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070531
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 7748 bytes
     
    bds460,
    #1
  2. 2007/07/19
    bds460

    bds460 Inactive Thread Starter

    Joined:
    2007/07/19
    Messages:
    3
    Likes Received:
    0
    Here is the process log in safe mode (Where Firefox and updating work, all which were used and did not find any problems (viruses, trojans, ect.)) for comparision:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 9:41:47 PM, on 7/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Sean Wright\Desktop\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070531
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070531
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 6634 bytes
     
    Last edited: 2007/07/19
    bds460,
    #2


  3. to hide this advert.

  4. 2007/07/20
    bds460

    bds460 Inactive Thread Starter

    Joined:
    2007/07/19
    Messages:
    3
    Likes Received:
    0
    Here's also log I did with combofix:

    "Sean Wright" - 2007-07-19 23:48:33 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


    ((((((((((((((((((((((((( Files Created from 2007-06-20 to 2007-07-20 )))))))))))))))))))))))))))))))


    2007-07-19 23:47 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-19 22:17 <DIR> d-------- C:\Program Files\Lavasoft
    2007-07-19 21:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-19 20:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
    2007-07-19 20:32 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-07-19 20:32 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\APPLIC~1\Gtek
    2007-07-19 20:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
    2007-07-19 20:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
    2007-07-19 20:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
    2007-07-19 19:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-07-19 19:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-07-19 19:13 <DIR> d-------- C:\Program Files\Gran Paradiso(2)
    2007-07-19 00:49 <DIR> d-------- C:\Program Files\Network Probe 2
    2007-07-18 22:47 <DIR> d-------- C:\DOCUME~1\SEANWR~1\APPLIC~1\Viewpoint
    2007-07-18 15:26 <DIR> d-------- C:\Program Files\Citrus Alarm Clock
    2007-07-02 18:03 7,008 --a------ C:\WINDOWS\system\SETUPKIT.DLL
    2007-07-02 18:03 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
    2007-07-02 18:03 26,129 --a------ C:\WINDOWS\SETUP1.EXE
    2007-07-02 18:03 25,374 --a------ C:\WINDOWS\system\BIBSRCH.DLL
    2007-07-02 18:03 <DIR> d-------- C:\BIBLE
    2007-07-02 17:52 <DIR> d-------- C:\Program Files\e-Sword
    2007-06-29 20:35 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2007-06-26 07:59 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-06-26 07:54 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2007-06-25 01:58 <DIR> d-------- C:\Program Files\Paint.NET
    2007-06-25 01:52 <DIR> d-------- C:\Program Files\MSBuild
    2007-06-25 01:49 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
    2007-06-25 01:48 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2007-06-25 01:48 <DIR> d-------- C:\Program Files\Reference Assemblies
    2007-06-21 16:58 <DIR> d-------- C:\Program Files\Gabest


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-19 23:19:24 -------- d-----w C:\Program Files\Google
    2007-07-18 04:45:30 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\GrabIt
    2007-07-02 21:58:59 -------- d-----w C:\Program Files\Common Files\InstallShield
    2007-06-24 01:17:36 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-06-18 13:10:26 -------- d-----w C:\Program Files\Norton Internet Security
    2007-06-18 13:10:06 -------- d-----w C:\Program Files\Symantec
    2007-06-18 13:10:05 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-06-18 13:10:05 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-06-18 13:10:05 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2007-06-18 13:10:05 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-06-16 20:46:00 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-06-16 20:37:02 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\Command & Conquer 3 Tiberium Wars
    2007-06-16 20:36:36 -------- d--h--r C:\DOCUME~1\SEANWR~1\APPLIC~1\SecuROM
    2007-06-16 20:20:04 -------- d-----w C:\Program Files\Electronic Arts
    2007-06-14 17:44:01 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\Apple Computer
    2007-06-14 17:42:08 -------- d-----w C:\Program Files\Safari
    2007-06-14 03:52:45 -------- d-----w C:\Program Files\AIM
    2007-06-14 03:52:45 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\Help
    2007-06-09 21:36:30 -------- d-----w C:\Program Files\Microsoft Games
    2007-06-07 17:43:30 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\DivX
    2007-06-07 13:37:12 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\Ahead
    2007-06-07 13:32:11 -------- d-----w C:\Program Files\Common Files\Ahead
    2007-06-07 12:59:32 -------- d-----w C:\Program Files\Nero
    2007-06-07 12:51:23 -------- d-----w C:\Program Files\BitTorrent
    2007-06-07 12:50:22 -------- d-----w C:\Program Files\Microsoft Works
    2007-06-07 12:49:43 -------- d-----w C:\Program Files\Microsoft.NET
    2007-06-07 12:48:59 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\AdobeUM
    2007-06-07 12:46:18 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\WinRAR
    2007-06-07 12:36:47 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
    2007-06-07 11:18:50 -------- d-----w C:\Program Files\DAEMON Tools
    2007-06-07 11:16:56 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-06-07 02:21:01 -------- d-----w C:\Program Files\Verizon
    2007-06-07 01:28:55 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\Motive
    2007-06-07 01:20:04 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\Verizon
    2007-06-07 01:19:22 -------- d-----w C:\Program Files\Common Files\Motive
    2007-06-06 23:26:03 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\BitTorrent
    2007-06-06 23:03:09 1,554 ----a-w C:\WINDOWS\mozver.dat
    2007-06-06 04:05:52 -------- d-----w C:\Program Files\AC3Filter
    2007-06-06 04:03:37 -------- d-----w C:\Program Files\Xvid
    2007-06-06 04:02:15 -------- d-----w C:\Program Files\DivX
    2007-06-06 00:09:08 -------- d-----w C:\Program Files\Viewpoint
    2007-06-05 13:16:57 -------- d-----w C:\Program Files\GrabIt
    2007-06-05 13:03:40 -------- d-----w C:\Program Files\iTunes
    2007-06-05 13:03:35 -------- d-----w C:\Program Files\iPod
    2007-06-05 13:03:18 -------- d-----w C:\Program Files\QuickTime
    2007-06-05 12:59:58 -------- d-----w C:\Program Files\MSXML 4.0
    2007-06-05 04:50:58 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\Aim
    2007-06-05 04:50:51 -------- d-----w C:\Program Files\AOD
    2007-06-05 02:22:47 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\Command & Conquer 3 Tiberium Wars Demo
    2007-06-05 01:45:17 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-05 01:37:33 -------- d-----w C:\Program Files\Lavalys
    2007-06-05 00:57:08 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\CyberLink
    2007-06-05 00:52:25 -------- d-----w C:\Program Files\AIM6
    2007-06-05 00:52:22 335 ----a-w C:\WINDOWS\nsreg.dat
    2007-06-05 00:33:12 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\Sonic
    2007-06-05 00:32:53 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\Leadertech
    2007-06-05 00:16:55 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\Talkback
    2007-06-05 00:09:27 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\Google
    2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
    2007-05-31 08:49:03 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\Symantec
    2007-05-31 08:49:02 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\ATI
    2007-05-31 08:46:56 -------- d-----w C:\Program Files\Dell
    2007-05-31 08:44:52 -------- d--h--w C:\DOCUME~1\SEANWR~1\APPLIC~1\Gtek
    2007-05-31 08:44:36 -------- d-----w C:\Program Files\Dell Support
    2007-05-31 08:42:57 -------- d-----w C:\Program Files\BAE
    2007-05-31 08:40:49 10,344 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys
    2007-05-31 08:39:14 -------- d-----w C:\Program Files\Sonic
    2007-05-31 08:39:09 -------- d-----w C:\Program Files\Common Files\Sonic Shared
    2007-05-31 08:38:39 -------- d-----w C:\Program Files\Microsoft Plus! Photo Story 2 LE
    2007-05-31 08:38:36 -------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
    2007-05-31 08:37:56 -------- d-----w C:\Program Files\MUSICMATCH
    2007-05-31 08:37:08 -------- d-----w C:\Program Files\Digital Line Detect
    2007-05-31 08:37:01 -------- d-----w C:\Program Files\NetWaiting
    2007-05-31 08:36:55 -------- d-----w C:\Program Files\Modem Helper
    2007-05-31 08:36:23 -------- d-----w C:\Program Files\ATI Technologies
    2007-05-31 08:35:53 -------- d-----w C:\Program Files\Broadcom
    2007-05-31 08:35:29 -------- d-----w C:\Program Files\Synaptics
    2007-05-31 08:35:18 -------- d-----w C:\DOCUME~1\SEANWR~1\APPLIC~1\InstallShield
    2007-05-31 08:33:46 -------- d-----w C:\Program Files\CONEXANT
    2007-05-31 08:33:40 -------- d-----w C:\Program Files\Sigmatel
    2007-05-31 08:31:20 -------- d-----w C:\Program Files\Messenger
    2007-05-31 08:11:52 6,195 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_INS_I6400.mrk
    2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-16 13:42:22 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
    2007-05-15 13:45:14 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-23 20:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe
    2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-01-12 21:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    2004-12-06 02:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2005-11-10 14:22 184423 --a------ C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
    2005-11-17 04:33 94336 --a------ C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
    2007-05-23 12:13 140912 --a------ C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    2006-12-08 07:11 98304 --a------ C:\Program Files\BAE\BAE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp "= "stsystra.exe" [2006-03-24 17:30 C:\WINDOWS\stsystra.exe]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48]
    "ATICCC "= "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
    "ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 13:29]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    C:\Program Files\Dell\QuickSet\quickset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
    C:\Program Files\NetWaiting\netWaiting.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    "C:\Program Files\Dell\MediaDirect\PCMService.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResumeMovielinkManager]
    C:\Program Files\Movielink\MovielinkManager\Movielink Manager.exe /WMP /PDUPRESTART /PDUPWMPInstalled

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
    C:\Program Files\Norton Internet Security\UrlLstCk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
    C:\Program Files\Verizon\McciTrayApp.exe

    *Newly Created Service* - COMHOST

    Contents of the 'Scheduled Tasks' folder
    2007-06-23 00:00:18 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Sean Wright.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-19 23:49:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0
     
    bds460,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...