cant remove rootkit ndt2

FatalAD · Jan 20, 2008

ComboFix 08-01-20.1 - A and J 2008-01-20 14:41:15.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1397 [GMT -8:00]
Running from: C:\Users\A and J\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\svchost.exe
C:\Users\A and J\AppData\Roaming\inst.exe
C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\packet.dll
C:\Windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\NPF

((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
.

2008-01-20 14:36 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-20 00:34 . 2008-01-20 14:45 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-01-20 00:34 . 2008-01-20 14:45 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-01-20 00:34 . 2008-01-20 00:34 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-15 21:39 . 2008-01-15 21:39 <DIR> d-------- C:\Users\A and J\AppData\Roaming\PACE Anti-Piracy
2008-01-15 21:39 . 2008-01-15 21:39 <DIR> d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2008-01-15 21:23 . 2008-01-15 22:16 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-01-15 21:17 . 2008-01-15 21:17 <DIR> d-------- C:\Program Files\PowerISO
2008-01-14 18:03 . 2008-01-20 02:14 <DIR> d-------- C:\Program Files\hjt
2008-01-14 15:38 . 2008-01-14 15:43 <DIR> d-------- C:\Users\A and J\Pavark
2008-01-14 13:30 . 2008-01-14 13:30 <DIR> d-------- C:\Users\A and J\LimeWire Store Purchased
2008-01-13 13:50 . 2008-01-13 13:50 32,256 --a------ C:\Windows\System32\tmpxp_278457640065.bk
2008-01-12 22:02 . 2008-01-12 22:02 123 --a------ C:\Windows\rootkitno.ini
2008-01-12 22:01 . C:\Windows\(2) C:\ComboFix\winstart.bat
2008-01-12 09:21 . 2008-01-12 09:21 <DIR> d-------- C:\Program Files\LimeWire
2008-01-12 01:26 . 2008-01-12 08:59 <DIR> d-------- C:\Users\A and J\AppData\Roaming\FrostWire
2008-01-10 14:30 . 2008-01-10 14:30 <DIR> d-------- C:\Users\A and J\AppData\Roaming\SUPERAntiSpyware.com
2008-01-09 14:46 . 2008-01-09 15:02 69 --a------ C:\Windows\NeroDigital.ini
2008-01-08 12:20 . 2008-01-08 12:20 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-08 12:20 . 2008-01-08 12:20 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-08 12:20 . 2008-01-08 12:20 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-08 12:20 . 2008-01-08 12:20 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-08 12:20 . 2008-01-08 12:20 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-08 12:19 . 2008-01-08 12:19 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-08 12:19 . 2008-01-08 12:19 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-08 12:19 . 2008-01-08 12:19 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-08 12:19 . 2008-01-08 12:19 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-08 12:19 . 2008-01-08 12:19 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-08 12:19 . 2008-01-08 12:19 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-08 12:19 . 2008-01-08 12:19 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-08 12:19 . 2008-01-08 12:19 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-08 12:19 . 2008-01-08 12:19 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-08 12:19 . 2008-01-08 12:19 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-03 00:10 . <DIR> C:\Users\A and J\AppData\Roaming\NeroDigitalT
2008-01-02 23:57 . 2008-01-02 23:59 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-02 14:17 . 2008-01-02 15:01 <DIR> d-------- C:\Users\A and J\AppData\Roaming\Simply Super Software
2008-01-02 14:17 . 2006-05-25 14:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-01-02 14:17 . 2003-02-02 19:06 153,088 --a------ C:\Windows\System32\unrar3.dll
2008-01-02 14:17 . 2005-08-26 00:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-01-02 14:17 . 2002-03-06 00:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-01-02 14:17 . 2006-06-19 12:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2007-12-28 15:13 . 2007-12-28 15:13 <DIR> d-------- C:\Users\All Users\Grisoft
2007-12-28 15:13 . 2007-12-28 15:13 <DIR> d-------- C:\ProgramData\Grisoft
2007-12-27 13:08 . 2007-12-27 13:08 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2007-12-27 13:08 . 2007-12-27 13:08 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2007-12-21 14:19 . 2007-12-21 14:19 <DIR> d-------- C:\Users\A and J\AppData\Roaming\Apple Computer
2007-12-21 14:19 . 2007-12-21 14:19 <DIR> d-------- C:\Program Files\iTunes
2007-12-21 14:19 . 2007-12-21 14:19 <DIR> d-------- C:\Program Files\iPod
2007-12-21 14:16 . 2007-12-21 14:16 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-21 14:15 . 2007-12-21 14:15 <DIR> d-------- C:\Users\All Users\Apple
2007-12-21 14:15 . 2007-12-21 14:15 <DIR> d-------- C:\ProgramData\Apple
2007-12-21 14:15 . 2007-12-21 14:15 <DIR> d-------- C:\Program Files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 07:12 --------- d-----w C:\Users\A and J\AppData\Roaming\LimeWire
2008-01-18 20:45 --------- d-----w C:\Users\A and J\AppData\Roaming\Vso
2008-01-17 03:10 47,360 ----a-w C:\Users\A and J\AppData\Roaming\pcouffin.sys
2008-01-17 03:09 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-01-17 02:48 --------- d---a-w C:\ProgramData\TEMP
2008-01-16 06:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 00:44 --------- d-----w C:\Program Files\pgcedit
2008-01-14 20:50 --------- d-----w C:\Program Files\DVDFab HD Decrypter 4
2008-01-09 08:03 --------- d-----w C:\Program Files\VstPlugins
2008-01-09 08:03 --------- d-----w C:\Program Files\Image-Line
2008-01-08 21:40 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-08 21:40 --------- d-----w C:\Program Files\Windows Mail
2008-01-08 20:19 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-08 20:19 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-08 20:19 2,144,768 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-08 20:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-03 08:10 --------- d-----w C:\Users\A and J\AppData\Roaming\NeroDigital™
2008-01-03 07:57 --------- d-----w C:\ProgramData\Nero
2007-12-21 22:19 --------- d-----w C:\ProgramData\Apple Computer
2007-12-20 06:57 81,920 ----a-w C:\Windows\System32\IEDFix.exe
2007-12-20 06:51 3,318 ----a-w C:\Windows\System32\tmp.reg
2007-12-19 20:13 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-14 03:09 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2007-12-12 05:20 --------- d-----w C:\Program Files\Mainstream Engineering Corporation
2007-12-12 05:01 --------- d-----w C:\Program Files\HVACSMS
2007-12-12 05:01 --------- d-----w C:\Program Files\Common Files\click2learn
2007-12-11 20:31 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2007-12-11 20:31 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2007-12-11 20:31 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2007-12-11 20:31 --------- d-----w C:\Program Files\Symantec
2007-12-11 19:19 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-11 19:19 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-11 19:19 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-11 19:18 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-11 19:18 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-11 19:18 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-11 19:18 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-11 19:18 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-11 19:18 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-11 19:18 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-11 19:18 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-11 19:16 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-11 19:16 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-11 02:15 --------- d-----w C:\ProgramData\Symantec
2007-12-08 08:55 --------- d-----w C:\Program Files\Your Uninstaller 2008
2007-12-06 21:40 --------- d-----w C:\ProgramData\vsosdk
2007-12-06 08:58 36,864 ----a-w C:\Windows\System32\wmdmps.dll
2007-12-06 08:58 311,296 ----a-w C:\Windows\System32\mswmdm.dll
2007-12-06 08:58 31,744 ----a-w C:\Windows\System32\wmdmlog.dll
2007-12-04 17:59 972,072 ----a-w C:\Windows\UNRecode.exe
2007-12-04 02:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
2007-12-02 23:48 --------- d-----w C:\ProgramData\WLInstaller
2007-12-02 22:50 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-02 22:48 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-01 07:57 43,696 ----a-w C:\Windows\system32\drivers\srtspx.sys
2007-12-01 07:57 317,616 ----a-w C:\Windows\system32\drivers\srtspl.sys
2007-12-01 07:57 279,088 ----a-w C:\Windows\system32\drivers\srtsp.sys
2007-12-01 07:57 10,549 ----a-w C:\Windows\system32\drivers\srtspx.cat
2007-12-01 07:57 10,549 ----a-w C:\Windows\system32\drivers\srtspl.cat
2007-12-01 07:57 10,545 ----a-w C:\Windows\system32\drivers\srtsp.cat
2007-12-01 07:57 1,430 ----a-w C:\Windows\system32\drivers\srtspl.inf
2007-12-01 07:57 1,421 ----a-w C:\Windows\system32\drivers\srtspx.inf
2007-12-01 07:57 1,415 ----a-w C:\Windows\system32\drivers\srtsp.inf
2007-11-30 20:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-24 22:43 --------- d-----w C:\Program Files\NeroInstall.bak
2007-11-23 20:43 --------- d-----w C:\Program Files\Java
2007-11-23 20:42 --------- d-----w C:\Program Files\Common Files\Java
2007-11-23 07:50 --------- d-----w C:\Users\A and J\AppData\Roaming\PgcEdit
2007-11-23 07:50 --------- d-----w C:\ProgramData\FLEXnet
2007-11-23 07:50 --------- d-----w C:\Program Files\Microsoft Works
2007-11-23 07:50 --------- d-----w C:\Program Files\CCleaner
2007-11-23 07:50 --------- d-----w C:\Program Files\BitComet
2007-11-23 01:45 --------- d-----w C:\Users\A and J\AppData\Roaming\Talkback
2007-11-17 21:10 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-15 09:45 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-15 09:45 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-15 09:45 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-15 09:45 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-15 09:45 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-15 09:45 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-15 09:45 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-15 09:45 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-15 09:45 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-15 09:45 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-10-31 20:03 245,408 ----a-w C:\Windows\System32\unicows.dll
2007-09-07 03:01 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 12:19 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 04:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 04:36 201728]
"RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2006-11-02 01:45 12288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-06 03:39 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 11:04 4423680 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-03-16 07:06 1822720 C:\Windows\SkyTel.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 11:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 16:05 200704]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [2007-11-19 14:40 231952]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20080116.002\IDSvix86.sys [2007-11-06 08:07]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 01:45]
R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 01:45]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2007-08-29 15:39]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 03:13]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 04:00:15 C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - A and J.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeB/TASK:
"2008-01-20 08:10:22 C:\Windows\Tasks\User_Feed_Synchronization-{5B929132-E04A-4BF5-872A-B07ABD722C0A}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 14:45:48
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-20 14:47:21 - machine was rebooted [A and J]
ComboFix-quarantined-files.txt 2008-01-20 22:47:15
.
2008-01-17 22:25:51 --- E O F ---

FatalAD · Jan 20, 2008

ComboFix 08-01-20.1 - A and J 2008-01-20 14:41:15.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1397 [GMT -8:00]
Running from: C:\Users\A and J\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\svchost.exe
C:\Users\A and J\AppData\Roaming\inst.exe
C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\packet.dll
C:\Windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\NPF

((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
.

2008-01-20 14:36 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-20 00:34 . 2008-01-20 14:45 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-01-20 00:34 . 2008-01-20 14:45 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-01-20 00:34 . 2008-01-20 00:34 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-15 21:39 . 2008-01-15 21:39 <DIR> d-------- C:\Users\A and J\AppData\Roaming\PACE Anti-Piracy
2008-01-15 21:39 . 2008-01-15 21:39 <DIR> d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2008-01-15 21:23 . 2008-01-15 22:16 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-01-15 21:17 . 2008-01-15 21:17 <DIR> d-------- C:\Program Files\PowerISO
2008-01-14 18:03 . 2008-01-20 02:14 <DIR> d-------- C:\Program Files\hjt
2008-01-14 15:38 . 2008-01-14 15:43 <DIR> d-------- C:\Users\A and J\Pavark
2008-01-14 13:30 . 2008-01-14 13:30 <DIR> d-------- C:\Users\A and J\LimeWire Store Purchased
2008-01-13 13:50 . 2008-01-13 13:50 32,256 --a------ C:\Windows\System32\tmpxp_278457640065.bk
2008-01-12 22:02 . 2008-01-12 22:02 123 --a------ C:\Windows\rootkitno.ini
2008-01-12 22:01 . C:\Windows\(2) C:\ComboFix\winstart.bat
2008-01-12 09:21 . 2008-01-12 09:21 <DIR> d-------- C:\Program Files\LimeWire
2008-01-12 01:26 . 2008-01-12 08:59 <DIR> d-------- C:\Users\A and J\AppData\Roaming\FrostWire
2008-01-10 14:30 . 2008-01-10 14:30 <DIR> d-------- C:\Users\A and J\AppData\Roaming\SUPERAntiSpyware.com
2008-01-09 14:46 . 2008-01-09 15:02 69 --a------ C:\Windows\NeroDigital.ini
2008-01-08 12:20 . 2008-01-08 12:20 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-08 12:20 . 2008-01-08 12:20 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-08 12:20 . 2008-01-08 12:20 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-08 12:20 . 2008-01-08 12:20 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-08 12:20 . 2008-01-08 12:20 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-08 12:19 . 2008-01-08 12:19 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-08 12:19 . 2008-01-08 12:19 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-08 12:19 . 2008-01-08 12:19 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-08 12:19 . 2008-01-08 12:19 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-08 12:19 . 2008-01-08 12:19 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-08 12:19 . 2008-01-08 12:19 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-08 12:19 . 2008-01-08 12:19 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-08 12:19 . 2008-01-08 12:19 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-08 12:19 . 2008-01-08 12:19 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-08 12:19 . 2008-01-08 12:19 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-03 00:10 . <DIR> C:\Users\A and J\AppData\Roaming\NeroDigitalT
2008-01-02 23:57 . 2008-01-02 23:59 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-02 14:17 . 2008-01-02 15:01 <DIR> d-------- C:\Users\A and J\AppData\Roaming\Simply Super Software
2008-01-02 14:17 . 2006-05-25 14:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-01-02 14:17 . 2003-02-02 19:06 153,088 --a------ C:\Windows\System32\unrar3.dll
2008-01-02 14:17 . 2005-08-26 00:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-01-02 14:17 . 2002-03-06 00:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-01-02 14:17 . 2006-06-19 12:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2007-12-28 15:13 . 2007-12-28 15:13 <DIR> d-------- C:\Users\All Users\Grisoft
2007-12-28 15:13 . 2007-12-28 15:13 <DIR> d-------- C:\ProgramData\Grisoft
2007-12-27 13:08 . 2007-12-27 13:08 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2007-12-27 13:08 . 2007-12-27 13:08 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2007-12-21 14:19 . 2007-12-21 14:19 <DIR> d-------- C:\Users\A and J\AppData\Roaming\Apple Computer
2007-12-21 14:19 . 2007-12-21 14:19 <DIR> d-------- C:\Program Files\iTunes
2007-12-21 14:19 . 2007-12-21 14:19 <DIR> d-------- C:\Program Files\iPod
2007-12-21 14:16 . 2007-12-21 14:16 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-21 14:15 . 2007-12-21 14:15 <DIR> d-------- C:\Users\All Users\Apple
2007-12-21 14:15 . 2007-12-21 14:15 <DIR> d-------- C:\ProgramData\Apple
2007-12-21 14:15 . 2007-12-21 14:15 <DIR> d-------- C:\Program Files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 07:12 --------- d-----w C:\Users\A and J\AppData\Roaming\LimeWire
2008-01-18 20:45 --------- d-----w C:\Users\A and J\AppData\Roaming\Vso
2008-01-17 03:10 47,360 ----a-w C:\Users\A and J\AppData\Roaming\pcouffin.sys
2008-01-17 03:09 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-01-17 02:48 --------- d---a-w C:\ProgramData\TEMP
2008-01-16 06:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 00:44 --------- d-----w C:\Program Files\pgcedit
2008-01-14 20:50 --------- d-----w C:\Program Files\DVDFab HD Decrypter 4
2008-01-09 08:03 --------- d-----w C:\Program Files\VstPlugins
2008-01-09 08:03 --------- d-----w C:\Program Files\Image-Line
2008-01-08 21:40 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-08 21:40 --------- d-----w C:\Program Files\Windows Mail
2008-01-08 20:19 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-08 20:19 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-08 20:19 2,144,768 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-08 20:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-03 08:10 --------- d-----w C:\Users\A and J\AppData\Roaming\NeroDigital™
2008-01-03 07:57 --------- d-----w C:\ProgramData\Nero
2007-12-21 22:19 --------- d-----w C:\ProgramData\Apple Computer
2007-12-20 06:57 81,920 ----a-w C:\Windows\System32\IEDFix.exe
2007-12-20 06:51 3,318 ----a-w C:\Windows\System32\tmp.reg
2007-12-19 20:13 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-14 03:09 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2007-12-12 05:20 --------- d-----w C:\Program Files\Mainstream Engineering Corporation
2007-12-12 05:01 --------- d-----w C:\Program Files\HVACSMS
2007-12-12 05:01 --------- d-----w C:\Program Files\Common Files\click2learn
2007-12-11 20:31 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2007-12-11 20:31 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2007-12-11 20:31 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2007-12-11 20:31 --------- d-----w C:\Program Files\Symantec
2007-12-11 19:19 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-11 19:19 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-11 19:19 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-11 19:18 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-11 19:18 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-11 19:18 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-11 19:18 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-11 19:18 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-11 19:18 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-11 19:18 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-11 19:18 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-11 19:16 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-11 19:16 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-11 02:15 --------- d-----w C:\ProgramData\Symantec
2007-12-08 08:55 --------- d-----w C:\Program Files\Your Uninstaller 2008
2007-12-06 21:40 --------- d-----w C:\ProgramData\vsosdk
2007-12-06 08:58 36,864 ----a-w C:\Windows\System32\wmdmps.dll
2007-12-06 08:58 311,296 ----a-w C:\Windows\System32\mswmdm.dll
2007-12-06 08:58 31,744 ----a-w C:\Windows\System32\wmdmlog.dll
2007-12-04 17:59 972,072 ----a-w C:\Windows\UNRecode.exe
2007-12-04 02:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
2007-12-02 23:48 --------- d-----w C:\ProgramData\WLInstaller
2007-12-02 22:50 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-02 22:48 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-01 07:57 43,696 ----a-w C:\Windows\system32\drivers\srtspx.sys
2007-12-01 07:57 317,616 ----a-w C:\Windows\system32\drivers\srtspl.sys
2007-12-01 07:57 279,088 ----a-w C:\Windows\system32\drivers\srtsp.sys
2007-12-01 07:57 10,549 ----a-w C:\Windows\system32\drivers\srtspx.cat
2007-12-01 07:57 10,549 ----a-w C:\Windows\system32\drivers\srtspl.cat
2007-12-01 07:57 10,545 ----a-w C:\Windows\system32\drivers\srtsp.cat
2007-12-01 07:57 1,430 ----a-w C:\Windows\system32\drivers\srtspl.inf
2007-12-01 07:57 1,421 ----a-w C:\Windows\system32\drivers\srtspx.inf
2007-12-01 07:57 1,415 ----a-w C:\Windows\system32\drivers\srtsp.inf
2007-11-30 20:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-24 22:43 --------- d-----w C:\Program Files\NeroInstall.bak
2007-11-23 20:43 --------- d-----w C:\Program Files\Java
2007-11-23 20:42 --------- d-----w C:\Program Files\Common Files\Java
2007-11-23 07:50 --------- d-----w C:\Users\A and J\AppData\Roaming\PgcEdit
2007-11-23 07:50 --------- d-----w C:\ProgramData\FLEXnet
2007-11-23 07:50 --------- d-----w C:\Program Files\Microsoft Works
2007-11-23 07:50 --------- d-----w C:\Program Files\CCleaner
2007-11-23 07:50 --------- d-----w C:\Program Files\BitComet
2007-11-23 01:45 --------- d-----w C:\Users\A and J\AppData\Roaming\Talkback
2007-11-17 21:10 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-15 09:45 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-15 09:45 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-15 09:45 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-15 09:45 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-15 09:45 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-15 09:45 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-15 09:45 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-15 09:45 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-15 09:45 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-15 09:45 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-10-31 20:03 245,408 ----a-w C:\Windows\System32\unicows.dll
2007-09-07 03:01 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 12:19 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 04:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 04:36 201728]
"RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2006-11-02 01:45 12288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-06 03:39 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 11:04 4423680 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-03-16 07:06 1822720 C:\Windows\SkyTel.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 11:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 16:05 200704]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [2007-11-19 14:40 231952]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20080116.002\IDSvix86.sys [2007-11-06 08:07]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 01:45]
R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 01:45]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2007-08-29 15:39]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 03:13]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 04:00:15 C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - A and J.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeB/TASK:
"2008-01-20 08:10:22 C:\Windows\Tasks\User_Feed_Synchronization-{5B929132-E04A-4BF5-872A-B07ABD722C0A}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 14:45:48
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-20 14:47:21 - machine was rebooted [A and J]
ComboFix-quarantined-files.txt 2008-01-20 22:47:15
.
2008-01-17 22:25:51 --- E O F ---

FatalAD · Jan 20, 2008

ComboFix 08-01-20.1 - A and J 2008-01-20 14:41:15.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1397 [GMT -8:00]
Running from: C:\Users\A and J\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\svchost.exe
C:\Users\A and J\AppData\Roaming\inst.exe
C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\packet.dll
C:\Windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\NPF

((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
.

2008-01-20 14:36 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-20 00:34 . 2008-01-20 14:45 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-01-20 00:34 . 2008-01-20 14:45 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-01-20 00:34 . 2008-01-20 00:34 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-15 21:39 . 2008-01-15 21:39 <DIR> d-------- C:\Users\A and J\AppData\Roaming\PACE Anti-Piracy
2008-01-15 21:39 . 2008-01-15 21:39 <DIR> d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2008-01-15 21:23 . 2008-01-15 22:16 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-01-15 21:17 . 2008-01-15 21:17 <DIR> d-------- C:\Program Files\PowerISO
2008-01-14 18:03 . 2008-01-20 02:14 <DIR> d-------- C:\Program Files\hjt
2008-01-14 15:38 . 2008-01-14 15:43 <DIR> d-------- C:\Users\A and J\Pavark
2008-01-14 13:30 . 2008-01-14 13:30 <DIR> d-------- C:\Users\A and J\LimeWire Store Purchased
2008-01-13 13:50 . 2008-01-13 13:50 32,256 --a------ C:\Windows\System32\tmpxp_278457640065.bk
2008-01-12 22:02 . 2008-01-12 22:02 123 --a------ C:\Windows\rootkitno.ini
2008-01-12 22:01 . C:\Windows\(2) C:\ComboFix\winstart.bat
2008-01-12 09:21 . 2008-01-12 09:21 <DIR> d-------- C:\Program Files\LimeWire
2008-01-12 01:26 . 2008-01-12 08:59 <DIR> d-------- C:\Users\A and J\AppData\Roaming\FrostWire
2008-01-10 14:30 . 2008-01-10 14:30 <DIR> d-------- C:\Users\A and J\AppData\Roaming\SUPERAntiSpyware.com
2008-01-09 14:46 . 2008-01-09 15:02 69 --a------ C:\Windows\NeroDigital.ini
2008-01-08 12:20 . 2008-01-08 12:20 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-08 12:20 . 2008-01-08 12:20 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-08 12:20 . 2008-01-08 12:20 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-08 12:20 . 2008-01-08 12:20 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-08 12:20 . 2008-01-08 12:20 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-08 12:19 . 2008-01-08 12:19 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-08 12:19 . 2008-01-08 12:19 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-08 12:19 . 2008-01-08 12:19 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-08 12:19 . 2008-01-08 12:19 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-08 12:19 . 2008-01-08 12:19 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-08 12:19 . 2008-01-08 12:19 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-08 12:19 . 2008-01-08 12:19 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-08 12:19 . 2008-01-08 12:19 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-08 12:19 . 2008-01-08 12:19 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-08 12:19 . 2008-01-08 12:19 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-03 00:10 . <DIR> C:\Users\A and J\AppData\Roaming\NeroDigitalT
2008-01-02 23:57 . 2008-01-02 23:59 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-02 14:17 . 2008-01-02 15:01 <DIR> d-------- C:\Users\A and J\AppData\Roaming\Simply Super Software
2008-01-02 14:17 . 2006-05-25 14:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-01-02 14:17 . 2003-02-02 19:06 153,088 --a------ C:\Windows\System32\unrar3.dll
2008-01-02 14:17 . 2005-08-26 00:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-01-02 14:17 . 2002-03-06 00:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-01-02 14:17 . 2006-06-19 12:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2007-12-28 15:13 . 2007-12-28 15:13 <DIR> d-------- C:\Users\All Users\Grisoft
2007-12-28 15:13 . 2007-12-28 15:13 <DIR> d-------- C:\ProgramData\Grisoft
2007-12-27 13:08 . 2007-12-27 13:08 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2007-12-27 13:08 . 2007-12-27 13:08 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2007-12-21 14:19 . 2007-12-21 14:19 <DIR> d-------- C:\Users\A and J\AppData\Roaming\Apple Computer
2007-12-21 14:19 . 2007-12-21 14:19 <DIR> d-------- C:\Program Files\iTunes
2007-12-21 14:19 . 2007-12-21 14:19 <DIR> d-------- C:\Program Files\iPod
2007-12-21 14:16 . 2007-12-21 14:16 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-21 14:15 . 2007-12-21 14:15 <DIR> d-------- C:\Users\All Users\Apple
2007-12-21 14:15 . 2007-12-21 14:15 <DIR> d-------- C:\ProgramData\Apple
2007-12-21 14:15 . 2007-12-21 14:15 <DIR> d-------- C:\Program Files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 07:12 --------- d-----w C:\Users\A and J\AppData\Roaming\LimeWire
2008-01-18 20:45 --------- d-----w C:\Users\A and J\AppData\Roaming\Vso
2008-01-17 03:10 47,360 ----a-w C:\Users\A and J\AppData\Roaming\pcouffin.sys
2008-01-17 03:09 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-01-17 02:48 --------- d---a-w C:\ProgramData\TEMP
2008-01-16 06:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 00:44 --------- d-----w C:\Program Files\pgcedit
2008-01-14 20:50 --------- d-----w C:\Program Files\DVDFab HD Decrypter 4
2008-01-09 08:03 --------- d-----w C:\Program Files\VstPlugins
2008-01-09 08:03 --------- d-----w C:\Program Files\Image-Line
2008-01-08 21:40 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-08 21:40 --------- d-----w C:\Program Files\Windows Mail
2008-01-08 20:19 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-08 20:19 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-08 20:19 2,144,768 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-08 20:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-03 08:10 --------- d-----w C:\Users\A and J\AppData\Roaming\NeroDigital™
2008-01-03 07:57 --------- d-----w C:\ProgramData\Nero
2007-12-21 22:19 --------- d-----w C:\ProgramData\Apple Computer
2007-12-20 06:57 81,920 ----a-w C:\Windows\System32\IEDFix.exe
2007-12-20 06:51 3,318 ----a-w C:\Windows\System32\tmp.reg
2007-12-19 20:13 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-14 03:09 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2007-12-12 05:20 --------- d-----w C:\Program Files\Mainstream Engineering Corporation
2007-12-12 05:01 --------- d-----w C:\Program Files\HVACSMS
2007-12-12 05:01 --------- d-----w C:\Program Files\Common Files\click2learn
2007-12-11 20:31 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2007-12-11 20:31 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2007-12-11 20:31 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2007-12-11 20:31 --------- d-----w C:\Program Files\Symantec
2007-12-11 19:19 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-11 19:19 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-11 19:19 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-11 19:18 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-11 19:18 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-11 19:18 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-11 19:18 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-11 19:18 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-11 19:18 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-11 19:18 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-11 19:18 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-11 19:16 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-11 19:16 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-11 02:15 --------- d-----w C:\ProgramData\Symantec
2007-12-08 08:55 --------- d-----w C:\Program Files\Your Uninstaller 2008
2007-12-06 21:40 --------- d-----w C:\ProgramData\vsosdk
2007-12-06 08:58 36,864 ----a-w C:\Windows\System32\wmdmps.dll
2007-12-06 08:58 311,296 ----a-w C:\Windows\System32\mswmdm.dll
2007-12-06 08:58 31,744 ----a-w C:\Windows\System32\wmdmlog.dll
2007-12-04 17:59 972,072 ----a-w C:\Windows\UNRecode.exe
2007-12-04 02:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
2007-12-02 23:48 --------- d-----w C:\ProgramData\WLInstaller
2007-12-02 22:50 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-02 22:48 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-01 07:57 43,696 ----a-w C:\Windows\system32\drivers\srtspx.sys
2007-12-01 07:57 317,616 ----a-w C:\Windows\system32\drivers\srtspl.sys
2007-12-01 07:57 279,088 ----a-w C:\Windows\system32\drivers\srtsp.sys
2007-12-01 07:57 10,549 ----a-w C:\Windows\system32\drivers\srtspx.cat
2007-12-01 07:57 10,549 ----a-w C:\Windows\system32\drivers\srtspl.cat
2007-12-01 07:57 10,545 ----a-w C:\Windows\system32\drivers\srtsp.cat
2007-12-01 07:57 1,430 ----a-w C:\Windows\system32\drivers\srtspl.inf
2007-12-01 07:57 1,421 ----a-w C:\Windows\system32\drivers\srtspx.inf
2007-12-01 07:57 1,415 ----a-w C:\Windows\system32\drivers\srtsp.inf
2007-11-30 20:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-24 22:43 --------- d-----w C:\Program Files\NeroInstall.bak
2007-11-23 20:43 --------- d-----w C:\Program Files\Java
2007-11-23 20:42 --------- d-----w C:\Program Files\Common Files\Java
2007-11-23 07:50 --------- d-----w C:\Users\A and J\AppData\Roaming\PgcEdit
2007-11-23 07:50 --------- d-----w C:\ProgramData\FLEXnet
2007-11-23 07:50 --------- d-----w C:\Program Files\Microsoft Works
2007-11-23 07:50 --------- d-----w C:\Program Files\CCleaner
2007-11-23 07:50 --------- d-----w C:\Program Files\BitComet
2007-11-23 01:45 --------- d-----w C:\Users\A and J\AppData\Roaming\Talkback
2007-11-17 21:10 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-15 09:45 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-15 09:45 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-15 09:45 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-15 09:45 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-15 09:45 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-15 09:45 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-15 09:45 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-15 09:45 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-15 09:45 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-15 09:45 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-10-31 20:03 245,408 ----a-w C:\Windows\System32\unicows.dll
2007-09-07 03:01 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 12:19 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 04:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 04:36 201728]
"RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2006-11-02 01:45 12288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-06 03:39 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 11:04 4423680 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-03-16 07:06 1822720 C:\Windows\SkyTel.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 11:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 16:05 200704]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [2007-11-19 14:40 231952]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20080116.002\IDSvix86.sys [2007-11-06 08:07]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 01:45]
R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 01:45]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2007-08-29 15:39]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 03:13]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 04:00:15 C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - A and J.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeB/TASK:
"2008-01-20 08:10:22 C:\Windows\Tasks\User_Feed_Synchronization-{5B929132-E04A-4BF5-872A-B07ABD722C0A}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 14:45:48
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-20 14:47:21 - machine was rebooted [A and J]
ComboFix-quarantined-files.txt 2008-01-20 22:47:15
.
2008-01-17 22:25:51 --- E O F ---

FatalAD · Jan 20, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:20 PM, on 1/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\hjt\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{5B929132-E04A-4BF5-872A-B07ABD722C0A}
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7141 bytes

QuikDraw · Jan 21, 2008

How's the PC running?

FatalAD · Jan 21, 2008

Its running good thank a lot for all your hard work

QuikDraw · Jan 22, 2008

Take care...

FatalAD · Jan 23, 2008

do you recommend changing my anti virus from norton to kaspersky

QuikDraw · Jan 23, 2008

My choices in this order:
BitDefender
Kaspersky
AVG Internet Security, Zone Alarm Pro, Avira Premium.
Norton

tucker001 · Jan 24, 2008

My choices

AVG FREE or NOD32

Norton and McAfee are bloatware

antispyware Windows Defender, Adaware Free edition, and Spybot with HJT

Firewall - The Windows Firewall combined with a hardware NAT Router

Anti Rootkit - AVG Antirootkit

Use ie7 or firefox

turn on windows update, and keep windows patches current install them immediatly

and last but not least dont do retarded things online that get you viruses and spyware in the first place

Security software is and WILL NEVER be 100% affective

FatalAD · Feb 23, 2008

my norton full system scan is taking forever like 12hours and its not done any suggestions

QuikDraw · Feb 23, 2008

Remove Kaspersky antivirus from add/remove programs. You can only have one antivirus program installed. Then reboot and try running the Norton scan. It should finish a complete scan in about 30-45 minutes or something else is interferring with the scan.

Is your computer giving you trouble again? If so, post a new HJK log.

FatalAD · Feb 23, 2008

I removed kasoersky and I used "clean remove program" because I thought that was the problem too it will go really good 100 files a second and then it will stall on a file forever ima post a log anyways I got to go to work thanks again for help

FatalAD · Feb 23, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:42 PM, on 2/23/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\hjt\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}] "C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{5B929132-E04A-4BF5-872A-B07ABD722C0A}
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MacDriveServiceD - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7429 bytes

FatalAD · Feb 23, 2008

I got it to scan all the way through but I had to turn off spy sweeper is there anyway of getting around that

Log in or Sign up

cant remove rootkit ndt2

FatalAD Member

FatalAD Member

FatalAD Member

FatalAD Member

QuikDraw Regular member

FatalAD Member

QuikDraw Regular member

FatalAD Member

QuikDraw Regular member

tucker001 Regular member

FatalAD Member

QuikDraw Regular member

FatalAD Member

FatalAD Member

FatalAD Member

Share This Page

Log in or Sign up

cant remove rootkit ndt2

FatalAD Member

FatalAD Member

FatalAD Member

FatalAD Member

QuikDraw Regular member

FatalAD Member

QuikDraw Regular member

FatalAD Member

QuikDraw Regular member

tucker001 Regular member

FatalAD Member

QuikDraw Regular member

FatalAD Member

FatalAD Member

FatalAD Member

Share This Page

Useful Searches