Tech Support Forum - View Single Post - [SOLVED] internet pages are being hijacked

straightjacket · 11-06-2008, 06:30 PM

ComboFix 08-11-05.02 - ken 2008-11-06 18:22:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.513 [GMT -7:00]
Running from: c:\documents and settings\ken\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ken\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\ken\My Documents\completed torrents\ConvertXtoDVD 3 v3.2.1.55b\vsoConvertXtoDVD3_setup.exe
c:\windows\61510.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\61510.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TFFSMON
-------\Legacy_TFNETMON
-------\Legacy_TFSYSMON
-------\Legacy_THREATFIRE
-------\Service_TfFsMon
-------\Service_TfNetMon
-------\Service_TfSysMon
-------\Service_ThreatFire

((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
.

2008-11-06 13:10 . 2008-11-06 18:24 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-06 08:52 . 2005-04-01 20:36 123,200 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-06 08:52 . 2005-04-01 20:36 91,856 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\documents and settings\ken\Application Data\SUPERAntiSpyware.com
2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-29 15:00 . 2008-10-29 15:00 <DIR> d-------- C:\rsit
2008-10-29 14:38 . 2008-10-29 15:43 250 --a------ c:\windows\gmer.ini
2008-10-29 13:29 . 2008-10-29 14:00 <DIR> d-------- c:\windows\BDOSCAN8
2008-10-29 12:44 . 2008-10-29 13:26 <DIR> d-------- c:\documents and settings\ken\.housecall6.6
2008-10-29 05:35 . 2008-10-29 06:05 596 --a------ C:\register.bat
2008-10-28 14:12 . 2008-10-28 14:12 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-10-28 14:12 . 2008-10-28 14:12 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-10-28 13:59 . 2008-11-06 15:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-20 19:39 . 2008-10-20 19:39 <DIR> d-------- c:\documents and settings\ken\Application Data\dvdcss
2008-10-18 11:00 . 2008-10-20 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk
2008-10-17 14:26 . 2008-10-17 14:26 <DIR> d-------- c:\documents and settings\ken\Application Data\Creative
2008-10-16 11:19 . 2008-10-19 16:13 <DIR> d-------- c:\documents and settings\ken\Application Data\U3
2008-10-16 05:48 . 2008-08-14 02:57 2,185,984 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 05:48 . 2008-08-14 02:55 2,142,720 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 05:48 . 2008-08-14 02:18 2,062,976 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 05:48 . 2008-08-14 02:18 2,020,864 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-12 13:04 . 1999-03-25 23:00 101,888 --a------ c:\windows\system32\Vb6stkit.dll
2008-10-12 13:04 . 2000-07-17 13:41 70,088 --a------ c:\windows\system32\Project2-1.ocx
2008-10-12 13:04 . 2000-03-21 15:37 1,760 --a------ c:\windows\system32\objsafe.tlb
2008-10-12 13:04 . 2000-04-06 14:58 1,453 --a------ c:\windows\system32\Project2.INF
2008-10-12 13:03 . 2008-10-12 13:04 <DIR> d-------- c:\program files\eGames
2008-10-12 12:40 . 2008-10-19 14:10 <DIR> d-------- c:\documents and settings\ken\Application Data\LimeWire
2008-10-12 12:39 . 2008-11-02 09:49 <DIR> d-------- c:\program files\LimeWire
2008-10-12 10:32 . 2008-10-12 10:32 <DIR> d-------- c:\documents and settings\ken\Application Data\vlc
2008-10-12 10:31 . 2008-10-12 10:31 <DIR> d-------- c:\program files\VideoLAN
2008-10-12 10:23 . 2008-10-20 18:24 <DIR> d-------- c:\program files\DVDFab 5
2008-10-12 07:16 . 2008-11-06 18:13 <DIR> d-------- c:\documents and settings\ken\Application Data\Vso
2008-10-12 07:16 . 2008-10-12 08:13 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-10-12 07:16 . 2008-10-12 08:13 47,360 --a------ c:\documents and settings\ken\Application Data\pcouffin.sys
2008-10-11 11:46 . 2008-10-11 11:47 <DIR> d-------- c:\documents and settings\ken\Application Data\Smart Panel
2008-10-11 11:46 . 2008-10-11 11:46 29 --a------ c:\windows\DEBUGSM.INI
2008-10-11 11:29 . 2008-10-11 11:29 <DIR> d-------- c:\documents and settings\ken\Application Data\Corel
2008-10-11 11:22 . 2008-10-11 11:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-10-11 11:22 . 2008-10-11 11:22 543 --a------ c:\windows\system32\mapisvc.inf
2008-10-11 11:21 . 2008-10-11 11:21 <DIR> d-------- c:\windows\ShellNew
2008-10-11 11:20 . 2008-10-11 11:22 <DIR> d-------- c:\program files\WordPerfect Office 12
2008-10-11 11:20 . 2008-10-11 11:20 <DIR> d-------- c:\program files\Common Files\Corel
2008-10-11 11:20 . 2008-10-11 11:20 <DIR> d-------- c:\program files\Common Files\Borland Shared
2008-10-11 10:48 . 2008-10-11 10:48 <DIR> d-------- c:\documents and settings\ken\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-11 10:42 . 2008-10-11 10:42 <DIR> d-------- C:\EPSONREG
2008-10-11 10:42 . 2008-10-11 10:42 <DIR> d-------- c:\documents and settings\ken\Application Data\Leadertech
2008-10-11 10:37 . 2004-02-01 00:00 413,696 --a------ c:\windows\system32\PICSDK.dll
2008-10-11 10:37 . 2002-11-14 23:00 45,056 --------- c:\windows\system32\EpPicPrt.dll
2008-10-11 10:37 . 2002-11-14 23:00 45,056 --------- c:\windows\system32\EpPicMgr.dll
2008-10-11 10:37 . 2004-02-01 00:00 29,521 --a------ c:\windows\system32\EPPICPrinterDB.dat
2008-10-11 10:37 . 2004-02-01 00:00 20,910 --a------ c:\windows\system32\EPPICPattern2.dat
2008-10-11 10:37 . 2004-02-01 00:00 20,869 --a------ c:\windows\system32\EPPICPattern1.dat
2008-10-11 10:37 . 2004-02-01 00:00 12,585 --a------ c:\windows\system32\EPPICLocal_EN.cfg
2008-10-11 10:37 . 2004-02-01 00:00 22 --------- c:\windows\system32\PICSDK.ini
2008-10-11 10:36 . 2008-10-11 10:37 <DIR> d-------- c:\program files\Smart Panel
2008-10-11 10:36 . 1999-06-15 10:31 96,768 --a------ c:\windows\SlantAdj.dll
2008-10-11 10:36 . 1999-12-07 01:03 73,216 --a------ c:\windows\ADE.DLL
2008-10-11 10:36 . 1999-04-26 23:17 3,136 --a------ c:\windows\Ade001.bin
2008-10-11 10:36 . 1999-08-09 22:50 72 --------- c:\windows\system32\epDPE.ini
2008-10-11 10:35 . 2004-08-03 21:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-10-11 10:35 . 2004-08-03 21:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-10-11 10:34 . 2008-10-11 10:34 <DIR> d-------- c:\windows\EPSON PhotoStarter Essential
2008-10-11 10:34 . 2008-10-11 10:34 <DIR> d-------- c:\windows\EPSON CardMonitor Essential
2008-10-11 10:34 . 2003-07-02 00:00 131,072 --a------ c:\windows\system32\Epcmlib.dll
2008-10-11 10:34 . 2003-06-30 23:00 46,080 --a------ c:\windows\system32\escimgd.dll
2008-10-11 10:34 . 2003-08-05 23:00 29,184 --a------ c:\windows\system32\escwiadn.dll
2008-10-11 10:34 . 2003-06-30 23:00 22,528 --a------ c:\windows\system32\esccmd.dll
2008-10-11 10:34 . 2008-10-11 10:42 44 --a------ c:\windows\EPCX4600.ini
2008-10-10 12:25 . 2008-10-11 10:37 <DIR> d-------- c:\program files\epson
2008-10-10 11:13 . 2008-10-10 11:13 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-10-10 11:10 . 2008-10-10 11:58 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-10-10 11:10 . 2008-10-10 11:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-10-10 11:10 . 2008-04-24 15:52 12,608 --a------ c:\windows\system32\drivers\TfKbMon.sys
2008-10-10 10:59 . 2008-10-10 10:59 <DIR> d-------- c:\program files\uTorrent
2008-10-10 10:59 . 2008-11-03 05:28 <DIR> d-------- c:\documents and settings\ken\Application Data\uTorrent
2008-10-10 10:25 . 2008-10-10 10:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\IM
2008-10-10 10:24 . 2008-10-10 10:25 <DIR> d-------- c:\program files\IncrediMail
2008-10-10 10:24 . 2008-10-10 10:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\IncrediMail
2008-10-10 08:08 . 2008-10-10 08:08 <DIR> d-------- c:\windows\Sun
2008-10-10 08:08 . 2008-10-10 08:08 <DIR> d-------- c:\program files\Java
2008-10-10 08:08 . 2008-06-10 01:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-10 08:06 . 2008-10-10 08:06 <DIR> d-------- c:\program files\Common Files\Java
2008-10-10 06:19 . 2004-08-03 22:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-10 06:19 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-10 06:19 . 2004-08-03 22:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-10-09 15:12 . 1999-10-10 18:00 41,984 --------- c:\windows\Ctregrun.exe
2008-10-09 15:09 . 2008-10-09 15:09 <DIR> d-------- c:\windows\CtDrvInstall
2008-10-09 15:08 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe
2008-10-09 15:07 . 2008-10-09 15:12 <DIR> d-------- c:\program files\Creative
2008-10-09 15:01 . 2008-10-09 15:01 <DIR> d-------- c:\program files\Yahoo!
2008-10-09 15:01 . 2008-10-09 15:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-09 08:21 . 2008-10-09 08:21 268 --ah----- C:\sqmdata06.sqm
2008-10-09 08:21 . 2008-10-09 08:21 244 --ah----- C:\sqmnoopt06.sqm
2008-10-09 08:00 . 2008-10-09 08:00 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-10-09 07:59 . 2008-10-09 08:00 <DIR> d-------- c:\program files\Common Files\Adobe
2008-10-09 07:17 . 2008-10-09 07:17 268 --ah----- C:\sqmdata05.sqm
2008-10-09 07:17 . 2008-10-09 07:17 244 --ah----- C:\sqmnoopt05.sqm
2008-10-09 06:54 . 2008-10-03 10:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-10-09 06:54 . 2007-04-17 02:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-09 06:54 . 2007-03-07 22:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-09 06:54 . 2008-08-26 00:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-10-09 06:54 . 2008-08-26 00:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-09 06:54 . 2008-08-26 00:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-10-09 06:54 . 2008-08-26 00:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-10-09 06:54 . 2008-08-26 00:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-09 06:54 . 2008-08-25 01:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-10-09 06:48 . 2008-10-09 06:48 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-09 06:26 . 2008-10-09 06:43 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-10-09 06:24 . 2008-06-13 06:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-10-09 06:24 . 2008-06-13 06:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-09 06:23 . 2006-03-20 20:23 23,040 --------- c:\windows\kb913800.exe
2008-10-09 06:18 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-10-09 06:18 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 01:25 --------- d-----w c:\program files\Symantec AntiVirus
2008-11-06 15:58 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-06 15:52 --------- d-----w c:\program files\Symantec
2008-11-06 15:52 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-02 16:49 --------- d-----w c:\program files\RGB
2008-11-02 16:49 --------- d-----w c:\program files\EnglishOtto
2008-10-11 18:20 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-11 17:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-06 02:26 --------- d-----w c:\program files\Windows Live
2008-10-06 02:24 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-06 02:23 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-06 01:46 --------- d-----w c:\program files\CCleaner
2008-10-06 01:42 --------- d-----w c:\documents and settings\ken\Application Data\Talkback
2008-10-06 00:54 5 ----a-w c:\windows\system32\drivers\DELL_XPS_Dell DM051 .MRK
2008-10-06 00:54 5 ----a-w c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051 .MRK
2008-10-06 00:52 --------- d-----w c:\program files\SigmaTel
2008-10-06 00:52 --------- d-----w c:\program files\Intel
2008-10-06 00:49 --------- d-----w c:\program files\Dell
2008-10-06 00:09 --------- d-----w c:\program files\microsoft frontpage
2008-10-06 00:04 --------- d-----w c:\program files\Windows Plus
.

((((((((((((((((((((((((((((( snapshot@2008-11-06_ 8.10.36.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-06 01:31:57 25,214 ----a-r c:\windows\Installer\{5A633ED0-E5D7-4D65-AB8D-53ED43510284}\ARPPRODUCTICON.exe
+ 2008-11-06 15:53:14 25,214 ----a-r c:\windows\Installer\{5A633ED0-E5D7-4D65-AB8D-53ED43510284}\ARPPRODUCTICON.exe
- 2008-10-06 01:31:57 40,960 ----a-r c:\windows\Installer\{5A633ED0-E5D7-4D65-AB8D-53ED43510284}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-11-06 15:53:14 40,960 ----a-r c:\windows\Installer\{5A633ED0-E5D7-4D65-AB8D-53ED43510284}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2003-03-19 02:05:50 89,088 ----a-w c:\windows\system32\atl71.dll
+ 2003-03-19 03:05:50 89,088 ----a-w c:\windows\system32\atl71.dll
- 2005-04-17 18:31:56 34,552 ----a-w c:\windows\system32\cba.dll
+ 2005-04-17 19:31:56 34,552 ----a-w c:\windows\system32\cba.dll
- 2008-07-19 04:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 21:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2008-07-19 04:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 21:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-07-19 04:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 21:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 04:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 21:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 04:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 21:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 04:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 21:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 04:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 21:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-19 04:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 21:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2005-04-05 17:16:52 11,512 ----a-w c:\windows\system32\drivers\symdns.sys
+ 2005-04-05 18:16:52 11,512 ----a-w c:\windows\system32\drivers\symdns.sys
- 2005-04-05 17:16:54 173,208 ----a-w c:\windows\system32\drivers\symfw.sys
+ 2005-04-05 18:16:54 173,208 ----a-w c:\windows\system32\drivers\symfw.sys
- 2005-04-05 17:16:58 36,984 ----a-w c:\windows\system32\drivers\symids.sys
+ 2005-04-05 18:16:58 36,984 ----a-w c:\windows\system32\drivers\symids.sys
- 2005-04-05 17:16:56 47,192 ----a-w c:\windows\system32\drivers\symndis.sys
+ 2005-04-05 18:16:56 47,192 ----a-w c:\windows\system32\drivers\symndis.sys
- 2005-04-05 17:17:00 17,976 ----a-w c:\windows\system32\drivers\symredrv.sys
+ 2005-04-05 18:17:00 17,976 ----a-w c:\windows\system32\drivers\symredrv.sys
- 2005-04-05 17:17:02 267,192 ----a-w c:\windows\system32\drivers\symtdi.sys
+ 2005-04-05 18:17:02 267,192 ----a-w c:\windows\system32\drivers\symtdi.sys
- 2005-04-17 18:31:58 83,648 ----a-w c:\windows\system32\loc32vc0.dll
+ 2005-04-17 19:31:58 83,648 ----a-w c:\windows\system32\loc32vc0.dll
- 2003-03-19 04:20:00 1,060,864 ----a-w c:\windows\system32\mfc71.dll
+ 2003-03-19 05:20:00 1,060,864 ----a-w c:\windows\system32\mfc71.dll
- 2003-03-19 04:12:12 1,047,552 ----a-w c:\windows\system32\mfc71u.dll
+ 2003-03-19 05:12:12 1,047,552 ----a-w c:\windows\system32\mfc71u.dll
- 2005-04-17 18:31:58 46,848 ----a-w c:\windows\system32\msgsys.dll
+ 2005-04-17 19:31:58 46,848 ----a-w c:\windows\system32\msgsys.dll
- 2008-07-19 04:07:54 210,976 ----a-w c:\windows\system32\muweb.dll
+ 2008-10-16 21

48 208,744 ----a-w c:\windows\system32\muweb.dll
- 2005-04-17 18:30:56 43,712 ----a-w c:\windows\system32\NavLogon.dll
+ 2005-04-17 19:30:56 43,712 ----a-w c:\windows\system32\NavLogon.dll
- 2005-04-17 18:32:00 83,704 ----a-w c:\windows\system32\nts.dll
+ 2005-04-17 19:32:00 83,704 ----a-w c:\windows\system32\nts.dll
- 2005-04-17 18:32:00 71,416 ----a-w c:\windows\system32\pds.dll
+ 2005-04-17 19:32:00 71,416 ----a-w c:\windows\system32\pds.dll
+ 2008-10-16 21:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 21:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2005-04-05 17:17:04 517,848 ----a-w c:\windows\system32\SymNeti.dll
+ 2005-04-05 18:17:04 517,848 ----a-w c:\windows\system32\SymNeti.dll
- 2005-04-05 17:17:04 132,824 ----a-w c:\windows\system32\SymRedir.dll
+ 2005-04-05 18:17:04 132,824 ----a-w c:\windows\system32\SymRedir.dll
- 2008-07-19 04:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 21:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-07-19 04:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 21:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2008-07-19 04:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 21:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2008-07-19 04:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 21:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2008-07-19 04:10:20 36,552 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 21:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2008-07-19 04:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 21:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2008-07-19 04:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 21:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-04-08 15:52 48752 c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 04:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 12:56 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series]
--a------ 2004-03-04 02:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATI9AA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 05:03 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 05:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-09-19 16:34 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-03 14:07 1576176 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R3 EraserUtilDrvI7;EraserUtilDrvI7;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [2008-10-15 99376]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-07-29 91830]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 18:25:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-11-06 18:27:37 - machine was rebooted [ken]
ComboFix-quarantined-files.txt 2008-11-07 01:27:33
ComboFix2.txt 2008-11-06 15:10:59

Pre-Run: 226,618,306,560 bytes free
Post-Run: 226,666,344,448 bytes free

334 --- E O F --- 2008-10-25 23:32:05

11-06-2008, 06:30 PM	#13 (permalink)
straightjacket Registered User Join Date: Oct 2008 Posts: 8 OS: xp media edition	Re: internet pages are being hijacked ComboFix 08-11-05.02 - ken 2008-11-06 18:22:00.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.513 [GMT -7:00] Running from: c:\documents and settings\ken\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\ken\Desktop\CFScript.txt * Created a new restore point FILE :: c:\documents and settings\ken\My Documents\completed torrents\ConvertXtoDVD 3 v3.2.1.55b\vsoConvertXtoDVD3_setup.exe c:\windows\61510.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\61510.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TFFSMON -------\Legacy_TFNETMON -------\Legacy_TFSYSMON -------\Legacy_THREATFIRE -------\Service_TfFsMon -------\Service_TfNetMon -------\Service_TfSysMon -------\Service_ThreatFire ((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 ))))))))))))))))))))))))))))))) . 2008-11-06 13:10 . 2008-11-06 18:24 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-06 08:52 . 2005-04-01 20:36 123,200 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2008-11-06 08:52 . 2005-04-01 20:36 91,856 --a------ c:\windows\system32\S32EVNT1.DLL 2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\documents and settings\ken\Application Data\SUPERAntiSpyware.com 2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-29 15:00 . 2008-10-29 15:00 <DIR> d-------- C:\rsit 2008-10-29 14:38 . 2008-10-29 15:43 250 --a------ c:\windows\gmer.ini 2008-10-29 13:29 . 2008-10-29 14:00 <DIR> d-------- c:\windows\BDOSCAN8 2008-10-29 12:44 . 2008-10-29 13:26 <DIR> d-------- c:\documents and settings\ken\.housecall6.6 2008-10-29 05:35 . 2008-10-29 06:05 596 --a------ C:\register.bat 2008-10-28 14:12 . 2008-10-28 14:12 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2008-10-28 14:12 . 2008-10-28 14:12 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2008-10-28 13:59 . 2008-11-06 15:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-20 19:39 . 2008-10-20 19:39 <DIR> d-------- c:\documents and settings\ken\Application Data\dvdcss 2008-10-18 11:00 . 2008-10-20 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk 2008-10-17 14:26 . 2008-10-17 14:26 <DIR> d-------- c:\documents and settings\ken\Application Data\Creative 2008-10-16 11:19 . 2008-10-19 16:13 <DIR> d-------- c:\documents and settings\ken\Application Data\U3 2008-10-16 05:48 . 2008-08-14 02:57 2,185,984 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-16 05:48 . 2008-08-14 02:55 2,142,720 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-16 05:48 . 2008-08-14 02:18 2,062,976 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-16 05:48 . 2008-08-14 02:18 2,020,864 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-12 13:04 . 1999-03-25 23:00 101,888 --a------ c:\windows\system32\Vb6stkit.dll 2008-10-12 13:04 . 2000-07-17 13:41 70,088 --a------ c:\windows\system32\Project2-1.ocx 2008-10-12 13:04 . 2000-03-21 15:37 1,760 --a------ c:\windows\system32\objsafe.tlb 2008-10-12 13:04 . 2000-04-06 14:58 1,453 --a------ c:\windows\system32\Project2.INF 2008-10-12 13:03 . 2008-10-12 13:04 <DIR> d-------- c:\program files\eGames 2008-10-12 12:40 . 2008-10-19 14:10 <DIR> d-------- c:\documents and settings\ken\Application Data\LimeWire 2008-10-12 12:39 . 2008-11-02 09:49 <DIR> d-------- c:\program files\LimeWire 2008-10-12 10:32 . 2008-10-12 10:32 <DIR> d-------- c:\documents and settings\ken\Application Data\vlc 2008-10-12 10:31 . 2008-10-12 10:31 <DIR> d-------- c:\program files\VideoLAN 2008-10-12 10:23 . 2008-10-20 18:24 <DIR> d-------- c:\program files\DVDFab 5 2008-10-12 07:16 . 2008-11-06 18:13 <DIR> d-------- c:\documents and settings\ken\Application Data\Vso 2008-10-12 07:16 . 2008-10-12 08:13 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys 2008-10-12 07:16 . 2008-10-12 08:13 47,360 --a------ c:\documents and settings\ken\Application Data\pcouffin.sys 2008-10-11 11:46 . 2008-10-11 11:47 <DIR> d-------- c:\documents and settings\ken\Application Data\Smart Panel 2008-10-11 11:46 . 2008-10-11 11:46 29 --a------ c:\windows\DEBUGSM.INI 2008-10-11 11:29 . 2008-10-11 11:29 <DIR> d-------- c:\documents and settings\ken\Application Data\Corel 2008-10-11 11:22 . 2008-10-11 11:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield 2008-10-11 11:22 . 2008-10-11 11:22 543 --a------ c:\windows\system32\mapisvc.inf 2008-10-11 11:21 . 2008-10-11 11:21 <DIR> d-------- c:\windows\ShellNew 2008-10-11 11:20 . 2008-10-11 11:22 <DIR> d-------- c:\program files\WordPerfect Office 12 2008-10-11 11:20 . 2008-10-11 11:20 <DIR> d-------- c:\program files\Common Files\Corel 2008-10-11 11:20 . 2008-10-11 11:20 <DIR> d-------- c:\program files\Common Files\Borland Shared 2008-10-11 10:48 . 2008-10-11 10:48 <DIR> d-------- c:\documents and settings\ken\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-10-11 10:42 . 2008-10-11 10:42 <DIR> d-------- C:\EPSONREG 2008-10-11 10:42 . 2008-10-11 10:42 <DIR> d-------- c:\documents and settings\ken\Application Data\Leadertech 2008-10-11 10:37 . 2004-02-01 00:00 413,696 --a------ c:\windows\system32\PICSDK.dll 2008-10-11 10:37 . 2002-11-14 23:00 45,056 --------- c:\windows\system32\EpPicPrt.dll 2008-10-11 10:37 . 2002-11-14 23:00 45,056 --------- c:\windows\system32\EpPicMgr.dll 2008-10-11 10:37 . 2004-02-01 00:00 29,521 --a------ c:\windows\system32\EPPICPrinterDB.dat 2008-10-11 10:37 . 2004-02-01 00:00 20,910 --a------ c:\windows\system32\EPPICPattern2.dat 2008-10-11 10:37 . 2004-02-01 00:00 20,869 --a------ c:\windows\system32\EPPICPattern1.dat 2008-10-11 10:37 . 2004-02-01 00:00 12,585 --a------ c:\windows\system32\EPPICLocal_EN.cfg 2008-10-11 10:37 . 2004-02-01 00:00 22 --------- c:\windows\system32\PICSDK.ini 2008-10-11 10:36 . 2008-10-11 10:37 <DIR> d-------- c:\program files\Smart Panel 2008-10-11 10:36 . 1999-06-15 10:31 96,768 --a------ c:\windows\SlantAdj.dll 2008-10-11 10:36 . 1999-12-07 01:03 73,216 --a------ c:\windows\ADE.DLL 2008-10-11 10:36 . 1999-04-26 23:17 3,136 --a------ c:\windows\Ade001.bin 2008-10-11 10:36 . 1999-08-09 22:50 72 --------- c:\windows\system32\epDPE.ini 2008-10-11 10:35 . 2004-08-03 21:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2008-10-11 10:35 . 2004-08-03 21:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2008-10-11 10:34 . 2008-10-11 10:34 <DIR> d-------- c:\windows\EPSON PhotoStarter Essential 2008-10-11 10:34 . 2008-10-11 10:34 <DIR> d-------- c:\windows\EPSON CardMonitor Essential 2008-10-11 10:34 . 2003-07-02 00:00 131,072 --a------ c:\windows\system32\Epcmlib.dll 2008-10-11 10:34 . 2003-06-30 23:00 46,080 --a------ c:\windows\system32\escimgd.dll 2008-10-11 10:34 . 2003-08-05 23:00 29,184 --a------ c:\windows\system32\escwiadn.dll 2008-10-11 10:34 . 2003-06-30 23:00 22,528 --a------ c:\windows\system32\esccmd.dll 2008-10-11 10:34 . 2008-10-11 10:42 44 --a------ c:\windows\EPCX4600.ini 2008-10-10 12:25 . 2008-10-11 10:37 <DIR> d-------- c:\program files\epson 2008-10-10 11:13 . 2008-10-10 11:13 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151} 2008-10-10 11:10 . 2008-10-10 11:58 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-10-10 11:10 . 2008-10-10 11:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2008-10-10 11:10 . 2008-04-24 15:52 12,608 --a------ c:\windows\system32\drivers\TfKbMon.sys 2008-10-10 10:59 . 2008-10-10 10:59 <DIR> d-------- c:\program files\uTorrent 2008-10-10 10:59 . 2008-11-03 05:28 <DIR> d-------- c:\documents and settings\ken\Application Data\uTorrent 2008-10-10 10:25 . 2008-10-10 10:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\IM 2008-10-10 10:24 . 2008-10-10 10:25 <DIR> d-------- c:\program files\IncrediMail 2008-10-10 10:24 . 2008-10-10 10:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\IncrediMail 2008-10-10 08:08 . 2008-10-10 08:08 <DIR> d-------- c:\windows\Sun 2008-10-10 08:08 . 2008-10-10 08:08 <DIR> d-------- c:\program files\Java 2008-10-10 08:08 . 2008-06-10 01:32 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-10-10 08:06 . 2008-10-10 08:06 <DIR> d-------- c:\program files\Common Files\Java 2008-10-10 06:19 . 2004-08-03 22:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2008-10-10 06:19 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-10-10 06:19 . 2004-08-03 22:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2008-10-09 15:12 . 1999-10-10 18:00 41,984 --------- c:\windows\Ctregrun.exe 2008-10-09 15:09 . 2008-10-09 15:09 <DIR> d-------- c:\windows\CtDrvInstall 2008-10-09 15:08 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe 2008-10-09 15:07 . 2008-10-09 15:12 <DIR> d-------- c:\program files\Creative 2008-10-09 15:01 . 2008-10-09 15:01 <DIR> d-------- c:\program files\Yahoo! 2008-10-09 15:01 . 2008-10-09 15:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! 2008-10-09 08:21 . 2008-10-09 08:21 268 --ah----- C:\sqmdata06.sqm 2008-10-09 08:21 . 2008-10-09 08:21 244 --ah----- C:\sqmnoopt06.sqm 2008-10-09 08:00 . 2008-10-09 08:00 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-10-09 07:59 . 2008-10-09 08:00 <DIR> d-------- c:\program files\Common Files\Adobe 2008-10-09 07:17 . 2008-10-09 07:17 268 --ah----- C:\sqmdata05.sqm 2008-10-09 07:17 . 2008-10-09 07:17 244 --ah----- C:\sqmnoopt05.sqm 2008-10-09 06:54 . 2008-10-03 10:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2008-10-09 06:54 . 2007-04-17 02:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2008-10-09 06:54 . 2007-03-07 22:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2008-10-09 06:54 . 2008-08-26 00:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2008-10-09 06:54 . 2008-08-26 00:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2008-10-09 06:54 . 2008-08-26 00:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2008-10-09 06:54 . 2008-08-26 00:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2008-10-09 06:54 . 2008-08-26 00:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2008-10-09 06:54 . 2008-08-25 01:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2008-10-09 06:48 . 2008-10-09 06:48 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2008-10-09 06:26 . 2008-10-09 06:43 <DIR> d-------- c:\windows\system32\CatRoot_bak 2008-10-09 06:24 . 2008-06-13 06:10 272,128 --------- c:\windows\system32\drivers\bthport.sys 2008-10-09 06:24 . 2008-06-13 06:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-10-09 06:23 . 2006-03-20 20:23 23,040 --------- c:\windows\kb913800.exe 2008-10-09 06:18 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2008-10-09 06:18 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-07 01:25 --------- d-----w c:\program files\Symantec AntiVirus 2008-11-06 15:58 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-11-06 15:52 --------- d-----w c:\program files\Symantec 2008-11-06 15:52 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-11-02 16:49 --------- d-----w c:\program files\RGB 2008-11-02 16:49 --------- d-----w c:\program files\EnglishOtto 2008-10-11 18:20 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-11 17:37 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-06 02:26 --------- d-----w c:\program files\Windows Live 2008-10-06 02:24 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-10-06 02:23 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-10-06 01:46 --------- d-----w c:\program files\CCleaner 2008-10-06 01:42 --------- d-----w c:\documents and settings\ken\Application Data\Talkback 2008-10-06 00:54 5 ----a-w c:\windows\system32\drivers\DELL_XPS_Dell DM051 .MRK 2008-10-06 00:54 5 ----a-w c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051 .MRK 2008-10-06 00:52 --------- d-----w c:\program files\SigmaTel 2008-10-06 00:52 --------- d-----w c:\program files\Intel 2008-10-06 00:49 --------- d-----w c:\program files\Dell 2008-10-06 00:09 --------- d-----w c:\program files\microsoft frontpage 2008-10-06 00:04 --------- d-----w c:\program files\Windows Plus . ((((((((((((((((((((((((((((( snapshot@2008-11-06_ 8.10.36.75 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-06 01:31:57 25,214 ----a-r c:\windows\Installer\{5A633ED0-E5D7-4D65-AB8D-53ED43510284}\ARPPRODUCTICON.exe + 2008-11-06 15:53:14 25,214 ----a-r c:\windows\Installer\{5A633ED0-E5D7-4D65-AB8D-53ED43510284}\ARPPRODUCTICON.exe - 2008-10-06 01:31:57 40,960 ----a-r c:\windows\Installer\{5A633ED0-E5D7-4D65-AB8D-53ED43510284}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe + 2008-11-06 15:53:14 40,960 ----a-r c:\windows\Installer\{5A633ED0-E5D7-4D65-AB8D-53ED43510284}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe - 2003-03-19 02:05:50 89,088 ----a-w c:\windows\system32\atl71.dll + 2003-03-19 03:05:50 89,088 ----a-w c:\windows\system32\atl71.dll - 2005-04-17 18:31:56 34,552 ----a-w c:\windows\system32\cba.dll + 2005-04-17 19:31:56 34,552 ----a-w c:\windows\system32\cba.dll - 2008-07-19 04:10:48 94,920 ----a-w c:\windows\system32\cdm.dll + 2008-10-16 21:09:44 92,696 ----a-w c:\windows\system32\cdm.dll - 2008-07-19 04:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll + 2008-10-16 21:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll - 2008-07-19 04:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll + 2008-10-16 21:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll - 2008-07-19 04:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe + 2008-10-16 21:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe - 2008-07-19 04:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll + 2008-10-16 21:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll - 2008-07-19 04:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll + 2008-10-16 21:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll - 2008-07-19 04:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll + 2008-10-16 21:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll - 2008-07-19 04:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll + 2008-10-16 21:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll - 2005-04-05 17:16:52 11,512 ----a-w c:\windows\system32\drivers\symdns.sys + 2005-04-05 18:16:52 11,512 ----a-w c:\windows\system32\drivers\symdns.sys - 2005-04-05 17:16:54 173,208 ----a-w c:\windows\system32\drivers\symfw.sys + 2005-04-05 18:16:54 173,208 ----a-w c:\windows\system32\drivers\symfw.sys - 2005-04-05 17:16:58 36,984 ----a-w c:\windows\system32\drivers\symids.sys + 2005-04-05 18:16:58 36,984 ----a-w c:\windows\system32\drivers\symids.sys - 2005-04-05 17:16:56 47,192 ----a-w c:\windows\system32\drivers\symndis.sys + 2005-04-05 18:16:56 47,192 ----a-w c:\windows\system32\drivers\symndis.sys - 2005-04-05 17:17:00 17,976 ----a-w c:\windows\system32\drivers\symredrv.sys + 2005-04-05 18:17:00 17,976 ----a-w c:\windows\system32\drivers\symredrv.sys - 2005-04-05 17:17:02 267,192 ----a-w c:\windows\system32\drivers\symtdi.sys + 2005-04-05 18:17:02 267,192 ----a-w c:\windows\system32\drivers\symtdi.sys - 2005-04-17 18:31:58 83,648 ----a-w c:\windows\system32\loc32vc0.dll + 2005-04-17 19:31:58 83,648 ----a-w c:\windows\system32\loc32vc0.dll - 2003-03-19 04:20:00 1,060,864 ----a-w c:\windows\system32\mfc71.dll + 2003-03-19 05:20:00 1,060,864 ----a-w c:\windows\system32\mfc71.dll - 2003-03-19 04:12:12 1,047,552 ----a-w c:\windows\system32\mfc71u.dll + 2003-03-19 05:12:12 1,047,552 ----a-w c:\windows\system32\mfc71u.dll - 2005-04-17 18:31:58 46,848 ----a-w c:\windows\system32\msgsys.dll + 2005-04-17 19:31:58 46,848 ----a-w c:\windows\system32\msgsys.dll - 2008-07-19 04:07:54 210,976 ----a-w c:\windows\system32\muweb.dll + 2008-10-16 2148 208,744 ----a-w c:\windows\system32\muweb.dll - 2005-04-17 18:30:56 43,712 ----a-w c:\windows\system32\NavLogon.dll + 2005-04-17 19:30:56 43,712 ----a-w c:\windows\system32\NavLogon.dll - 2005-04-17 18:32:00 83,704 ----a-w c:\windows\system32\nts.dll + 2005-04-17 19:32:00 83,704 ----a-w c:\windows\system32\nts.dll - 2005-04-17 18:32:00 71,416 ----a-w c:\windows\system32\pds.dll + 2005-04-17 19:32:00 71,416 ----a-w c:\windows\system32\pds.dll + 2008-10-16 21:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll + 2008-10-16 21:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll - 2005-04-05 17:17:04 517,848 ----a-w c:\windows\system32\SymNeti.dll + 2005-04-05 18:17:04 517,848 ----a-w c:\windows\system32\SymNeti.dll - 2005-04-05 17:17:04 132,824 ----a-w c:\windows\system32\SymRedir.dll + 2005-04-05 18:17:04 132,824 ----a-w c:\windows\system32\SymRedir.dll - 2008-07-19 04:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll + 2008-10-16 21:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll - 2008-07-19 04:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe + 2008-10-16 21:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe - 2008-07-19 04:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll + 2008-10-16 21:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll - 2008-07-19 04:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll + 2008-10-16 21:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll - 2008-07-19 04:10:20 36,552 ----a-w c:\windows\system32\wups.dll + 2008-10-16 21:08:58 34,328 ----a-w c:\windows\system32\wups.dll - 2008-07-19 04:10:40 45,768 ----a-w c:\windows\system32\wups2.dll + 2008-10-16 21:09:44 43,544 ----a-w c:\windows\system32\wups2.dll - 2008-07-19 04:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll + 2008-10-16 21:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= c:\windows\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2005-04-08 15:52 48752 c:\program files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-10 04:00 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-08-05 12:56 64512 c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series] --a------ 2004-03-04 02:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATI9AA.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2004-06-16 05:03 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2004-06-16 05:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] --a------ 2008-09-19 16:34 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 09:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-09-03 14:07 1576176 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R3 EraserUtilDrvI7;EraserUtilDrvI7;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [2008-10-15 99376] R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-07-29 91830] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-06 18:25:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\program files\Symantec AntiVirus\DoScan.exe c:\windows\system32\verclsid.exe . ************************************************************************ . Completion time: 2008-11-06 18:27:37 - machine was rebooted [ken] ComboFix-quarantined-files.txt 2008-11-07 01:27:33 ComboFix2.txt 2008-11-06 15:10:59 Pre-Run: 226,618,306,560 bytes free Post-Run: 226,666,344,448 bytes free 334 --- E O F --- 2008-10-25 23:32:05