[SOLVED] internet pages are being hijacked

straightjacket · 10-29-2008, 03:52 PM

when i open internet explorer or firefox, within a few seconds another page ( different pages all the time ) is imprinted over the original prompting me to open the site.This is happening just about every move i make in there. It is also trying to get me to buy software to clean the infections. I followed the instrictions on rsit, but only one file turned up, nothing minimized that I could find.I will paste the log file as instructed, and, attach the gmer text if I need to add more please let me know. I will be put of town till saturday. Thanks

Logfile of random's system information tool 1.04 (written by random/random)
Run by ken at 2008-10-29 16:22:28
Microsoft Windows XP Professional Service Pack 2
System drive C: has 217 GB (91%) free of 238 GB
Total RAM: 1014 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:31 PM, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ken\Desktop\RSIT.exe
C:\Documents and Settings\ken\Desktop\ken.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {299B5FAC-2168-4A5D-A67D-AA4C8F8055DA} - C:\WINDOWS\system32\wvUliIcA.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {4bda9b00-fce7-c7e9-d884-d45740ce8f87} - {78f8ec04-754d-488d-9e7c-7ecf00b9adb4} - C:\WINDOWS\system32\okuunt.dll
O2 - BHO: (no name) - {D4BC585B-D8A8-45E8-ACCF-1FB9FFE60631} - C:\WINDOWS\system32\tuvUnMGX.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1223261216031
O20 - AppInit_DLLs: okuunt.dll
O20 - Winlogon Notify: wvUliIcA - C:\WINDOWS\SYSTEM32\wvUliIcA.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

--
End of file - 5330 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{299B5FAC-2168-4A5D-A67D-AA4C8F8055DA}]
C:\WINDOWS\system32\wvUliIcA.dll [2008-10-28 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78f8ec04-754d-488d-9e7c-7ecf00b9adb4}]
C:\WINDOWS\system32\okuunt.dll [2008-10-29 102912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4BC585B-D8A8-45E8-ACCF-1FB9FFE60631}]
C:\WINDOWS\system32\tuvUnMGX.dll [2008-10-28 243712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-22 339968]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-17 85184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5ce33f2c]
C:\WINDOWS\system32\lswrqxnj.dll [2008-10-29 68608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\61510]
C:\WINDOWS/61510.exe [2008-09-28 15975328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-08 48752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE [2004-03-04 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger Service]
service.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Service]
service.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="okuunt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-04-17 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUliIcA]
C:\WINDOWS\system32\wvUliIcA.dll [2008-10-28 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{299B5FAC-2168-4A5D-A67D-AA4C8F8055DA}"=C:\WINDOWS\system32\wvUliIcA.dll [2008-10-28 34304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\tuvUnMGX

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\ken\Desktop\utorrent.exe"="C:\Documents and Settings\ken\Desktop\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-10-29 16:00:22 ----D---- C:\rsit
2008-10-29 15:44:11 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-10-29 15:38:19 ----A---- C:\WINDOWS\gmer.ini
2008-10-29 15:38:17 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-10-29 15:38:17 ----A---- C:\WINDOWS\gmer.exe
2008-10-29 15:38:17 ----A---- C:\WINDOWS\gmer.dll
2008-10-29 14:29:58 ----D---- C:\WINDOWS\BDOSCAN8
2008-10-29 14:29:56 ----D---- C:\WINDOWS\LastGood
2008-10-29 12:46:07 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-10-29 06:35:25 ----A---- C:\register.bat
2008-10-29 06:25:12 ----SH---- C:\WINDOWS\system32\jnxqrwsl.ini
2008-10-29 06:25:11 ----A---- C:\WINDOWS\system32\lswrqxnj.dll
2008-10-29 06:20:03 ----A---- C:\WINDOWS\system32\okuunt.dll
2008-10-29 06:20:01 ----A---- C:\WINDOWS\system32\rbaafoer.dll
2008-10-28 15:12:47 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-28 15:12:47 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-28 14:59:53 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-28 14:59:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-28 14:04:12 ----A---- C:\WINDOWS\system32\jkkJbbAr.dll
2008-10-28 14:04:12 ----A---- C:\WINDOWS\system32\hgGwWMgF.dll
2008-10-28 13:16:06 ----A---- C:\WINDOWS\system32\efcCVPgg.dll
2008-10-28 13:16:06 ----A---- C:\WINDOWS\system32\awtsPiGV.dll
2008-10-28 12:42:47 ----SH---- C:\WINDOWS\system32\blcwtwtx.ini
2008-10-28 12:39:59 ----A---- C:\WINDOWS\system32\57c0fb52-.txt
2008-10-28 12:39:43 ----ASH---- C:\WINDOWS\system32\XGMnUvut.ini2
2008-10-28 12:39:43 ----ASH---- C:\WINDOWS\system32\XGMnUvut.ini
2008-10-28 12:39:37 ----A---- C:\WINDOWS\system32\tuvUnMGX.dll
2008-10-28 12:34:05 ----A---- C:\WINDOWS\system32\wvUliIcA.dll
2008-10-28 12:34:05 ----A---- C:\WINDOWS\system32\ssqRHWpN.dll
2008-10-25 17:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 20:39:22 ----D---- C:\Documents and Settings\ken\Application Data\dvdcss
2008-10-18 12:00:26 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-10-17 15:26:10 ----D---- C:\Documents and Settings\ken\Application Data\Creative
2008-10-16 14:38:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 14:38:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 14:38:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 14:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 14:37:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 12:19:20 ----D---- C:\Documents and Settings\ken\Application Data\U3
2008-10-12 14:04:45 ----A---- C:\WINDOWS\system32\Vb6stkit.dll
2008-10-12 14:03:17 ----D---- C:\Program Files\eGames
2008-10-12 13:40:03 ----D---- C:\Documents and Settings\ken\Application Data\LimeWire
2008-10-12 13:39:36 ----D---- C:\Program Files\LimeWire
2008-10-12 11:32:39 ----D---- C:\Documents and Settings\ken\Application Data\vlc
2008-10-12 11:31:27 ----D---- C:\Program Files\VideoLAN
2008-10-12 11:23:25 ----D---- C:\Program Files\DVDFab 5
2008-10-12 09:13:21 ----A---- C:\WINDOWS\system32\Pncrt.dll
2008-10-12 09:13:21 ----A---- C:\WINDOWS\system32\drv43260.dll
2008-10-12 09:13:20 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2008-10-12 09:13:20 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2008-10-12 09:13:20 ----A---- C:\WINDOWS\system32\drv33260.dll
2008-10-12 09:13:20 ----A---- C:\WINDOWS\system32\drv23260.dll
2008-10-12 09:13:20 ----A---- C:\WINDOWS\system32\cook3260.dll
2008-10-12 09:13:20 ----A---- C:\WINDOWS\gdiplus.dll
2008-10-12 09:13:18 ----D---- C:\Program Files\VSO
2008-10-12 08:16:03 ----D---- C:\Documents and Settings\ken\Application Data\Vso
2008-10-12 08:16:03 ----A---- C:\Documents and Settings\ken\Application Data\inst.exe
2008-10-11 12:46:17 ----A---- C:\WINDOWS\DEBUGSM.INI
2008-10-11 12:46:16 ----D---- C:\Documents and Settings\ken\Application Data\Smart Panel
2008-10-11 12:29:01 ----D---- C:\Documents and Settings\ken\Application Data\Corel
2008-10-11 12:22:49 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-10-11 12:21:22 ----D---- C:\WINDOWS\ShellNew
2008-10-11 12:20:53 ----D---- C:\Program Files\Common Files\Borland Shared
2008-10-11 12:20:43 ----D---- C:\Program Files\WordPerfect Office 12
2008-10-11 12:20:43 ----D---- C:\Program Files\Common Files\Corel
2008-10-11 11:48:01 ----D---- C:\Documents and Settings\ken\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-11 11:42:57 ----D---- C:\Documents and Settings\ken\Application Data\Leadertech
2008-10-11 11:42:54 ----D---- C:\EPSONREG
2008-10-11 11:37:31 ----N---- C:\WINDOWS\system32\PICSDK.ini
2008-10-11 11:37:31 ----N---- C:\WINDOWS\system32\EpPicPrt.dll
2008-10-11 11:37:31 ----N---- C:\WINDOWS\system32\EpPicMgr.dll
2008-10-11 11:37:31 ----A---- C:\WINDOWS\system32\PICSDK.dll
2008-10-11 11:36:15 ----N---- C:\WINDOWS\system32\epDPE.ini
2008-10-11 11:36:15 ----A---- C:\WINDOWS\SlantAdj.dll
2008-10-11 11:36:15 ----A---- C:\WINDOWS\ADE.DLL
2008-10-11 11:36:05 ----D---- C:\Program Files\Smart Panel
2008-10-11 11:34:59 ----A---- C:\WINDOWS\EPSMTL32.TXT
2008-10-11 11:34:52 ----D---- C:\WINDOWS\EPSON CardMonitor Essential
2008-10-11 11:34:52 ----A---- C:\WINDOWS\system32\Epcmlib.dll
2008-10-11 11:34:47 ----D---- C:\WINDOWS\EPSON PhotoStarter Essential
2008-10-11 11:34:37 ----A---- C:\WINDOWS\system32\escwiadn.dll
2008-10-11 11:34:37 ----A---- C:\WINDOWS\system32\escimgd.dll
2008-10-11 11:34:37 ----A---- C:\WINDOWS\system32\esccmd.dll
2008-10-11 11:34:33 ----A---- C:\WINDOWS\EPCX4600.ini
2008-10-10 13:25:04 ----D---- C:\Program Files\epson
2008-10-10 12:28:43 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$
2008-10-10 12:28:08 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-10-10 12:13:52 ----DC---- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-10-10 12:10:47 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-10 12:10:33 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-10-10 11:59:34 ----D---- C:\Program Files\uTorrent
2008-10-10 11:59:21 ----D---- C:\Documents and Settings\ken\Application Data\uTorrent
2008-10-10 11:25:51 ----D---- C:\Documents and Settings\All Users\Application Data\IM
2008-10-10 11:24:46 ----D---- C:\Program Files\IncrediMail
2008-10-10 11:24:46 ----D---- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-10-10 09:19:25 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-10 09:08:55 ----A---- C:\WINDOWS\admintxt.txt
2008-10-10 09:08:47 ----D---- C:\WINDOWS\Sun
2008-10-10 09:08:47 ----D---- C:\Documents and Settings\ken\Application Data\Sun
2008-10-10 09:08:35 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-10 09:08:35 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-10 09:08:35 ----A---- C:\WINDOWS\system32\java.exe
2008-10-10 09:08:09 ----D---- C:\Program Files\Java
2008-10-10 09:06:46 ----D---- C:\Program Files\Common Files\Java
2008-10-09 16:12:09 ----N---- C:\WINDOWS\Ctregrun.exe
2008-10-09 16:10:23 ----RA---- C:\WINDOWS\system32\P0630Vfw.dll
2008-10-09 16:10:23 ----RA---- C:\WINDOWS\system32\P0630Sti.dll
2008-10-09 16:10:23 ----RA---- C:\WINDOWS\system32\P0630Srv.exe
2008-10-09 16:10:23 ----RA---- C:\WINDOWS\system32\P0630Pin.dll
2008-10-09 16:10:23 ----RA---- C:\WINDOWS\system32\P0630Hwx.dll
2008-10-09 16:10:23 ----RA---- C:\WINDOWS\system32\CtCamMgr.dll
2008-10-09 16:10:23 ----RA---- C:\WINDOWS\P0630Cfg.exe
2008-10-09 16:10:23 ----RA---- C:\WINDOWS\CtDrvIns.exe
2008-10-09 16:10:22 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-10-09 16:09:52 ----D---- C:\WINDOWS\CtDrvInstall
2008-10-09 16:08:20 ----A---- C:\WINDOWS\IsUninst.exe
2008-10-09 16:07:35 ----D---- C:\Program Files\Creative
2008-10-09 16:01:25 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-09 16:01:23 ----D---- C:\Program Files\Yahoo!
2008-10-09 09:00:22 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-09 08:59:58 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-09 08:59:54 ----D---- C:\Program Files\Common Files\Adobe
2008-10-09 08:59:54 ----D---- C:\Program Files\Adobe
2008-10-09 07:55:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-09 07:55:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-09 07:55:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-09 07:55:20 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-10-09 07:54:31 ----D---- C:\WINDOWS\ie7updates
2008-10-09 07:54:15 ----D---- C:\WINDOWS\WBEM
2008-10-09 07:54:14 ----D---- C:\WINDOWS\system32\en-US
2008-10-09 07:53:12 ----HDC---- C:\WINDOWS\ie7
2008-10-09 07:53:01 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-10-09 07:52:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-10-09 07:52:22 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-10-09 07:52:19 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-10-09 07:51:44 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-09 07:51:40 ----D---- C:\WINDOWS\network diagnostic
2008-10-09 07:51:38 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-10-09 07:51:32 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-10-09 07:49:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-09 07:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB908250$
2008-10-09 07:48:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-09 07:48:46 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-10-09 07:48:31 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2008-10-09 07:47:33 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-10-09 07:47:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-09 07:47:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-09 07:47:02 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-10-09 07:46:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-09 07:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-09 07:46:25 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-10-09 07:46:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-09 07:46:03 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2008-10-09 07:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-10-09 07:45:35 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-09 07:45:25 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-09 07:45:15 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-10-09 07:26:22 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-09 07:23:04 ----N---- C:\WINDOWS\kb913800.exe
2008-10-09 07:18:33 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-09 07:18:33 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-05 21:05:12 ----D---- C:\Documents and Settings\ken\Application Data\WinRAR
2008-10-05 21:02:58 ----D---- C:\Documents and Settings\ken\Application Data\Macromedia
2008-10-05 21:02:58 ----D---- C:\Documents and Settings\ken\Application Data\Adobe
2008-10-05 20:49:40 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-05 20:49:23 ----D---- C:\WINDOWS\system32\PreInstall
2008-10-05 20:49:22 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-10-05 20:38:04 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-05 20:31:16 ----D---- C:\Program Files\WinRAR
2008-10-05 20:26:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-05 20:23:39 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-05 20:23:36 ----D---- C:\Program Files\Windows Live
2008-10-05 20:23:29 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-05 20:20:17 ----D---- C:\WINDOWS\pss
2008-10-05 20:12:50 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-05 20:01:50 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-10-05 19:46:02 ----D---- C:\Program Files\CCleaner
2008-10-05 19:43:38 ----SHD---- C:\RECYCLER
2008-10-05 19:42:25 ----D---- C:\Documents and Settings\ken\Application Data\Talkback
2008-10-05 19:41:56 ----D---- C:\Documents and Settings\ken\Application Data\Mozilla
2008-10-05 19:41:51 ----D---- C:\Program Files\Mozilla Firefox
2008-10-05 19:36:54 ----A---- C:\WINDOWS\vpc32.INI
2008-10-05 19:31:30 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-05 19:31:25 ----D---- C:\Program Files\Symantec
2008-10-05 19:31:25 ----A---- C:\WINDOWS\system32\capicom.dll
2008-10-05 19:31:15 ----D---- C:\Program Files\Symantec AntiVirus
2008-10-05 19:31:15 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-05 19:31:15 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-05 18:56:27 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-10-05 18:54:22 ----A---- C:\WINDOWS\system32\iglicd32.dll
2008-10-05 18:54:22 ----A---- C:\WINDOWS\system32\igldev32.dll
2008-10-05 18:54:21 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2008-10-05 18:54:21 ----A---- C:\WINDOWS\system32\igfxtray.exe
2008-10-05 18:54:21 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2008-10-05 18:54:21 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2008-10-05 18:54:21 ----A---- C:\WINDOWS\system32\igfxress.dll
2008-10-05 18:54:21 ----A---- C:\WINDOWS\system32\igfxpph.dll
2008-10-05 18:54:21 ----A---- C:\WINDOWS\system32\igfxpers.exe
2008-10-05 18:54:21 ----A---- C:\WINDOWS\system32\igfxext.exe
2008-10-05 18:54:21 ----A---- C:\WINDOWS\system32\igfxexps.dll
2008-10-05 18:54:21 ----A---- C:\WINDOWS\system32\igfxdo.dll
2008-10-05 18:54:21 ----A---- C:\WINDOWS\system32\igfxdev.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuTRK.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuTHA.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuSVE.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuRUS.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuPTG.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuPTB.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuPLK.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuNOR.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuNLD.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuKOR.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuJPN.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuITA.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuHUN.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuHEB.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuFRC.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuFRA.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuFIN.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuESP.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuENG.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuELL.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmudlg.exe
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuDEU.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuDAN.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuCSY.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuCHT.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuCHS.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuARB.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmuARA.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmrnt5.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmrem.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmdnt5.dll
2008-10-05 18:54:20 ----A---- C:\WINDOWS\system32\ialmdev5.dll
2008-10-05 18:54:19 ----A---- C:\WINDOWS\system32\ialmdd5.dll
2008-10-05 18:54:19 ----A---- C:\WINDOWS\system32\iAlmCoIn_v4543.dll
2008-10-05 18:54:19 ----A---- C:\WINDOWS\system32\hkcmd.exe
2008-10-05 18:54:19 ----A---- C:\WINDOWS\system32\hccutils.dll
2008-10-05 18:54:06 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-05 18:52:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-05 18:52:56 ----D---- C:\Program Files\Intel
2008-10-05 18:52:14 ----A---- C:\WINDOWS\stsystra.exe
2008-10-05 18:52:13 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-10-05 18:52:12 ----A---- C:\WINDOWS\system32\staco.dll
2008-10-05 18:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB835221WXP$
2008-10-05 18:52:02 ----A---- C:\WINDOWS\system32\stacapi.dll
2008-10-05 18:52:01 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-05 18:52:01 ----D---- C:\Program Files\SigmaTel
2008-10-05 18:50:51 ----D---- C:\drvrtmp
2008-10-05 18:50:51 ----A---- C:\WINDOWS\system32\Prounstl.exe
2008-10-05 18:50:51 ----A---- C:\WINDOWS\system32\IntelNic.dll
2008-10-05 18:50:51 ----A---- C:\WINDOWS\system32\e100bmsg.dll
2008-10-05 18:49:12 ----D---- C:\WINDOWS\system32\vmm32
2008-10-05 18:49:11 ----D---- C:\Program Files\Dell
2008-10-05 18:48:53 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-05 18:41:28 ----D---- C:\Documents and Settings\ken\Application Data\Identities
2008-10-05 18:41:25 ----HD---- C:\Program Files\Uninstall Information
2008-10-05 18:33:24 ----D---- C:\WINDOWS\RegisteredPackages
2008-10-05 18:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB900325$
2008-10-05 18:32:06 ----HDC---- C:\WINDOWS\$NtUninstallKB902841$
2008-10-05 18:31:46 ----HDC---- C:\WINDOWS\$NtUninstallKB888795$
2008-10-05 18:31:37 ----HDC---- C:\WINDOWS\$NtUninstallKB899510$
2008-10-05 18:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB912812$
2008-10-05 18:31:18 ----HDC---- C:\WINDOWS\$NtUninstallKB899337$
2008-10-05 18:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB895961$
2008-10-05 18:31:03 ----HDC---- C:\WINDOWS\$NtUninstallKB891593$
2008-10-05 18:30:47 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-10-05 18:30:46 ----HDC---- C:\WINDOWS\$NtUninstallKB903157$
2008-10-05 18:29:07 ----D---- C:\WINDOWS\system32\URTTemp
2008-10-05 18:28:47 ----D---- C:\Program Files\RGB
2008-10-05 18:27:31 ----D---- C:\Program Files\EnglishOtto
2008-10-05 18:23:27 ----SD---- C:\Documents and Settings\ken\Application Data\Microsoft
2008-10-05 18:23:27 ----ASH---- C:\Documents and Settings\ken\Application Data\desktop.ini
2008-10-05 18:22:10 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-05 18:22:07 ----SD---- C:\WINDOWS\system32\Microsoft
2008-10-05 18:22:07 ----D---- C:\WINDOWS\Prefetch
2008-10-05 18:09:46 ----D---- C:\WINDOWS\system32\xircom
2008-10-05 18:09:46 ----D---- C:\Program Files\xerox
2008-10-05 18:09:46 ----D---- C:\Program Files\microsoft frontpage
2008-10-05 18:09:21 ----D---- C:\DELL
2008-10-05 18:09:12 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-05 18:09:11 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-10-05 18:09:00 ----A---- C:\WINDOWS\control.ini
2008-10-05 18:09:00 ----A---- C:\AUTOEXEC.BAT
2008-10-05 18:08:46 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-10-05 18:07:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-05 18:07:42 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-05 18:07:42 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-05 18:07:36 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-05 18:07:32 ----HD---- C:\Program Files\WindowsUpdate
2008-10-05 18:07:13 ----D---- C:\WINDOWS\system32\DirectX
2008-10-05 18:06:55 ----A---- C:\WINDOWS\system32\atrace.dll
2008-10-05 18:06:53 ----A---- C:\WINDOWS\system32\desktop.ini
2008-10-05 18:06:53 ----A---- C:\WINDOWS\desktop.ini
2008-10-05 18:06:47 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-10-05 18:06:46 ----D---- C:\Program Files\Common Files\Services
2008-10-05 18:06:46 ----A---- C:\WINDOWS\system32\acctres.dll
2008-10-05 18:06:44 ----SD---- C:\WINDOWS\Tasks
2008-10-05 18:06:44 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-10-05 18:06:43 ----D---- C:\Program Files\Common Files\MSSoap
2008-10-05 18:06:39 ----D---- C:\WINDOWS\srchasst
2008-10-05 18:06:38 ----D---- C:\WINDOWS\system32\Macromed
2008-10-05 18:06:36 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-05 18:06:36 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-05 18:06:36 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-10-05 18:06:36 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-10-05 18:06:35 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-05 18:06:35 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-05 18:06:35 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-10-05 18:06:35 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-05 18:06:35 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-05 18:06:35 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-10-05 18:06:35 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-10-05 18:06:35 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-10-05 18:06:34 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-05 18:06:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-10-05 18:06:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-10-05 18:06:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-10-05 18:06:28 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-10-05 18:06:24 ----D---- C:\WINDOWS\system32\Restore
2008-10-05 18:06:24 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-10-05 18:06:24 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-10-05 18:06:24 ----A---- C:\WINDOWS\system32\srclient.dll
2008-10-05 18:06:24 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-10-05 18:06:24 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-10-05 18:06:23 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-10-05 18:06:23 ----A---- C:\WINDOWS\system32\msconf.dll
2008-10-05 18:06:23 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-10-05 18:06:23 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-10-05 18:06:23 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-10-05 18:06:23 ----A---- C:\WINDOWS\system32\ils.dll
2008-10-05 18:06:20 ----D---- C:\Program Files\NetMeeting
2008-10-05 18:06:20 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-10-05 18:06:20 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-10-05 18:06:19 ----A---- C:\WINDOWS\system32\inetres.dll
2008-10-05 18:06:19 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-10-05 18:06:18 ----D---- C:\Program Files\Outlook Express
2008-10-05 18:06:17 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-10-05 18:06:17 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-10-05 18:06:17 ----A---- C:\WINDOWS\system32\mstask.dll
2008-10-05 18:06:17 ----A---- C:\WINDOWS\system32\isign32.dll
2008-10-05 18:06:17 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-10-05 18:06:17 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-10-05 18:06:17 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-10-05 18:06:12 ----D---- C:\Program Files\Common Files\System
2008-10-05 18:06:11 ----D---- C:\Program Files\Internet Explorer
2008-10-05 18:05:38 ----RSD---- C:\WINDOWS\assembly
2008-10-05 18:05:10 ----D---- C:\Program Files\ComPlus Applications
2008-10-05 18:05:09 ----A---- C:\WINDOWS\vbaddin.ini
2008-10-05 18:05:09 ----A---- C:\WINDOWS\vb.ini
2008-10-05 18:05:05 ----D---- C:\WINDOWS\Registration
2008-10-05 18:04:59 ----D---- C:\Program Files\Online Services
2008-10-05 18:04:45 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-05 18:04:42 ----D---- C:\Program Files\Windows Media Player
2008-10-05 18:04:24 ----D---- C:\Program Files\Windows Plus
2008-10-05 18:04:15 ----A---- C:\WINDOWS\system32\mhn.dll
2008-10-05 18:04:15 ----A---- C:\WINDOWS\system32\igdetect.dll
2008-10-05 18:04:12 ----D---- C:\Program Files\Movie Maker
2008-10-05 18:03:11 ----D---- C:\Program Files\Messenger
2008-10-05 18:03:08 ----D---- C:\Program Files\MSN Gaming Zone
2008-10-05 18:03:08 ----A---- C:\WINDOWS\system32\write.exe
2008-10-05 18:03:00 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-10-05 18:03:00 ----A---- C:\WINDOWS\system32\hticons.dll
2008-10-05 18:03:00 ----A---- C:\WINDOWS\system32\avwav.dll
2008-10-05 18:03:00 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-10-05 18:03:00 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-10-05 18:02:59 ----A---- C:\WINDOWS\system32\winchat.exe
2008-10-05 18:02:54 ----A---- C:\WINDOWS\system32\getuname.dll
2008-10-05 18:02:53 ----A---- C:\WINDOWS\system32\winmine.exe
2008-10-05 18:02:53 ----A---- C:\WINDOWS\system32\sol.exe
2008-10-05 18:02:53 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-10-05 18:02:53 ----A---- C:\WINDOWS\system32\charmap.exe
2008-10-05 18:02:53 ----A---- C:\WINDOWS\system32\calc.exe
2008-10-05 18:02:52 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-10-05 18:02:52 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-10-05 18:02:52 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-10-05 18:02:52 ----A---- C:\WINDOWS\system32\tskill.exe
2008-10-05 18:02:52 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-10-05 18:02:52 ----A---- C:\WINDOWS\system32\tscon.exe
2008-10-05 18:02:52 ----A---- C:\WINDOWS\system32\shadow.exe
2008-10-05 18:02:52 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-10-05 18:02:52 ----A---- C:\WINDOWS\system32\reset.exe
2008-10-05 18:02:52 ----A---- C:\WINDOWS\system32\regini.exe
2008-10-05 18:02:52 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-10-05 18:02:52 ----A---- C:\WINDOWS\system32\freecell.exe
2008-10-05 18:02:51 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-10-05 18:02:51 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-10-05 18:02:51 ----A---- C:\WINDOWS\system32\msg.exe
2008-10-05 18:02:51 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-10-05 18:02:51 ----A---- C:\WINDOWS\system32\logoff.exe
2008-10-05 18:02:51 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-10-05 18:02:50 ----A---- C:\WINDOWS\system32\stclient.dll
2008-10-05 18:02:50 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-10-05 18:02:50 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-10-05 18:02:50 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-10-05 18:02:50 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-10-05 18:02:50 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-10-05 18:02:50 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-10-05 18:02:50 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-10-05 18:02:46 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-10-05 18:02:33 ----D---- C:\Program Files\MSN
2008-10-05 18:02:32 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-10-05 18:02:32 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-10-05 18:02:32 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-10-05 18:02:32 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-10-05 18:02:31 ----D---- C:\Program Files\Windows NT
2008-10-05 18:02:31 ----A---- C:\WINDOWS\system32\spider.exe
2008-10-05 18:02:31 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-10-05 18:02:31 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-10-05 18:02:30 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-10-05 18:02:30 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-10-05 18:02:30 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-10-05 18:02:30 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-10-05 18:02:30 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-10-05 18:02:30 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-10-05 18:02:29 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-10-05 18:02:29 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-10-05 18:02:29 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-05 18:02:29 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-10-05 18:02:29 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-10-05 18:02:29 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-10-05 18:02:29 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-10-05 18:02:29 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-10-05 18:02:29 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-10-05 18:02:29 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-10-05 18:02:28 ----D---- C:\WINDOWS\system32\MsDtc
2008-10-05 18:02:28 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-10-05 18:02:28 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-10-05 18:02:28 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-10-05 18:02:28 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-10-05 18:02:28 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-10-05 18:02:27 ----D---- C:\WINDOWS\system32\Com
2008-10-05 18:02:27 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-10-05 18:02:27 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-10-05 18:02:27 ----A---- C:\WINDOWS\system32\colbact.dll
2008-10-05 18:02:27 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-10-05 18:02:27 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-10-05 18:02:26 ----A---- C:\WINDOWS\system32\comuid.dll
2008-10-05 18:02:26 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-10-05 18:02:26 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-10-05 18:02:26 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-10-05 18:02:26 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-10-05 18:02:20 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-10-05 18:02:20 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-10-05 18:02:20 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-10-05 18:02:20 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-10-05 12:00:45 ----A---- C:\WINDOWS\system32\h323log.txt
2008-10-05 11:55:31 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-10-05 11:54:28 ----A---- C:\WINDOWS\system32\usbui.dll
2008-10-05 11:53:19 ----SHD---- C:\WINDOWS\Installer
2008-10-05 11:53:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-05 11:53:18 ----D---- C:\Program Files\Common Files\ODBC
2008-10-05 11:53:18 ----A---- C:\WINDOWS\ODBCINST.INI
2008-10-05 11:53:15 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-10-05 11:53:14 ----RD---- C:\Program Files
2008-10-05 11:53:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-05 11:53:14 ----D---- C:\Program Files\Common Files
2008-10-05 11:53:12 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-10-05 11:53:12 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-10-05 11:53:12 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-10-05 11:53:10 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-10-05 11:53:10 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-10-05 11:53:10 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-10-05 11:53:10 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-10-05 11:53:10 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-10-05 11:53:10 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-10-05 11:53:10 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-10-05 11:53:10 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-10-05 11:53:10 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-10-05 11:53:10 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-10-05 11:53:10 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-10-05 11:53:10 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-10-05 11:53:08 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-10-05 11:53:08 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-10-05 11:53:08 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-10-05 11:53:08 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-10-05 11:53:08 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-10-05 11:53:08 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-10-05 11:53:08 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-10-05 11:53:07 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-10-05 11:53:07 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-10-05 11:53:07 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-10-05 11:53:07 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-10-05 11:53:07 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-10-05 11:53:05 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-10-05 11:53:05 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-10-05 11:53:05 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-10-05 11:53:05 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-10-05 11:53:05 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-10-05 11:53:05 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-10-05 11:53:05 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-10-05 11:53:05 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-10-05 11:53:05 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-10-05 11:53:05 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-10-05 11:53:05 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-10-05 11:53:05 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-10-05 11:53:05 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-10-05 11:53:03 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-10-05 11:53:03 ----A---- C:\WINDOWS\system32\irclass.dll
2008-10-05 11:53:03 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-10-05 11:53:03 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-10-05 11:53:02 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-10-05 11:53:01 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-10-05 11:53:01 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-10-05 11:53:00 ----A---- C:\WINDOWS\system32\batt.dll
2008-10-05 11:53:00 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-10-05 11:52:59 ----A---- C:\WINDOWS\system32\storprop.dll
2008-10-05 11:52:53 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-10-05 11:52:52 ----RA---- C:\WINDOWS\SET2E.tmp
2008-10-05 11:52:52 ----RA---- C:\WINDOWS\SET2D.tmp
2008-10-05 11:52:49 ----RA---- C:\WINDOWS\SET8.tmp
2008-10-05 11:52:46 ----RA---- C:\WINDOWS\SET4.tmp
2008-10-05 11:52:46 ----RA---- C:\WINDOWS\SET3.tmp
2008-10-05 11:52:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-05 11:52:42 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-05 11:52:36 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-05 11:52:16 ----D---- C:\Documents and Settings
2008-10-05 11:52:15 ----SHD---- C:\System Volume Information
2008-10-05 11:34:54 ----SH---- C:\boot.ini
2008-10-05 11:29:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-05 11:29:19 ----RSD---- C:\WINDOWS\Fonts
2008-10-05 11:29:19 ----RD---- C:\WINDOWS\Web
2008-10-05 11:29:19 ----HD---- C:\WINDOWS\inf
2008-10-05 11:29:19 ----D---- C:\WINDOWS\WinSxS
2008-10-05 11:29:19 ----D---- C:\WINDOWS\twain_32
2008-10-05 11:29:19 ----D---- C:\WINDOWS\Temp
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\wins
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\wbem
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\usmt
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\spool
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\ShellExt
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\Setup
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\ras
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\oobe
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\npp
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\mui
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\IME
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\icsxml
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\ias
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\export
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\drivers
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\dhcp
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\config
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\3com_dmi
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\3076
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\2052
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\1054
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\1042
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\1041
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\1037
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\1033
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\1031
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\1028
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32\1025
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system32
2008-10-05 11:29:19 ----D---- C:\WINDOWS\system
2008-10-05 11:29:19 ----D---- C:\WINDOWS\security
2008-10-05 11:29:19 ----D---- C:\WINDOWS\Resources
2008-10-05 11:29:19 ----D---- C:\WINDOWS\repair
2008-10-05 11:29:19 ----D---- C:\WINDOWS\Provisioning
2008-10-05 11:29:19 ----D---- C:\WINDOWS\PeerNet
2008-10-05 11:29:19 ----D---- C:\WINDOWS\pchealth
2008-10-05 11:29:19 ----D---- C:\WINDOWS\mui
2008-10-05 11:29:19 ----D---- C:\WINDOWS\msapps
2008-10-05 11:29:19 ----D---- C:\WINDOWS\msagent
2008-10-05 11:29:19 ----D---- C:\WINDOWS\Media
2008-10-05 11:29:19 ----D---- C:\WINDOWS\java
2008-10-05 11:29:19 ----D---- C:\WINDOWS\ime
2008-10-05 11:29:19 ----D---- C:\WINDOWS\Help
2008-10-05 11:29:19 ----D---- C:\WINDOWS\ehome
2008-10-05 11:29:19 ----D---- C:\WINDOWS\Driver Cache
2008-10-05 11:29:19 ----D---- C:\WINDOWS\dell
2008-10-05 11:29:19 ----D---- C:\WINDOWS\Debug
2008-10-05 11:29:19 ----D---- C:\WINDOWS\Cursors
2008-10-05 11:29:19 ----D---- C:\WINDOWS\Connection Wizard
2008-10-05 11:29:19 ----D---- C:\WINDOWS\Config
2008-10-05 11:29:19 ----D---- C:\WINDOWS\AppPatch
2008-10-05 11:29:19 ----D---- C:\WINDOWS\addins
2008-10-05 11:29:19 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-10-29 12:47:04 ----N---- C:\WINDOWS\system.ini
2008-10-29 12:47:04 ----A---- C:\WINDOWS\win.ini
2008-10-15 10:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-03 11:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-10 14848]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-10 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081029.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081029.003\navex15.sys []
R3 P0630VID;Creative WebCam Live!; C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-29 91830]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-12 47360]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-10 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EraserUtilDrvI7;EraserUtilDrvI7; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-29 85969]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-10 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-08 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-08 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-17 19648]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-17 1706176]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-08 83568]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

sUBs · 11-02-2008, 09:20 AM

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that.

straightjacket · 11-02-2008, 12:28 PM

sUBs, 1 hr before you posted your suggestion, I downloaded superantispyware free edition, ran the program. It found 74 instances of the vundo variant, quarantined all, and everything seems to be back to normal. Have not had a page hijacked since then. I will run combofix if you still think I should, but, if not thanks for time and consideration in this matter. I really do appreciate it.

sUBs · 11-02-2008, 02:30 PM

Please run ComboFix.

straightjacket · 11-06-2008, 07:14 AM

ComboFix 08-11-05.02 - ken 2008-11-06 8:05:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.604 [GMT -7:00]
Running from: c:\documents and settings\ken\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ken\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ken\Application Data\inst.exe
c:\windows\admintxt.txt
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\system32\blcwtwtx.ini
c:\windows\system32\jnxqrwsl.ini
c:\windows\system32\lswrqxnj.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\okuunt.dll
c:\windows\system32\oukhbh.dll
c:\windows\system32\pdkektyw.dll
c:\windows\system32\rbaafoer.dll
c:\windows\system32\ucrxxhsj.dll
c:\windows\system32\wbrrghtu.ini
c:\windows\system32\XGMnUvut.ini
c:\windows\system32\XGMnUvut.ini2

.
((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.

2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\documents and settings\ken\Application Data\SUPERAntiSpyware.com
2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-29 15:00 . 2008-10-29 15:00 <DIR> d-------- C:\rsit
2008-10-29 14:38 . 2008-10-29 15:43 250 --a------ c:\windows\gmer.ini
2008-10-29 13:29 . 2008-10-29 14:00 <DIR> d-------- c:\windows\BDOSCAN8
2008-10-29 12:44 . 2008-10-29 13:26 <DIR> d-------- c:\documents and settings\ken\.housecall6.6
2008-10-29 05:35 . 2008-10-29 06:05 596 --a------ C:\register.bat
2008-10-28 14:12 . 2008-10-28 14:12 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-10-28 14:12 . 2008-10-28 14:12 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-10-28 13:59 . 2008-10-28 14:12 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-10-28 13:59 . 2008-10-28 14:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-20 19:39 . 2008-10-20 19:39 <DIR> d-------- c:\documents and settings\ken\Application Data\dvdcss
2008-10-18 11:00 . 2008-10-20 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk
2008-10-17 14:26 . 2008-10-17 14:26 <DIR> d-------- c:\documents and settings\ken\Application Data\Creative
2008-10-16 11:19 . 2008-10-19 16:13 <DIR> d-------- c:\documents and settings\ken\Application Data\U3
2008-10-16 05:48 . 2008-08-14 02:57 2,185,984 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 05:48 . 2008-08-14 02:55 2,142,720 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 05:48 . 2008-08-14 02:18 2,062,976 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 05:48 . 2008-08-14 02:18 2,020,864 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-12 13:04 . 1999-03-25 23:00 101,888 --a------ c:\windows\system32\Vb6stkit.dll
2008-10-12 13:04 . 2000-07-17 13:41 70,088 --a------ c:\windows\system32\Project2-1.ocx
2008-10-12 13:04 . 2000-03-21 15:37 1,760 --a------ c:\windows\system32\objsafe.tlb
2008-10-12 13:04 . 2000-04-06 14:58 1,453 --a------ c:\windows\system32\Project2.INF
2008-10-12 13:03 . 2008-10-12 13:04 <DIR> d-------- c:\program files\eGames
2008-10-12 12:40 . 2008-10-19 14:10 <DIR> d-------- c:\documents and settings\ken\Application Data\LimeWire
2008-10-12 12:39 . 2008-11-02 09:49 <DIR> d-------- c:\program files\LimeWire
2008-10-12 10:32 . 2008-10-12 10:32 <DIR> d-------- c:\documents and settings\ken\Application Data\vlc
2008-10-12 10:31 . 2008-10-12 10:31 <DIR> d-------- c:\program files\VideoLAN
2008-10-12 10:23 . 2008-10-20 18:24 <DIR> d-------- c:\program files\DVDFab 5
2008-10-12 08:13 . 2008-10-12 08:13 <DIR> d-------- c:\program files\VSO
2008-10-12 08:13 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-10-12 08:13 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-10-12 08:13 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-10-12 08:13 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-10-12 08:13 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-10-12 08:13 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-10-12 08:13 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-10-12 07:16 . 2008-10-29 06:35 <DIR> d-------- c:\documents and settings\ken\Application Data\Vso
2008-10-12 07:16 . 2008-10-12 08:13 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-10-12 07:16 . 2008-10-12 08:13 47,360 --a------ c:\documents and settings\ken\Application Data\pcouffin.sys
2008-10-11 11:46 . 2008-10-11 11:47 <DIR> d-------- c:\documents and settings\ken\Application Data\Smart Panel
2008-10-11 11:46 . 2008-10-11 11:46 29 --a------ c:\windows\DEBUGSM.INI
2008-10-11 11:29 . 2008-10-11 11:29 <DIR> d-------- c:\documents and settings\ken\Application Data\Corel
2008-10-11 11:22 . 2008-10-11 11:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-10-11 11:22 . 2008-10-11 11:22 543 --a------ c:\windows\system32\mapisvc.inf
2008-10-11 11:21 . 2008-10-11 11:21 <DIR> d-------- c:\windows\ShellNew
2008-10-11 11:20 . 2008-10-11 11:22 <DIR> d-------- c:\program files\WordPerfect Office 12
2008-10-11 11:20 . 2008-10-11 11:20 <DIR> d-------- c:\program files\Common Files\Corel
2008-10-11 11:20 . 2008-10-11 11:20 <DIR> d-------- c:\program files\Common Files\Borland Shared
2008-10-11 10:48 . 2008-10-11 10:48 <DIR> d-------- c:\documents and settings\ken\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-11 10:42 . 2008-10-11 10:42 <DIR> d-------- C:\EPSONREG
2008-10-11 10:42 . 2008-10-11 10:42 <DIR> d-------- c:\documents and settings\ken\Application Data\Leadertech
2008-10-11 10:37 . 2004-02-01 00:00 413,696 --a------ c:\windows\system32\PICSDK.dll
2008-10-11 10:37 . 2002-11-14 23:00 45,056 --------- c:\windows\system32\EpPicPrt.dll
2008-10-11 10:37 . 2002-11-14 23:00 45,056 --------- c:\windows\system32\EpPicMgr.dll
2008-10-11 10:37 . 2004-02-01 00:00 29,521 --a------ c:\windows\system32\EPPICPrinterDB.dat
2008-10-11 10:37 . 2004-02-01 00:00 20,910 --a------ c:\windows\system32\EPPICPattern2.dat
2008-10-11 10:37 . 2004-02-01 00:00 20,869 --a------ c:\windows\system32\EPPICPattern1.dat
2008-10-11 10:37 . 2004-02-01 00:00 12,585 --a------ c:\windows\system32\EPPICLocal_EN.cfg
2008-10-11 10:37 . 2004-02-01 00:00 22 --------- c:\windows\system32\PICSDK.ini
2008-10-11 10:36 . 2008-10-11 10:37 <DIR> d-------- c:\program files\Smart Panel
2008-10-11 10:36 . 1999-06-15 10:31 96,768 --a------ c:\windows\SlantAdj.dll
2008-10-11 10:36 . 1999-12-07 01:03 73,216 --a------ c:\windows\ADE.DLL
2008-10-11 10:36 . 1999-04-26 23:17 3,136 --a------ c:\windows\Ade001.bin
2008-10-11 10:36 . 1999-08-09 22:50 72 --------- c:\windows\system32\epDPE.ini
2008-10-11 10:35 . 2004-08-03 21:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-10-11 10:35 . 2004-08-03 21:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-10-11 10:34 . 2008-10-11 10:34 <DIR> d-------- c:\windows\EPSON PhotoStarter Essential
2008-10-11 10:34 . 2008-10-11 10:34 <DIR> d-------- c:\windows\EPSON CardMonitor Essential
2008-10-11 10:34 . 2003-07-02 00:00 131,072 --a------ c:\windows\system32\Epcmlib.dll
2008-10-11 10:34 . 2003-06-30 23:00 46,080 --a------ c:\windows\system32\escimgd.dll
2008-10-11 10:34 . 2003-08-05 23:00 29,184 --a------ c:\windows\system32\escwiadn.dll
2008-10-11 10:34 . 2003-06-30 23:00 22,528 --a------ c:\windows\system32\esccmd.dll
2008-10-11 10:34 . 2008-10-11 10:42 44 --a------ c:\windows\EPCX4600.ini
2008-10-10 12:25 . 2008-10-11 10:37 <DIR> d-------- c:\program files\epson
2008-10-10 11:13 . 2008-10-10 11:13 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-10-10 11:10 . 2008-10-10 11:58 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-10-10 11:10 . 2008-10-10 11:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-10-10 11:10 . 2008-04-24 15:52 12,608 --a------ c:\windows\system32\drivers\TfKbMon.sys
2008-10-10 10:59 . 2008-10-10 10:59 <DIR> d-------- c:\program files\uTorrent
2008-10-10 10:59 . 2008-11-03 05:28 <DIR> d-------- c:\documents and settings\ken\Application Data\uTorrent
2008-10-10 10:25 . 2008-10-10 10:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\IM
2008-10-10 10:24 . 2008-10-10 10:25 <DIR> d-------- c:\program files\IncrediMail
2008-10-10 10:24 . 2008-10-10 10:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\IncrediMail
2008-10-10 08:08 . 2008-10-10 08:08 <DIR> d-------- c:\windows\Sun
2008-10-10 08:08 . 2008-10-10 08:08 <DIR> d-------- c:\program files\Java
2008-10-10 08:08 . 2008-06-10 01:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-10 08:06 . 2008-10-10 08:06 <DIR> d-------- c:\program files\Common Files\Java
2008-10-10 06:19 . 2004-08-03 22:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-10 06:19 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-10 06:19 . 2004-08-03 22:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-10-09 15:12 . 1999-10-10 18:00 41,984 --------- c:\windows\Ctregrun.exe
2008-10-09 15:09 . 2008-10-09 15:09 <DIR> d-------- c:\windows\CtDrvInstall
2008-10-09 15:08 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe
2008-10-09 15:07 . 2008-10-09 15:12 <DIR> d-------- c:\program files\Creative
2008-10-09 15:01 . 2008-10-09 15:01 <DIR> d-------- c:\program files\Yahoo!
2008-10-09 15:01 . 2008-10-09 15:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-09 08:21 . 2008-10-09 08:21 268 --ah----- C:\sqmdata06.sqm
2008-10-09 08:21 . 2008-10-09 08:21 244 --ah----- C:\sqmnoopt06.sqm
2008-10-09 08:00 . 2008-10-09 08:00 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-10-09 07:59 . 2008-10-09 08:00 <DIR> d-------- c:\program files\Common Files\Adobe
2008-10-09 07:17 . 2008-10-09 07:17 268 --ah----- C:\sqmdata05.sqm
2008-10-09 07:17 . 2008-10-09 07:17 244 --ah----- C:\sqmnoopt05.sqm
2008-10-09 06:54 . 2008-10-03 10:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-10-09 06:54 . 2007-04-17 02:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-09 06:54 . 2007-03-07 22:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-09 06:54 . 2008-08-26 00:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-10-09 06:54 . 2008-08-26 00:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-09 06:54 . 2008-08-26 00:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-10-09 06:54 . 2008-08-26 00:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-10-09 06:54 . 2008-08-26 00:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-09 06:54 . 2008-08-25 01:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-10-09 06:48 . 2008-10-09 06:48 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-09 06:26 . 2008-10-09 06:43 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-10-09 06:24 . 2008-06-13 06:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-10-09 06:24 . 2008-06-13 06:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-09 06:23 . 2006-03-20 20:23 23,040 --------- c:\windows\kb913800.exe
2008-10-09 06:18 . 2008-07-18 21:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-10-09 06:18 . 2008-07-18 21:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 15:04 --------- d-----w c:\program files\Symantec AntiVirus
2008-11-02 16:49 --------- d-----w c:\program files\RGB
2008-11-02 16:49 --------- d-----w c:\program files\EnglishOtto
2008-10-11 18:20 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-11 17:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-06 02:26 --------- d-----w c:\program files\Windows Live
2008-10-06 02:24 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-06 02:23 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-06 01:46 --------- d-----w c:\program files\CCleaner
2008-10-06 01:42 --------- d-----w c:\documents and settings\ken\Application Data\Talkback
2008-10-06 01:36 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-06 01:31 --------- d-----w c:\program files\Symantec
2008-10-06 01:31 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-06 00:54 5 ----a-w c:\windows\system32\drivers\DELL_XPS_Dell DM051 .MRK
2008-10-06 00:54 5 ----a-w c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051 .MRK
2008-10-06 00:52 --------- d-----w c:\program files\SigmaTel
2008-10-06 00:52 --------- d-----w c:\program files\Intel
2008-10-06 00:49 --------- d-----w c:\program files\Dell
2008-10-06 00:09 --------- d-----w c:\program files\microsoft frontpage
2008-10-06 00:04 --------- d-----w c:\program files\Windows Plus
2008-09-28 10:21 15,975,328 ----a-w c:\windows\61510.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qkultd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\61510]
--a------ 2008-09-28 03:21 15975328 c:\windows\61510.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-04-08 14:52 48752 c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 04:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 12:56 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series]
--a------ 2004-03-04 02:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATI9AA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 05:03 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 05:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-09-19 16:34 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-03 14:07 1576176 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-07-29 91830]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [ ]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [ ]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [ ]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [ ]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-5ce33f2c - c:\windows\system32\lswrqxnj.dll
MSConfigStartUp-Messenger Service - service.exe
MSConfigStartUp-Windows Service - service.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\ken\Application Data\Mozilla\Firefox\Profiles\k8hx0ldq.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 08:09:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-06 8:10:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-06 15:10:55

Pre-Run: 226,981,277,696 bytes free
Post-Run: 226,927,276,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

287 --- E O F --- 2008-10-25 23:32:05

sUBs · 11-06-2008, 10:47 AM

Did you at some time used to have ThreatFire installed on this machine?

c:\windows\61510.exe

Find this file. Right click on it & select 'Properties'
Look at the Version tab & tell me the following details ...

* Company Name
* Internal Name
* Description

--------

After you have posted that, use Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

straightjacket · 11-06-2008, 03:27 PM

Yes I did have threatfire on here at one time.

The file you asked for is vso convertxtodvd 3 setup
file version 0.0.0.0 and under " other version information it says , this installation was built with inno setup.

sUBs · 11-06-2008, 03:33 PM

I'll wait for the Kaspersky scan results.

straightjacket · 11-06-2008, 04:38 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, November 6, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, November 06, 2008 22:11:34
Records in database: 1372920
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 43885
Threat name: 3
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 00:34:56

File name / Threat name / Threats count
C:\Documents and Settings\ken\My Documents\completed torrents\ConvertXtoDVD 3 v3.2.1.55b\vsoConvertXtoDVD3_setup.exe Infected: Trojan-PSW.Win32.Small.gs 1
C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.n 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\oukhbh.dll.vir Infected: Backdoor.Win32.Rbot.vuz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pdkektyw.dll.vir Infected: Backdoor.Win32.Rbot.vuz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ucrxxhsj.dll.vir Infected: Backdoor.Win32.Rbot.vuz 1

The selected area was scanned.

sUBs · 11-06-2008, 04:51 PM

Quote:

The file you asked for is vso convertxtodvd 3 setup
file version 0.0.0.0 and under " other version information it says , this installation was built with inno setup.

Quote:

C:\Documents and Settings\ken\My Documents\completed torrents\ConvertXtoDVD 3 v3.2.1.55b\vsoConvertXtoDVD3_setup.exe Infected: Trojan-PSW.Win32.Small.gs 1

May be a good idea to uninstall the program & delete that torrent. What do you think?

straightjacket · 11-06-2008, 05:02 PM

Will do that right away. It is something my son has on here, so it's not needed. Is there anything else I should do?

sUBs · 11-06-2008, 05:08 PM

Quote:

Is there anything else I should do?

Yes there is. We'll need to clean up the rubbish ThreatFire left on the machine.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
c:\windows\61510.exe
C:\Documents and Settings\ken\My Documents\completed torrents\ConvertXtoDVD 3 v3.2.1.55b\vsoConvertXtoDVD3_setup.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\61510]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
Driver::
TfFsMon
TfSysMon
ThreatFire
TfNetMon

Save this as "CFScript"

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

straightjacket · 11-06-2008, 05:30 PM

ComboFix 08-11-05.02 - ken 2008-11-06 18:22:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.513 [GMT -7:00]
Running from: c:\documents and settings\ken\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ken\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\ken\My Documents\completed torrents\ConvertXtoDVD 3 v3.2.1.55b\vsoConvertXtoDVD3_setup.exe
c:\windows\61510.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\61510.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TFFSMON
-------\Legacy_TFNETMON
-------\Legacy_TFSYSMON
-------\Legacy_THREATFIRE
-------\Service_TfFsMon
-------\Service_TfNetMon
-------\Service_TfSysMon
-------\Service_ThreatFire

((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
.

2008-11-06 13:10 . 2008-11-06 18:24 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-06 08:52 . 2005-04-01 20:36 123,200 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-06 08:52 . 2005-04-01 20:36 91,856 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\documents and settings\ken\Application Data\SUPERAntiSpyware.com
2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-29 15:00 . 2008-10-29 15:00 <DIR> d-------- C:\rsit
2008-10-29 14:38 . 2008-10-29 15:43 250 --a------ c:\windows\gmer.ini
2008-10-29 13:29 . 2008-10-29 14:00 <DIR> d-------- c:\windows\BDOSCAN8
2008-10-29 12:44 . 2008-10-29 13:26 <DIR> d-------- c:\documents and settings\ken\.housecall6.6
2008-10-29 05:35 . 2008-10-29 06:05 596 --a------ C:\register.bat
2008-10-28 14:12 . 2008-10-28 14:12 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-10-28 14:12 . 2008-10-28 14:12 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-10-28 13:59 . 2008-11-06 15:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-20 19:39 . 2008-10-20 19:39 <DIR> d-------- c:\documents and settings\ken\Application Data\dvdcss
2008-10-18 11:00 . 2008-10-20 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk
2008-10-17 14:26 . 2008-10-17 14:26 <DIR> d-------- c:\documents and settings\ken\Application Data\Creative
2008-10-16 11:19 . 2008-10-19 16:13 <DIR> d-------- c:\documents and settings\ken\Application Data\U3
2008-10-16 05:48 . 2008-08-14 02:57 2,185,984 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 05:48 . 2008-08-14 02:55 2,142,720 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 05:48 . 2008-08-14 02:18 2,062,976 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 05:48 . 2008-08-14 02:18 2,020,864 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-12 13:04 . 1999-03-25 23:00 101,888 --a------ c:\windows\system32\Vb6stkit.dll
2008-10-12 13:04 . 2000-07-17 13:41 70,088 --a------ c:\windows\system32\Project2-1.ocx
2008-10-12 13:04 . 2000-03-21 15:37 1,760 --a------ c:\windows\system32\objsafe.tlb
2008-10-12 13:04 . 2000-04-06 14:58 1,453 --a------ c:\windows\system32\Project2.INF
2008-10-12 13:03 . 2008-10-12 13:04 <DIR> d-------- c:\program files\eGames
2008-10-12 12:40 . 2008-10-19 14:10 <DIR> d-------- c:\documents and settings\ken\Application Data\LimeWire
2008-10-12 12:39 . 2008-11-02 09:49 <DIR> d-------- c:\program files\LimeWire
2008-10-12 10:32 . 2008-10-12 10:32 <DIR> d-------- c:\documents and settings\ken\Application Data\vlc
2008-10-12 10:31 . 2008-10-12 10:31 <DIR> d-------- c:\program files\VideoLAN
2008-10-12 10:23 . 2008-10-20 18:24 <DIR> d-------- c:\program files\DVDFab 5
2008-10-12 07:16 . 2008-11-06 18:13 <DIR> d-------- c:\documents and settings\ken\Application Data\Vso
2008-10-12 07:16 . 2008-10-12 08:13 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-10-12 07:16 . 2008-10-12 08:13 47,360 --a------ c:\documents and settings\ken\Application Data\pcouffin.sys
2008-10-11 11:46 . 2008-10-11 11:47 <DIR> d-------- c:\documents and settings\ken\Application Data\Smart Panel
2008-10-11 11:46 . 2008-10-11 11:46 29 --a------ c:\windows\DEBUGSM.INI
2008-10-11 11:29 . 2008-10-11 11:29 <DIR> d-------- c:\documents and settings\ken\Application Data\Corel
2008-10-11 11:22 . 2008-10-11 11:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-10-11 11:22 . 2008-10-11 11:22 543 --a------ c:\windows\system32\mapisvc.inf
2008-10-11 11:21 . 2008-10-11 11:21 <DIR> d-------- c:\windows\ShellNew
2008-10-11 11:20 . 2008-10-11 11:22 <DIR> d-------- c:\program files\WordPerfect Office 12
2008-10-11 11:20 . 2008-10-11 11:20 <DIR> d-------- c:\program files\Common Files\Corel
2008-10-11 11:20 . 2008-10-11 11:20 <DIR> d-------- c:\program files\Common Files\Borland Shared
2008-10-11 10:48 . 2008-10-11 10:48 <DIR> d-------- c:\documents and settings\ken\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-11 10:42 . 2008-10-11 10:42 <DIR> d-------- C:\EPSONREG
2008-10-11 10:42 . 2008-10-11 10:42 <DIR> d-------- c:\documents and settings\ken\Application Data\Leadertech
2008-10-11 10:37 . 2004-02-01 00:00 413,696 --a------ c:\windows\system32\PICSDK.dll
2008-10-11 10:37 . 2002-11-14 23:00 45,056 --------- c:\windows\system32\EpPicPrt.dll
2008-10-11 10:37 . 2002-11-14 23:00 45,056 --------- c:\windows\system32\EpPicMgr.dll
2008-10-11 10:37 . 2004-02-01 00:00 29,521 --a------ c:\windows\system32\EPPICPrinterDB.dat
2008-10-11 10:37 . 2004-02-01 00:00 20,910 --a------ c:\windows\system32\EPPICPattern2.dat
2008-10-11 10:37 . 2004-02-01 00:00 20,869 --a------ c:\windows\system32\EPPICPattern1.dat
2008-10-11 10:37 . 2004-02-01 00:00 12,585 --a------ c:\windows\system32\EPPICLocal_EN.cfg
2008-10-11 10:37 . 2004-02-01 00:00 22 --------- c:\windows\system32\PICSDK.ini
2008-10-11 10:36 . 2008-10-11 10:37 <DIR> d-------- c:\program files\Smart Panel
2008-10-11 10:36 . 1999-06-15 10:31 96,768 --a------ c:\windows\SlantAdj.dll
2008-10-11 10:36 . 1999-12-07 01:03 73,216 --a------ c:\windows\ADE.DLL
2008-10-11 10:36 . 1999-04-26 23:17 3,136 --a------ c:\windows\Ade001.bin
2008-10-11 10:36 . 1999-08-09 22:50 72 --------- c:\windows\system32\epDPE.ini
2008-10-11 10:35 . 2004-08-03 21:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-10-11 10:35 . 2004-08-03 21:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-10-11 10:34 . 2008-10-11 10:34 <DIR> d-------- c:\windows\EPSON PhotoStarter Essential
2008-10-11 10:34 . 2008-10-11 10:34 <DIR> d-------- c:\windows\EPSON CardMonitor Essential
2008-10-11 10:34 . 2003-07-02 00:00 131,072 --a------ c:\windows\system32\Epcmlib.dll
2008-10-11 10:34 . 2003-06-30 23:00 46,080 --a------ c:\windows\system32\escimgd.dll
2008-10-11 10:34 . 2003-08-05 23:00 29,184 --a------ c:\windows\system32\escwiadn.dll
2008-10-11 10:34 . 2003-06-30 23:00 22,528 --a------ c:\windows\system32\esccmd.dll
2008-10-11 10:34 . 2008-10-11 10:42 44 --a------ c:\windows\EPCX4600.ini
2008-10-10 12:25 . 2008-10-11 10:37 <DIR> d-------- c:\program files\epson
2008-10-10 11:13 . 2008-10-10 11:13 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-10-10 11:10 . 2008-10-10 11:58 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-10-10 11:10 . 2008-10-10 11:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-10-10 11:10 . 2008-04-24 15:52 12,608 --a------ c:\windows\system32\drivers\TfKbMon.sys
2008-10-10 10:59 . 2008-10-10 10:59 <DIR> d-------- c:\program files\uTorrent
2008-10-10 10:59 . 2008-11-03 05:28 <DIR> d-------- c:\documents and settings\ken\Application Data\uTorrent
2008-10-10 10:25 . 2008-10-10 10:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\IM
2008-10-10 10:24 . 2008-10-10 10:25 <DIR> d-------- c:\program files\IncrediMail
2008-10-10 10:24 . 2008-10-10 10:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\IncrediMail
2008-10-10 08:08 . 2008-10-10 08:08 <DIR> d-------- c:\windows\Sun
2008-10-10 08:08 . 2008-10-10 08:08 <DIR> d-------- c:\program files\Java
2008-10-10 08:08 . 2008-06-10 01:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-10 08:06 . 2008-10-10 08:06 <DIR> d-------- c:\program files\Common Files\Java
2008-10-10 06:19 . 2004-08-03 22:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-10 06:19 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-10 06:19 . 2004-08-03 22:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-10-09 15:12 . 1999-10-10 18:00 41,984 --------- c:\windows\Ctregrun.exe
2008-10-09 15:09 . 2008-10-09 15:09 <DIR> d-------- c:\windows\CtDrvInstall
2008-10-09 15:08 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe
2008-10-09 15:07 . 2008-10-09 15:12 <DIR> d-------- c:\program files\Creative
2008-10-09 15:01 . 2008-10-09 15:01 <DIR> d-------- c:\program files\Yahoo!
2008-10-09 15:01 . 2008-10-09 15:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-09 08:21 . 2008-10-09 08:21 268 --ah----- C:\sqmdata06.sqm
2008-10-09 08:21 . 2008-10-09 08:21 244 --ah----- C:\sqmnoopt06.sqm
2008-10-09 08:00 . 2008-10-09 08:00 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-10-09 07:59 . 2008-10-09 08:00 <DIR> d-------- c:\program files\Common Files\Adobe
2008-10-09 07:17 . 2008-10-09 07:17 268 --ah----- C:\sqmdata05.sqm
2008-10-09 07:17 . 2008-10-09 07:17 244 --ah----- C:\sqmnoopt05.sqm
2008-10-09 06:54 . 2008-10-03 10:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-10-09 06:54 . 2007-04-17 02:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-09 06:54 . 2007-03-07 22:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-09 06:54 . 2008-08-26 00:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-10-09 06:54 . 2008-08-26 00:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-09 06:54 . 2008-08-26 00:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-10-09 06:54 . 2008-08-26 00:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-10-09 06:54 . 2008-08-26 00:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-09 06:54 . 2008-08-25 01:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-10-09 06:48 . 2008-10-09 06:48 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-09 06:26 . 2008-10-09 06:43 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-10-09 06:24 . 2008-06-13 06:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-10-09 06:24 . 2008-06-13 06:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-09 06:23 . 2006-03-20 20:23 23,040 --------- c:\windows\kb913800.exe
2008-10-09 06:18 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-10-09 06:18 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 01:25 --------- d-----w c:\program files\Symantec AntiVirus
2008-11-06 15:58 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-06 15:52 --------- d-----w c:\program files\Symantec
2008-11-06 15:52 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-02 16:49 --------- d-----w c:\program files\RGB
2008-11-02 16:49 --------- d-----w c:\program files\EnglishOtto
2008-10-11 18:20 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-11 17:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-06 02:26 --------- d-----w c:\program files\Windows Live
2008-10-06 02:24 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-06 02:23 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-06 01:46 --------- d-----w c:\program files\CCleaner
2008-10-06 01:42 --------- d-----w c:\documents and settings\ken\Application Data\Talkback
2008-10-06 00:54 5 ----a-w c:\windows\system32\drivers\DELL_XPS_Dell DM051 .MRK
2008-10-06 00:54 5 ----a-w c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051 .MRK
2008-10-06 00:52 --------- d-----w c:\program files\SigmaTel
2008-10-06 00:52 --------- d-----w c:\program files\Intel
2008-10-06 00:49 --------- d-----w c:\program files\Dell
2008-10-06 00:09 --------- d-----w c:\program files\microsoft frontpage
2008-10-06 00:04 --------- d-----w c:\program files\Windows Plus
.

((((((((((((((((((((((((((((( snapshot@2008-11-06_ 8.10.36.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-06 01:31:57 25,214 ----a-r c:\windows\Installer\{5A633ED0-E5D7-4D65-AB8D-53ED43510284}\ARPPRODUCTICON.exe
+ 2008-11-06 15:53:14 25,214 ----a-r c:\windows\Installer\{5A633ED0-E5D7-4D65-AB8D-53ED43510284}\ARPPRODUCTICON.exe
- 2008-10-06 01:31:57 40,960 ----a-r c:\windows\Installer\{5A633ED0-E5D7-4D65-AB8D-53ED43510284}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-11-06 15:53:14 40,960 ----a-r c:\windows\Installer\{5A633ED0-E5D7-4D65-AB8D-53ED43510284}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2003-03-19 02:05:50 89,088 ----a-w c:\windows\system32\atl71.dll
+ 2003-03-19 03:05:50 89,088 ----a-w c:\windows\system32\atl71.dll
- 2005-04-17 18:31:56 34,552 ----a-w c:\windows\system32\cba.dll
+ 2005-04-17 19:31:56 34,552 ----a-w c:\windows\system32\cba.dll
- 2008-07-19 04:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 21:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2008-07-19 04:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 21:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-07-19 04:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 21:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 04:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 21:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 04:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 21:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 04:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 21:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 04:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 21:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-19 04:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 21:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2005-04-05 17:16:52 11,512 ----a-w c:\windows\system32\drivers\symdns.sys
+ 2005-04-05 18:16:52 11,512 ----a-w c:\windows\system32\drivers\symdns.sys
- 2005-04-05 17:16:54 173,208 ----a-w c:\windows\system32\drivers\symfw.sys
+ 2005-04-05 18:16:54 173,208 ----a-w c:\windows\system32\drivers\symfw.sys
- 2005-04-05 17:16:58 36,984 ----a-w c:\windows\system32\drivers\symids.sys
+ 2005-04-05 18:16:58 36,984 ----a-w c:\windows\system32\drivers\symids.sys
- 2005-04-05 17:16:56 47,192 ----a-w c:\windows\system32\drivers\symndis.sys
+ 2005-04-05 18:16:56 47,192 ----a-w c:\windows\system32\drivers\symndis.sys
- 2005-04-05 17:17:00 17,976 ----a-w c:\windows\system32\drivers\symredrv.sys
+ 2005-04-05 18:17:00 17,976 ----a-w c:\windows\system32\drivers\symredrv.sys
- 2005-04-05 17:17:02 267,192 ----a-w c:\windows\system32\drivers\symtdi.sys
+ 2005-04-05 18:17:02 267,192 ----a-w c:\windows\system32\drivers\symtdi.sys
- 2005-04-17 18:31:58 83,648 ----a-w c:\windows\system32\loc32vc0.dll
+ 2005-04-17 19:31:58 83,648 ----a-w c:\windows\system32\loc32vc0.dll
- 2003-03-19 04:20:00 1,060,864 ----a-w c:\windows\system32\mfc71.dll
+ 2003-03-19 05:20:00 1,060,864 ----a-w c:\windows\system32\mfc71.dll
- 2003-03-19 04:12:12 1,047,552 ----a-w c:\windows\system32\mfc71u.dll
+ 2003-03-19 05:12:12 1,047,552 ----a-w c:\windows\system32\mfc71u.dll
- 2005-04-17 18:31:58 46,848 ----a-w c:\windows\system32\msgsys.dll
+ 2005-04-17 19:31:58 46,848 ----a-w c:\windows\system32\msgsys.dll
- 2008-07-19 04:07:54 210,976 ----a-w c:\windows\system32\muweb.dll
+ 2008-10-16 21

48 208,744 ----a-w c:\windows\system32\muweb.dll
- 2005-04-17 18:30:56 43,712 ----a-w c:\windows\system32\NavLogon.dll
+ 2005-04-17 19:30:56 43,712 ----a-w c:\windows\system32\NavLogon.dll
- 2005-04-17 18:32:00 83,704 ----a-w c:\windows\system32\nts.dll
+ 2005-04-17 19:32:00 83,704 ----a-w c:\windows\system32\nts.dll
- 2005-04-17 18:32:00 71,416 ----a-w c:\windows\system32\pds.dll
+ 2005-04-17 19:32:00 71,416 ----a-w c:\windows\system32\pds.dll
+ 2008-10-16 21:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 21:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2005-04-05 17:17:04 517,848 ----a-w c:\windows\system32\SymNeti.dll
+ 2005-04-05 18:17:04 517,848 ----a-w c:\windows\system32\SymNeti.dll
- 2005-04-05 17:17:04 132,824 ----a-w c:\windows\system32\SymRedir.dll
+ 2005-04-05 18:17:04 132,824 ----a-w c:\windows\system32\SymRedir.dll
- 2008-07-19 04:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 21:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-07-19 04:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 21:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2008-07-19 04:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 21:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2008-07-19 04:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 21:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2008-07-19 04:10:20 36,552 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 21:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2008-07-19 04:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 21:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2008-07-19 04:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 21:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-04-08 15:52 48752 c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 04:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 12:56 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series]
--a------ 2004-03-04 02:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATI9AA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 05:03 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 05:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-09-19 16:34 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-03 14:07 1576176 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R3 EraserUtilDrvI7;EraserUtilDrvI7;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [2008-10-15 99376]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-07-29 91830]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 18:25:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-11-06 18:27:37 - machine was rebooted [ken]
ComboFix-quarantined-files.txt 2008-11-07 01:27:33
ComboFix2.txt 2008-11-06 15:10:59

Pre-Run: 226,618,306,560 bytes free
Post-Run: 226,666,344,448 bytes free

334 --- E O F --- 2008-10-25 23:32:05

sUBs · 11-06-2008, 05:36 PM

Quote:

c:\windows\system32\drivers\TfKbMon.sys

Missed this file earlier on. It another remnant from ThreatFire. You can manually delete it.

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

Uninstall ComboFix ... do not skip this step
This process will perform some post cleanup measures.
Do this by going to to Start > Run & typing in ComboFix /u
ANTIVIRUS SOFTWARE
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Microsoft Windows Update ? http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SPYWAREBLASTER
SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here ? http://www.bleepingcomputer.com/forums/tutorial49.html

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Kindly respond to this thread once more so we can mark this thread as resolved.

straightjacket · 11-06-2008, 05:47 PM

Thankyou sUBs, for your timely help, and expert diagnosis and repair of my problem. I will follow, and implement the suggestions you have posted, to ensure I will not have these problems in the future. Again, thanks so much.

11-02-2008, 09:20 AM	#2 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 23,238 OS: N/A	Re: internet pages are being hijacked Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Post the log from ComboFix when you've accomplished that.

11-02-2008, 12:28 PM	#3 (permalink)
straightjacket Registered User Join Date: Oct 2008 Posts: 8 OS: xp media edition	Re: internet pages are being hijacked sUBs, 1 hr before you posted your suggestion, I downloaded superantispyware free edition, ran the program. It found 74 instances of the vundo variant, quarantined all, and everything seems to be back to normal. Have not had a page hijacked since then. I will run combofix if you still think I should, but, if not thanks for time and consideration in this matter. I really do appreciate it.

11-02-2008, 02:30 PM	#4 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 23,238 OS: N/A	Re: internet pages are being hijacked Please run ComboFix.

11-06-2008, 07:14 AM	#5 (permalink)
straightjacket Registered User Join Date: Oct 2008 Posts: 8 OS: xp media edition	Re: internet pages are being hijacked ComboFix 08-11-05.02 - ken 2008-11-06 8:05:53.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.604 [GMT -7:00] Running from: c:\documents and settings\ken\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\ken\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\ken\Application Data\inst.exe c:\windows\admintxt.txt c:\windows\Downloaded Program Files\ODCTOOLS c:\windows\system32\blcwtwtx.ini c:\windows\system32\jnxqrwsl.ini c:\windows\system32\lswrqxnj.dll c:\windows\system32\mcrh.tmp c:\windows\system32\okuunt.dll c:\windows\system32\oukhbh.dll c:\windows\system32\pdkektyw.dll c:\windows\system32\rbaafoer.dll c:\windows\system32\ucrxxhsj.dll c:\windows\system32\wbrrghtu.ini c:\windows\system32\XGMnUvut.ini c:\windows\system32\XGMnUvut.ini2 . ((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 ))))))))))))))))))))))))))))))) . 2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\documents and settings\ken\Application Data\SUPERAntiSpyware.com 2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-29 15:00 . 2008-10-29 15:00 <DIR> d-------- C:\rsit 2008-10-29 14:38 . 2008-10-29 15:43 250 --a------ c:\windows\gmer.ini 2008-10-29 13:29 . 2008-10-29 14:00 <DIR> d-------- c:\windows\BDOSCAN8 2008-10-29 12:44 . 2008-10-29 13:26 <DIR> d-------- c:\documents and settings\ken\.housecall6.6 2008-10-29 05:35 . 2008-10-29 06:05 596 --a------ C:\register.bat 2008-10-28 14:12 . 2008-10-28 14:12 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2008-10-28 14:12 . 2008-10-28 14:12 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2008-10-28 13:59 . 2008-10-28 14:12 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-10-28 13:59 . 2008-10-28 14:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-20 19:39 . 2008-10-20 19:39 <DIR> d-------- c:\documents and settings\ken\Application Data\dvdcss 2008-10-18 11:00 . 2008-10-20 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk 2008-10-17 14:26 . 2008-10-17 14:26 <DIR> d-------- c:\documents and settings\ken\Application Data\Creative 2008-10-16 11:19 . 2008-10-19 16:13 <DIR> d-------- c:\documents and settings\ken\Application Data\U3 2008-10-16 05:48 . 2008-08-14 02:57 2,185,984 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-16 05:48 . 2008-08-14 02:55 2,142,720 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-16 05:48 . 2008-08-14 02:18 2,062,976 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-16 05:48 . 2008-08-14 02:18 2,020,864 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-12 13:04 . 1999-03-25 23:00 101,888 --a------ c:\windows\system32\Vb6stkit.dll 2008-10-12 13:04 . 2000-07-17 13:41 70,088 --a------ c:\windows\system32\Project2-1.ocx 2008-10-12 13:04 . 2000-03-21 15:37 1,760 --a------ c:\windows\system32\objsafe.tlb 2008-10-12 13:04 . 2000-04-06 14:58 1,453 --a------ c:\windows\system32\Project2.INF 2008-10-12 13:03 . 2008-10-12 13:04 <DIR> d-------- c:\program files\eGames 2008-10-12 12:40 . 2008-10-19 14:10 <DIR> d-------- c:\documents and settings\ken\Application Data\LimeWire 2008-10-12 12:39 . 2008-11-02 09:49 <DIR> d-------- c:\program files\LimeWire 2008-10-12 10:32 . 2008-10-12 10:32 <DIR> d-------- c:\documents and settings\ken\Application Data\vlc 2008-10-12 10:31 . 2008-10-12 10:31 <DIR> d-------- c:\program files\VideoLAN 2008-10-12 10:23 . 2008-10-20 18:24 <DIR> d-------- c:\program files\DVDFab 5 2008-10-12 08:13 . 2008-10-12 08:13 <DIR> d-------- c:\program files\VSO 2008-10-12 08:13 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll 2008-10-12 08:13 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll 2008-10-12 08:13 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll 2008-10-12 08:13 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll 2008-10-12 08:13 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll 2008-10-12 08:13 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll 2008-10-12 08:13 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll 2008-10-12 07:16 . 2008-10-29 06:35 <DIR> d-------- c:\documents and settings\ken\Application Data\Vso 2008-10-12 07:16 . 2008-10-12 08:13 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys 2008-10-12 07:16 . 2008-10-12 08:13 47,360 --a------ c:\documents and settings\ken\Application Data\pcouffin.sys 2008-10-11 11:46 . 2008-10-11 11:47 <DIR> d-------- c:\documents and settings\ken\Application Data\Smart Panel 2008-10-11 11:46 . 2008-10-11 11:46 29 --a------ c:\windows\DEBUGSM.INI 2008-10-11 11:29 . 2008-10-11 11:29 <DIR> d-------- c:\documents and settings\ken\Application Data\Corel 2008-10-11 11:22 . 2008-10-11 11:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield 2008-10-11 11:22 . 2008-10-11 11:22 543 --a------ c:\windows\system32\mapisvc.inf 2008-10-11 11:21 . 2008-10-11 11:21 <DIR> d-------- c:\windows\ShellNew 2008-10-11 11:20 . 2008-10-11 11:22 <DIR> d-------- c:\program files\WordPerfect Office 12 2008-10-11 11:20 . 2008-10-11 11:20 <DIR> d-------- c:\program files\Common Files\Corel 2008-10-11 11:20 . 2008-10-11 11:20 <DIR> d-------- c:\program files\Common Files\Borland Shared 2008-10-11 10:48 . 2008-10-11 10:48 <DIR> d-------- c:\documents and settings\ken\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-10-11 10:42 . 2008-10-11 10:42 <DIR> d-------- C:\EPSONREG 2008-10-11 10:42 . 2008-10-11 10:42 <DIR> d-------- c:\documents and settings\ken\Application Data\Leadertech 2008-10-11 10:37 . 2004-02-01 00:00 413,696 --a------ c:\windows\system32\PICSDK.dll 2008-10-11 10:37 . 2002-11-14 23:00 45,056 --------- c:\windows\system32\EpPicPrt.dll 2008-10-11 10:37 . 2002-11-14 23:00 45,056 --------- c:\windows\system32\EpPicMgr.dll 2008-10-11 10:37 . 2004-02-01 00:00 29,521 --a------ c:\windows\system32\EPPICPrinterDB.dat 2008-10-11 10:37 . 2004-02-01 00:00 20,910 --a------ c:\windows\system32\EPPICPattern2.dat 2008-10-11 10:37 . 2004-02-01 00:00 20,869 --a------ c:\windows\system32\EPPICPattern1.dat 2008-10-11 10:37 . 2004-02-01 00:00 12,585 --a------ c:\windows\system32\EPPICLocal_EN.cfg 2008-10-11 10:37 . 2004-02-01 00:00 22 --------- c:\windows\system32\PICSDK.ini 2008-10-11 10:36 . 2008-10-11 10:37 <DIR> d-------- c:\program files\Smart Panel 2008-10-11 10:36 . 1999-06-15 10:31 96,768 --a------ c:\windows\SlantAdj.dll 2008-10-11 10:36 . 1999-12-07 01:03 73,216 --a------ c:\windows\ADE.DLL 2008-10-11 10:36 . 1999-04-26 23:17 3,136 --a------ c:\windows\Ade001.bin 2008-10-11 10:36 . 1999-08-09 22:50 72 --------- c:\windows\system32\epDPE.ini 2008-10-11 10:35 . 2004-08-03 21:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2008-10-11 10:35 . 2004-08-03 21:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2008-10-11 10:34 . 2008-10-11 10:34 <DIR> d-------- c:\windows\EPSON PhotoStarter Essential 2008-10-11 10:34 . 2008-10-11 10:34 <DIR> d-------- c:\windows\EPSON CardMonitor Essential 2008-10-11 10:34 . 2003-07-02 00:00 131,072 --a------ c:\windows\system32\Epcmlib.dll 2008-10-11 10:34 . 2003-06-30 23:00 46,080 --a------ c:\windows\system32\escimgd.dll 2008-10-11 10:34 . 2003-08-05 23:00 29,184 --a------ c:\windows\system32\escwiadn.dll 2008-10-11 10:34 . 2003-06-30 23:00 22,528 --a------ c:\windows\system32\esccmd.dll 2008-10-11 10:34 . 2008-10-11 10:42 44 --a------ c:\windows\EPCX4600.ini 2008-10-10 12:25 . 2008-10-11 10:37 <DIR> d-------- c:\program files\epson 2008-10-10 11:13 . 2008-10-10 11:13 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151} 2008-10-10 11:10 . 2008-10-10 11:58 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-10-10 11:10 . 2008-10-10 11:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2008-10-10 11:10 . 2008-04-24 15:52 12,608 --a------ c:\windows\system32\drivers\TfKbMon.sys 2008-10-10 10:59 . 2008-10-10 10:59 <DIR> d-------- c:\program files\uTorrent 2008-10-10 10:59 . 2008-11-03 05:28 <DIR> d-------- c:\documents and settings\ken\Application Data\uTorrent 2008-10-10 10:25 . 2008-10-10 10:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\IM 2008-10-10 10:24 . 2008-10-10 10:25 <DIR> d-------- c:\program files\IncrediMail 2008-10-10 10:24 . 2008-10-10 10:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\IncrediMail 2008-10-10 08:08 . 2008-10-10 08:08 <DIR> d-------- c:\windows\Sun 2008-10-10 08:08 . 2008-10-10 08:08 <DIR> d-------- c:\program files\Java 2008-10-10 08:08 . 2008-06-10 01:32 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-10-10 08:06 . 2008-10-10 08:06 <DIR> d-------- c:\program files\Common Files\Java 2008-10-10 06:19 . 2004-08-03 22:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2008-10-10 06:19 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-10-10 06:19 . 2004-08-03 22:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2008-10-09 15:12 . 1999-10-10 18:00 41,984 --------- c:\windows\Ctregrun.exe 2008-10-09 15:09 . 2008-10-09 15:09 <DIR> d-------- c:\windows\CtDrvInstall 2008-10-09 15:08 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe 2008-10-09 15:07 . 2008-10-09 15:12 <DIR> d-------- c:\program files\Creative 2008-10-09 15:01 . 2008-10-09 15:01 <DIR> d-------- c:\program files\Yahoo! 2008-10-09 15:01 . 2008-10-09 15:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! 2008-10-09 08:21 . 2008-10-09 08:21 268 --ah----- C:\sqmdata06.sqm 2008-10-09 08:21 . 2008-10-09 08:21 244 --ah----- C:\sqmnoopt06.sqm 2008-10-09 08:00 . 2008-10-09 08:00 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-10-09 07:59 . 2008-10-09 08:00 <DIR> d-------- c:\program files\Common Files\Adobe 2008-10-09 07:17 . 2008-10-09 07:17 268 --ah----- C:\sqmdata05.sqm 2008-10-09 07:17 . 2008-10-09 07:17 244 --ah----- C:\sqmnoopt05.sqm 2008-10-09 06:54 . 2008-10-03 10:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2008-10-09 06:54 . 2007-04-17 02:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2008-10-09 06:54 . 2007-03-07 22:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2008-10-09 06:54 . 2008-08-26 00:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2008-10-09 06:54 . 2008-08-26 00:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2008-10-09 06:54 . 2008-08-26 00:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2008-10-09 06:54 . 2008-08-26 00:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2008-10-09 06:54 . 2008-08-26 00:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2008-10-09 06:54 . 2008-08-25 01:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2008-10-09 06:48 . 2008-10-09 06:48 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2008-10-09 06:26 . 2008-10-09 06:43 <DIR> d-------- c:\windows\system32\CatRoot_bak 2008-10-09 06:24 . 2008-06-13 06:10 272,128 --------- c:\windows\system32\drivers\bthport.sys 2008-10-09 06:24 . 2008-06-13 06:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-10-09 06:23 . 2006-03-20 20:23 23,040 --------- c:\windows\kb913800.exe 2008-10-09 06:18 . 2008-07-18 21:07 270,880 --a------ c:\windows\system32\mucltui.dll 2008-10-09 06:18 . 2008-07-18 21:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-06 15:04 --------- d-----w c:\program files\Symantec AntiVirus 2008-11-02 16:49 --------- d-----w c:\program files\RGB 2008-11-02 16:49 --------- d-----w c:\program files\EnglishOtto 2008-10-11 18:20 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-11 17:37 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-06 02:26 --------- d-----w c:\program files\Windows Live 2008-10-06 02:24 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-10-06 02:23 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-10-06 01:46 --------- d-----w c:\program files\CCleaner 2008-10-06 01:42 --------- d-----w c:\documents and settings\ken\Application Data\Talkback 2008-10-06 01:36 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-10-06 01:31 --------- d-----w c:\program files\Symantec 2008-10-06 01:31 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-10-06 00:54 5 ----a-w c:\windows\system32\drivers\DELL_XPS_Dell DM051 .MRK 2008-10-06 00:54 5 ----a-w c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051 .MRK 2008-10-06 00:52 --------- d-----w c:\program files\SigmaTel 2008-10-06 00:52 --------- d-----w c:\program files\Intel 2008-10-06 00:49 --------- d-----w c:\program files\Dell 2008-10-06 00:09 --------- d-----w c:\program files\microsoft frontpage 2008-10-06 00:04 --------- d-----w c:\program files\Windows Plus 2008-09-28 10:21 15,975,328 ----a-w c:\windows\61510.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= c:\windows\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=qkultd.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\61510] --a------ 2008-09-28 03:21 15975328 c:\windows\61510.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2005-04-08 14:52 48752 c:\program files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-10 04:00 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-08-05 12:56 64512 c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series] --a------ 2004-03-04 02:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATI9AA.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2004-06-16 05:03 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2004-06-16 05:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] --a------ 2008-09-19 16:34 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 09:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-09-03 14:07 1576176 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-07-29 91830] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [ ] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [ ] S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [ ] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [ ] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-5ce33f2c - c:\windows\system32\lswrqxnj.dll MSConfigStartUp-Messenger Service - service.exe MSConfigStartUp-Windows Service - service.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\ken\Application Data\Mozilla\Firefox\Profiles\k8hx0ldq.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-06 08:09:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-11-06 8:10:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-06 15:10:55 Pre-Run: 226,981,277,696 bytes free Post-Run: 226,927,276,032 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 287 --- E O F --- 2008-10-25 23:32:05

11-06-2008, 10:47 AM	#6 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 23,238 OS: N/A	Re: internet pages are being hijacked Did you at some time used to have ThreatFire installed on this machine? c:\windows\61510.exe Find this file. Right click on it & select 'Properties' Look at the Version tab & tell me the following details ... * Company Name * Internal Name * Description -------- After you have posted that, use Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Last edited by sUBs; 11-06-2008 at 10:55 AM.

11-06-2008, 03:27 PM	#7 (permalink)
straightjacket Registered User Join Date: Oct 2008 Posts: 8 OS: xp media edition	Re: internet pages are being hijacked Yes I did have threatfire on here at one time. The file you asked for is vso convertxtodvd 3 setup file version 0.0.0.0 and under " other version information it says , this installation was built with inno setup.

11-06-2008, 03:33 PM	#8 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 23,238 OS: N/A	Re: internet pages are being hijacked I'll wait for the Kaspersky scan results.

11-06-2008, 04:38 PM	#9 (permalink)
straightjacket Registered User Join Date: Oct 2008 Posts: 8 OS: xp media edition	Re: internet pages are being hijacked ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Thursday, November 6, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, November 06, 2008 22:11:34 Records in database: 1372920 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Files scanned: 43885 Threat name: 3 Infected objects: 5 Suspicious objects: 0 Duration of the scan: 00:34:56 File name / Threat name / Threats count C:\Documents and Settings\ken\My Documents\completed torrents\ConvertXtoDVD 3 v3.2.1.55b\vsoConvertXtoDVD3_setup.exe Infected: Trojan-PSW.Win32.Small.gs 1 C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.n 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\oukhbh.dll.vir Infected: Backdoor.Win32.Rbot.vuz 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\pdkektyw.dll.vir Infected: Backdoor.Win32.Rbot.vuz 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\ucrxxhsj.dll.vir Infected: Backdoor.Win32.Rbot.vuz 1 The selected area was scanned.

11-06-2008, 05:02 PM	#11 (permalink)
straightjacket Registered User Join Date: Oct 2008 Posts: 8 OS: xp media edition	Re: internet pages are being hijacked Will do that right away. It is something my son has on here, so it's not needed. Is there anything else I should do?

11-06-2008, 05:47 PM	#15 (permalink)
straightjacket Registered User Join Date: Oct 2008 Posts: 8 OS: xp media edition	Re: internet pages are being hijacked Thankyou sUBs, for your timely help, and expert diagnosis and repair of my problem. I will follow, and implement the suggestions you have posted, to ensure I will not have these problems in the future. Again, thanks so much.