Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Problems, Combox/kaspersky/norton Failed To Remove


  • This topic is locked This topic is locked
3 replies to this topic

#1 dazzled101

dazzled101

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 29 May 2008 - 07:45 AM

having problems with virtumonde
I cought it while having norton running, it never detected it.
I also then ran norton global scan while the virus was on the machine to no avail.
I was relying on this crap for years and it turns out no good.

Kaspersky ran, dected something, deleted it but it's still replicating itself.
according to instructions i ran combofix.exe and got a log but it looks like the virus added itself to this file.
It detects combofix\catchme.log and combofix. exe as a virus heur.invader
Another thing when I ran combofix i am getting multiple dos windows that pop up at the beginning and end.
It looks like the virus replicates itself each reboot and while pc is running. it also deletes all antispy and antivirus autostart registry entries.
here is the log anyway


this one was ran in safe mode as pc was unresponsive in normal mode
ComboFix 08-05-28.4 - Administrator 2008-05-29  7:06:24.5 - NTFSx86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1251.7.1033.18.1759 [GMT -4:00]
Running from: E:\Documents and Settings\Administrator\Desktop\tutu.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
E:\WINDOWS\BM2b0e49f6.xml
E:\WINDOWS\cookies.ini
E:\WINDOWS\pskt.ini
E:\WINDOWS\system32\aqkwbdra.ini
E:\WINDOWS\system32\bwqycvml.dll
E:\WINDOWS\system32\ediiaocc.exe
E:\WINDOWS\system32\hoimuxuu.dll
E:\WINDOWS\system32\JlSAyyay.ini
E:\WINDOWS\system32\JlSAyyay.ini2
E:\WINDOWS\system32\jltfiklj.dll
E:\WINDOWS\system32\LmTvCJjl.ini
E:\WINDOWS\system32\mcrh.tmp
E:\WINDOWS\system32\mldddaop.dll
E:\WINDOWS\system32\qpjcasav.exe
E:\WINDOWS\system32\rgvwcfsl.dll
E:\WINDOWS\system32\rtvtumay.dll
E:\WINDOWS\system32\smcjakhp.exe
E:\WINDOWS\system32\udtxjfvu.dll
E:\WINDOWS\system32\ueybmpvo.dll
E:\WINDOWS\system32\uodtnnch.dll
E:\WINDOWS\system32\urqmohvj.ini
E:\WINDOWS\system32\vtyjxyxq.dll
E:\WINDOWS\system32\xuwokbsq.exe

.
(((((((((((((((((((((((((   Files Created from 2008-04-28 to 2008-05-29  )))))))))))))))))))))))))))))))
.

2008-05-29 05:58 . 2008-05-29 05:58	<DIR>	d--------	E:\ComboFix
2008-05-28 05:04 . 2008-05-28 05:04	<DIR>	d--------	E:\WINDOWS\system32\Kaspersky Lab
2008-05-28 04:56 . 2008-05-28 10:17	96,966	--a------	E:\WINDOWS\system32\drivers\klin.dat
2008-05-28 04:56 . 2008-05-28 10:17	88,262	--a------	E:\WINDOWS\system32\drivers\klick.dat
2008-05-28 04:53 . 2008-05-28 04:53	<DIR>	d--------	E:\Program Files\Kaspersky Lab
2008-05-28 04:53 . 2008-05-29 02:32	9,669,664	--ahs----	E:\WINDOWS\system32\drivers\fidbox.dat
2008-05-28 04:53 . 2008-05-29 02:32	98,180	--ahs----	E:\WINDOWS\system32\drivers\fidbox.idx
2008-05-28 04:53 . 2008-05-29 05:22	26,400	--ahs----	E:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-28 04:53 . 2008-05-29 02:32	2,516	--ahs----	E:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-28 04:52 . 2008-05-28 04:52	<DIR>	d--------	E:\kav
2008-05-28 04:52 . 2008-05-29 05:57	<DIR>	d--------	E:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 04:05 . 2008-05-28 04:05	<DIR>	d--------	E:\Program Files\Enigma Software Group
2008-05-28 02:36 . 2008-05-28 02:36	250	--a------	E:\WINDOWS\gmer.ini
2008-05-28 02:18 . 2008-05-28 02:35	522	--ahs----	E:\WINDOWS\system32\TsuFeMoq.ini
2008-05-28 02:02 . 2008-05-28 02:34	<DIR>	d--------	E:\Program Files\Norton Internet Security
2008-05-28 01:29 . 2008-05-29 01:14	10,740	--a------	E:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-28 01:29 . 2008-05-29 01:14	805	--a------	E:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-26 16:06 . 2008-05-28 03:58	729	--a------	E:\WINDOWS\wininit.ini
2008-05-25 03:12 . 2006-10-05 16:22	24,072	--a------	E:\WINDOWS\system32\uxtuneup.dll
2008-05-15 11:08 . 2008-05-15 11:08	33,824	--a------	E:\WINDOWS\system32\drivers\oreans32.sys
2008-05-13 04:32 . 2008-05-26 09:14	<DIR>	d--------	E:\Documents and Settings\Administrator\Application Data\The Bat!
2008-05-11 05:17 . 2004-08-04 03:56	221,184	--a------	E:\WINDOWS\system32\wmpns.dll
2008-05-11 04:37 . 2008-05-21 08:43	<DIR>	d--------	E:\WINDOWS\system32\scripting
2008-05-11 04:37 . 2008-05-21 08:43	<DIR>	d--------	E:\WINDOWS\system32\en
2008-05-11 04:37 . 2008-05-21 08:43	<DIR>	d--------	E:\WINDOWS\l2schemas
2008-05-08 02:57 . 2008-05-08 02:57	<DIR>	d--------	E:\Program Files\Vygis
2008-05-08 02:54 . 2008-05-08 02:58	<DIR>	d--------	E:\Program Files\VygisTools Drivers for Win XP
2008-05-02 16:03 . 2008-05-02 16:03	<DIR>	d--------	E:\Program Files\Common Files\EPSON
2008-05-02 16:03 . 2008-05-02 16:03	<DIR>	d--------	E:\Documents and Settings\Administrator\WINDOWS
2008-05-02 16:03 . 2001-05-21 01:03	139,264	--a------	E:\WINDOWS\system32\EBAPI2.dll
2008-05-02 16:01 . 2008-05-02 16:03	846	--a------	E:\WINDOWS\EPSTPLOG.BAK
2008-05-01 16:26 . 2001-08-17 13:56	7,552	--a------	E:\WINDOWS\system32\drivers\SONYPVU1.SYS

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 10:58	---------	d-----w	E:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-29 10:57	---------	d-----w	E:\Program Files\Common Files\Symantec Shared
2008-05-29 10:33	---------	d-----w	E:\Program Files\TuneUp Utilities 2006
2008-05-29 10:28	---------	d-----w	E:\Documents and Settings\All Users\Application Data\Symantec
2008-05-29 09:10	---------	d-----w	E:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 05:16	---------	d-----w	E:\Program Files\Symantec
2008-05-29 05:14	123,952	----a-w	E:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-28 14:17	112,144	----a-w	E:\WINDOWS\system32\drivers\kl1.sys
2008-05-28 10:29	---------	d-----w	E:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-28 05:40	---------	d-----w	E:\Program Files\Norton AntiVirus
2008-05-27 20:39	---------	d-----w	E:\Program Files\eMule
2008-05-25 17:23	22,328	----a-w	E:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-13 08:31	---------	d-----w	E:\Program Files\The Bat!
2008-04-28 23:01	25,952	----a-w	E:\WINDOWS\system32\drivers\wnsdrvr.sys
2008-04-25 00:48	472,576	----a-w	E:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe
2008-04-25 00:48	---------	d-----w	E:\Program Files\Nvidia Omega Drivers
2008-04-20 20:22	---------	d-----w	E:\Program Files\Common Files\SnapStream
2008-04-20 20:22	---------	d-----w	E:\Documents and Settings\All Users\Application Data\SnapStream
2008-04-20 20:20	---------	d-----w	E:\Program Files\SnapStream Media
2008-04-17 19:01	---------	d-----w	E:\Program Files\NsPro
2008-04-14 00:13	40,840	----a-w	E:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13	21,896	----a-w	E:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13	139,656	----a-w	E:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13	12,040	----a-w	E:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:12	69,120	----a-w	E:\WINDOWS\notepad.exe
2008-04-14 00:12	50,688	----a-w	E:\WINDOWS\twain_32.dll
2008-04-14 00:12	32,866	----a-w	E:\WINDOWS\slrundll.exe
2008-04-14 00:12	3,901	------w	E:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 00:12	283,648	----a-w	E:\WINDOWS\winhlp32.exe
2008-04-14 00:12	146,432	----a-w	E:\WINDOWS\regedit.exe
2008-04-14 00:12	11,325	------w	E:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 00:12	10,752	----a-w	E:\WINDOWS\hh.exe
2008-04-14 00:12	1,033,728	----a-w	E:\WINDOWS\explorer.exe
2008-04-13 19:28	175,744	----a-w	E:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21	162,816	----a-w	E:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20	91,520	----a-w	E:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20	361,344	----a-w	E:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20	182,656	----a-w	E:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19	75,264	----a-w	E:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19	51,328	----a-w	E:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19	48,384	----a-w	E:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19	146,048	----a-w	E:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19	138,112	----a-w	E:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18	52,480	----a-w	E:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17	83,072	----a-w	E:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17	456,576	----a-w	E:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17	105,344	----a-w	E:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16	49,536	----a-w	E:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16	141,056	----a-w	E:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15	64,512	----a-w	E:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15	60,800	----a-w	E:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15	574,976	----a-w	E:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15	334,848	----a-w	E:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14	63,744	----a-w	E:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14	143,744	----a-w	E:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00	30,080	----a-w	E:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00	225,664	----a-w	E:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00	19,072	----a-w	E:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57	41,472	----a-w	E:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57	40,576	----a-w	E:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57	34,560	----a-w	E:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57	20,864	----a-w	E:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57	152,832	----a-w	E:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57	14,336	----a-w	E:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57	10,112	----a-w	E:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56	88,320	----a-w	E:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56	69,120	----a-w	E:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56	35,072	----a-w	E:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56	34,688	----a-w	E:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56	30,592	----a-w	E:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56	30,592	------w	E:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56	12,800	----a-w	E:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56	12,800	------w	E:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56	12,288	----a-w	E:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55	202,624	----a-w	E:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55	14,592	----a-w	E:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54	11,264	----a-w	E:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53	71,552	----a-w	E:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53	40,320	----a-w	E:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53	36,608	------w	E:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53	264,832	------w	E:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51	61,824	----a-w	E:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51	60,800	----a-w	E:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51	59,904	----a-w	E:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51	55,808	----a-w	E:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51	101,120	------w	E:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47	25,856	----a-w	E:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:45	60,160	----a-w	E:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 18:44	81,664	----a-w	E:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44	799,744	----a-w	E:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44	20,992	----a-w	E:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44	153,344	----a-w	E:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43	14,208	------w	E:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43	12,672	------w	E:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 18:41	52,352	----a-w	E:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:39	92,544	----a-w	E:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 18:39	7,552	----a-w	E:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 18:39	5,504	----a-w	E:\WINDOWS\system32\drivers\mstee.sys
2008-04-13 18:39	5,376	----a-w	E:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 18:39	42,368	----a-w	E:\WINDOWS\system32\drivers\mountmgr.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-05-28_ 2.24.51.35   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 06:15:46	2,048	--s-a-w	E:\WINDOWS\bootstat.dat
+ 2008-05-29 11:11:55	2,048	--s-a-w	E:\WINDOWS\bootstat.dat
+ 2008-05-28 06:36:41	819,200	----a-w	E:\WINDOWS\gmer.dll
+ 2008-03-04 00:29:06	761,856	----a-w	E:\WINDOWS\gmer.exe
- 2006-07-25 23:03:42	466,944	----a-w	E:\WINDOWS\system32\capicom.dll
+ 2007-09-12 22:27:24	511,328	----a-w	E:\WINDOWS\system32\capicom.dll
- 2008-05-21 22:38:23	16,384	----a-w	E:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-29 11:01:54	16,384	----a-w	E:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-21 22:38:23	32,768	----a-w	E:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-29 11:01:54	32,768	----a-w	E:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-21 22:38:23	32,768	----a-w	E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-29 11:01:54	32,768	----a-w	E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-28 06:36:41	86,097	----a-w	E:\WINDOWS\system32\drivers\gmer.sys
+ 2007-12-28 23:51:04	195,344	----a-w	E:\WINDOWS\system32\drivers\klif.sys
+ 2007-12-13 17:28:40	24,592	----a-w	E:\WINDOWS\system32\drivers\klim5.sys
+ 2008-02-08 22:35:42	23,604	----a-w	E:\WINDOWS\system32\drivers\klopp.dat
- 2007-01-12 10:22:14	247,608	----a-w	E:\WINDOWS\system32\drivers\srtsp.sys
+ 2007-12-01 03:57:12	279,088	----a-w	E:\WINDOWS\system32\drivers\srtsp.sys
- 2007-01-12 10:22:20	276,792	----a-w	E:\WINDOWS\system32\drivers\srtspl.sys
+ 2007-12-01 03:57:12	317,616	----a-w	E:\WINDOWS\system32\drivers\srtspl.sys
- 2007-01-12 10:22:18	25,400	----a-w	E:\WINDOWS\system32\drivers\srtspx.sys
+ 2007-12-01 03:57:12	43,696	----a-w	E:\WINDOWS\system32\drivers\srtspx.sys
+ 2005-05-24 16:27:16	213,048	----a-w	E:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20	94,208	----a-w	E:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54	950,272	----a-w	E:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-02-08 22:37:44	219,664	----a-w	E:\WINDOWS\system32\klogon.dll
- 2007-07-03 21:40:06	1,060,864	----a-w	E:\WINDOWS\system32\MFC71.dll
+ 2007-03-22 00:39:00	1,060,864	----a-w	E:\WINDOWS\system32\MFC71.DLL
- 2007-07-03 21:40:08	499,712	----a-w	E:\WINDOWS\system32\msvcp71.dll
+ 2007-03-22 00:33:00	503,808	----a-w	E:\WINDOWS\system32\MSVCP71.DLL
- 2007-07-03 21:40:08	348,160	----a-w	E:\WINDOWS\system32\msvcr71.dll
+ 2007-03-22 00:33:00	348,160	----a-w	E:\WINDOWS\system32\MSVCR71.DLL
- 2008-05-28 06:12:09	60,800	----a-w	E:\WINDOWS\system32\S32EVNT1.DLL
+ 2008-05-29 05:14:19	60,800	----a-w	E:\WINDOWS\system32\S32EVNT1.DLL
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{260D040C-375A-4F27-83FF-0C02C8F2C32D}]
			E:\WINDOWS\system32\yayyASlJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]
			E:\WINDOWS\system32\vtUlLEut.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64BA22C8-55A7-4792-BBE0-B3C64875F0E8}]
			E:\WINDOWS\system32\xxyabcAQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71A9BFA3-0B2F-47C8-8AA7-1CC3FC4E9825}]
			E:\WINDOWS\system32\geBrsTmK.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86DA05AD-3986-4DBB-92C2-64AC499F4CFD}]
			E:\WINDOWS\system32\awtutRIX.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4E5F6E1-69DD-4D93-9E5F-410DD4AB8CEA}]
			E:\WINDOWS\system32\jkkHYsPh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 15:30 68856]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"uTorrent"="E:\Program Files\uTorrent\uTorrent.exe" [2008-02-22 06:25 219952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB1450"="command /c del E:\WINDOWS\system32\xxyabcAQ.dll_old" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 22:07 49152]
"CTHelper"="CTHELPER.EXE" [2006-12-12 11:46 19456 E:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 11:46 20480 E:\WINDOWS\system32\Ctxfihlp.exe]
"UpdReg"="E:\WINDOWS\UpdReg.EXE" [2000-05-11 05:00 90112]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-10 23:22 180269]
"NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"DiscWizardMonitor.exe"="E:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 21:24 1169744]
"AcronisTimounterMonitor"="E:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 21:38 1945688]
"Acronis Scheduler2 Service"="E:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 21:29 149024]
"IAAnotif"="E:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-05-11 11:47 151552]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 E:\WINDOWS\system32\nwiz.exe]
"Symantec NetDriver Monitor"="E:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-01-21 18:00 100056]
"ccApp"="E:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 09:59 115816]
"IS CfgWiz"="E:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-13 06:28 431752]
"osCheck"="E:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 11:11 771704]
"3c1ae13a"="E:\WINDOWS\system32\oxljxald.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 20:12 15360]
"LightScribe Control Panel"="E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]

E:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Beyond TV.lnk - E:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe [2008-03-19 19:01:26 303104]
EPSON Status Monitor 3 Environment Check(2).lnk - E:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-05-02 16:03:56 135680]
Google Updater.lnk - E:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-13 05:32:45 125624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{522E0112-EDD9-413D-A99E-C311A54B6676}"= E:\WINDOWS\system32\vtUlLEut.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUlLEut]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 relog_ap
Notification Packages	REG_MULTI_SZ   	scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Program Files\\eMule\\emule.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRegistrationService.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVLibraryService.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNetworkService.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRecordingEngine.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVGuideDataLoader.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVSettingsService.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVTaskManagerService.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVD3DShell.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\SetupWizard.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNotifierService.exe"=
"E:\\kav\\kav7.0\\english\\setup.exe"=
"E:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);E:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 08:46]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;E:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S1 oreans32;oreans32;E:\WINDOWS\system32\drivers\oreans32.sys [2008-05-15 11:08]
S2 UxTuneUp;TuneUp Design Expansion;E:\WINDOWS\System32\svchost.exe [2008-04-13 20:12]
S3 bsusbser;PHD USB Device for Legacy Serial Communication;E:\WINDOWS\system32\DRIVERS\bsusbser.sys [2008-01-23 09:08]
S3 clipusb;ClipUsb - Kernel Driver;E:\WINDOWS\system32\DRIVERS\clipusb.sys [2007-11-06 16:36]
S3 CXFALCON;Conexant Falcon Video Capture;E:\WINDOWS\system32\drivers\cxfalcon.sys [2005-09-09 04:12]
S3 Egatebus;Egatebus;E:\WINDOWS\system32\drivers\egatebus.sys [2006-05-19 14:22]
S3 Egatecard;Egatecard;E:\WINDOWS\system32\Drivers\egate.sys [2006-05-19 14:22]
S3 Egaterdr;Egaterdr;E:\WINDOWS\system32\drivers\egaterdr.sys [2006-05-19 14:22]
S3 FTD2XX;NsPro Box;E:\WINDOWS\system32\Drivers\NSD2XX.sys [2006-07-02 09:47]
S3 ha20x2k;Creative 20X HAL Driver;E:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 09:36]
S3 MRT_box2;MRT_box2.SYS Martech BOX II device driver;E:\WINDOWS\system32\Drivers\MRT_box2.sys [2004-10-15 17:49]
S3 NmPar;PCI Parallel Port;E:\WINDOWS\system32\DRIVERS\NmPar.sys [2008-04-09 09:28]
S3 nmserial;PCI Serial Port;E:\WINDOWS\system32\DRIVERS\nmserial.sys [2008-04-04 07:30]
S3 PortTalk;PortTalk;E:\WINDOWS\system32\drivers\PortTalk.sys [2004-02-23 11:10]
S3 sssdbus;SAMSUNG WMC Composite Device driver (WDM);E:\WINDOWS\system32\DRIVERS\sssdbus.sys [2006-07-21 06:12]
S3 sssdmdfl;SAMSUNG Modem Filter;E:\WINDOWS\system32\DRIVERS\sssdmdfl.sys [2006-07-21 06:13]
S3 sssdmdm;SAMSUNG Modem Driver;E:\WINDOWS\system32\DRIVERS\sssdmdm.sys [2006-07-21 06:13]
S3 sssdmgmt;SAMSUNG AT command Port Drivers (WDM);E:\WINDOWS\system32\DRIVERS\sssdmgmt.sys [2006-07-21 06:14]
S3 sssdobex;SAMSUNG OBEX Port Drivers (WDM);E:\WINDOWS\system32\DRIVERS\sssdobex.sys [2006-07-21 06:15]
S3 TCCrystalCpuInfo;TCCrystalCpuInfo;E:\DOCUME~1\ADMINI~2\LOCALS~1\Temp\TCCpuInfo.sys []
S3 tsbenum;tsbenum;E:\WINDOWS\system32\DRIVERS\tsbenum.sys [2005-02-14 16:02]
S3 tsbvfatc;tsbvfatc;E:\WINDOWS\system32\DRIVERS\tsbvfatc.sys [2005-10-05 16:08]
S3 tsbvfmdm;tsbvfmdm;E:\WINDOWS\system32\DRIVERS\tsbvfmdm.sys [2005-10-05 16:08]
S3 tsbvfobe;tsbvfobe;E:\WINDOWS\system32\DRIVERS\tsbvfobe.sys [2005-10-05 16:08]
S3 VSD2XX;VSD2XX.SYS USB - RS232 device driver;E:\WINDOWS\system32\Drivers\VSD2XX.sys [2003-10-30 11:03]
S3 WnsDrvr;WnsDrvr;E:\WINDOWS\system32\drivers\WnsDrvr.sys [2008-04-28 19:01]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b41e544-c8bd-11dc-9444-001bfc06720e}]
\Shell\AutoRun\command - H:\Autorun.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - IASTOR

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"E:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 09:15:00 E:\WINDOWS\Tasks\1-Click Maintenance.job"
- E:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 07:12:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-29  7:15:42 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt  2008-05-29 11:15:27
ComboFix2.txt  2008-05-28 07:26:09
ComboFix3.txt  2008-05-28 07:10:36
ComboFix4.txt  2008-05-28 06:26:00

Pre-Run: 19,674,427,392 bytes free
Post-Run: 19,658,858,496 bytes free

359	--- E O F ---	2008-05-18 07:00:53



normal mode 5 minutes later after deletion of norton that became unusable, couldn't load up, couldn't scan etc
ComboFix 08-05-28.4 - Administrator 2008-05-29  8:12:43.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1251.7.1033.18.1357 [GMT -4:00]
Running from: E:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-04-28 to 2008-05-29  )))))))))))))))))))))))))))))))
.

2008-05-29 07:45 . 2006-09-13 14:00	197,632	--a------	E:\WINDOWS\system32\CNMLM7Q.DLL
2008-05-29 07:29 . 2008-05-29 07:29	<DIR>	d--h-----	E:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-05-29 07:29 . 2008-05-29 07:29	<DIR>	d--h-----	E:\Program Files\CanonBJ
2008-05-29 07:29 . 2006-09-25 19:49	194,560	--a------	E:\WINDOWS\system32\CNCC830.DLL
2008-05-29 07:29 . 2005-11-01 20:19	143,360	--a------	E:\WINDOWS\system32\CNCL830.DLL
2008-05-29 07:29 . 2006-09-29 23:12	130,048	--a------	E:\WINDOWS\system32\CNCF2Lb.DLL
2008-05-29 07:29 . 2006-06-29 23:29	106,496	--a------	E:\WINDOWS\system32\cncisco.dll
2008-05-29 07:29 . 2006-09-29 23:12	49,152	--a------	E:\WINDOWS\system32\CNCFMSb.EXE
2008-05-29 07:29 . 2006-09-13 20:28	37,888	--a------	E:\WINDOWS\system32\CNCI830.DLL
2008-05-29 07:29 . 2006-09-29 23:12	3,072	--a------	E:\WINDOWS\system32\CNCFLbUS.DLL
2008-05-29 07:29 . 2006-09-29 23:12	2,560	--a------	E:\WINDOWS\system32\CNCFLbJP.DLL
2008-05-28 05:04 . 2008-05-28 05:04	<DIR>	d--------	E:\WINDOWS\system32\Kaspersky Lab
2008-05-28 04:56 . 2008-05-28 10:17	96,966	--a------	E:\WINDOWS\system32\drivers\klin.dat
2008-05-28 04:56 . 2008-05-28 10:17	88,262	--a------	E:\WINDOWS\system32\drivers\klick.dat
2008-05-28 04:53 . 2008-05-28 04:53	<DIR>	d--------	E:\Program Files\Kaspersky Lab
2008-05-28 04:53 . 2008-05-29 08:15	9,669,664	--ahs----	E:\WINDOWS\system32\drivers\fidbox.dat
2008-05-28 04:53 . 2008-05-29 08:15	100,868	--ahs----	E:\WINDOWS\system32\drivers\fidbox.idx
2008-05-28 04:53 . 2008-05-29 08:15	26,400	--ahs----	E:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-28 04:53 . 2008-05-29 08:15	3,308	--ahs----	E:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-28 04:52 . 2008-05-28 04:52	<DIR>	d--------	E:\kav
2008-05-28 04:52 . 2008-05-29 07:58	<DIR>	d--------	E:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 04:05 . 2008-05-28 04:05	<DIR>	d--------	E:\Program Files\Enigma Software Group
2008-05-28 02:36 . 2008-05-28 02:36	250	--a------	E:\WINDOWS\gmer.ini
2008-05-28 02:18 . 2008-05-28 02:35	522	--ahs----	E:\WINDOWS\system32\TsuFeMoq.ini
2008-05-28 01:29 . 2008-05-29 01:14	10,740	--a------	E:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-28 01:29 . 2008-05-29 01:14	805	--a------	E:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-26 16:06 . 2008-05-28 03:58	729	--a------	E:\WINDOWS\wininit.ini
2008-05-25 03:12 . 2006-10-05 16:22	24,072	--a------	E:\WINDOWS\system32\uxtuneup.dll
2008-05-15 11:08 . 2008-05-15 11:08	33,824	--a------	E:\WINDOWS\system32\drivers\oreans32.sys
2008-05-13 04:32 . 2008-05-26 09:14	<DIR>	d--------	E:\Documents and Settings\Administrator\Application Data\The Bat!
2008-05-11 05:17 . 2004-08-04 03:56	221,184	--a------	E:\WINDOWS\system32\wmpns.dll
2008-05-11 04:37 . 2008-05-21 08:43	<DIR>	d--------	E:\WINDOWS\system32\scripting
2008-05-11 04:37 . 2008-05-21 08:43	<DIR>	d--------	E:\WINDOWS\system32\en
2008-05-11 04:37 . 2008-05-21 08:43	<DIR>	d--------	E:\WINDOWS\l2schemas
2008-05-08 02:57 . 2008-05-08 02:57	<DIR>	d--------	E:\Program Files\Vygis
2008-05-08 02:54 . 2008-05-08 02:58	<DIR>	d--------	E:\Program Files\VygisTools Drivers for Win XP
2008-05-02 16:03 . 2008-05-02 16:03	<DIR>	d--------	E:\Program Files\Common Files\EPSON
2008-05-02 16:03 . 2008-05-02 16:03	<DIR>	d--------	E:\Documents and Settings\Administrator\WINDOWS
2008-05-02 16:03 . 2001-05-21 01:03	139,264	--a------	E:\WINDOWS\system32\EBAPI2.dll
2008-05-02 16:01 . 2008-05-02 16:03	846	--a------	E:\WINDOWS\EPSTPLOG.BAK
2008-05-01 16:26 . 2001-08-17 13:56	7,552	--a------	E:\WINDOWS\system32\drivers\SONYPVU1.SYS

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 12:16	---------	d-----w	E:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-29 11:57	---------	d-----w	E:\Program Files\Common Files\Symantec Shared
2008-05-29 11:48	---------	d-----w	E:\Documents and Settings\All Users\Application Data\Symantec
2008-05-29 11:30	---------	d-----w	E:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-29 11:26	---------	d-----w	E:\Program Files\TuneUp Utilities 2006
2008-05-29 09:10	---------	d-----w	E:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 14:17	112,144	----a-w	E:\WINDOWS\system32\drivers\kl1.sys
2008-05-28 05:40	---------	d-----w	E:\Program Files\Norton AntiVirus
2008-05-27 20:39	---------	d-----w	E:\Program Files\eMule
2008-05-25 17:23	22,328	----a-w	E:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-13 08:31	---------	d-----w	E:\Program Files\The Bat!
2008-04-28 23:01	25,952	----a-w	E:\WINDOWS\system32\drivers\wnsdrvr.sys
2008-04-25 00:48	472,576	----a-w	E:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe
2008-04-25 00:48	---------	d-----w	E:\Program Files\Nvidia Omega Drivers
2008-04-20 20:22	---------	d-----w	E:\Program Files\Common Files\SnapStream
2008-04-20 20:22	---------	d-----w	E:\Documents and Settings\All Users\Application Data\SnapStream
2008-04-20 20:20	---------	d-----w	E:\Program Files\SnapStream Media
2008-04-17 19:01	---------	d-----w	E:\Program Files\NsPro
2008-04-14 00:13	40,840	----a-w	E:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13	21,896	----a-w	E:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13	139,656	----a-w	E:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13	12,040	----a-w	E:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:12	69,120	----a-w	E:\WINDOWS\notepad.exe
2008-04-14 00:12	50,688	----a-w	E:\WINDOWS\twain_32.dll
2008-04-14 00:12	32,866	----a-w	E:\WINDOWS\slrundll.exe
2008-04-14 00:12	3,901	------w	E:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 00:12	283,648	----a-w	E:\WINDOWS\winhlp32.exe
2008-04-14 00:12	146,432	----a-w	E:\WINDOWS\regedit.exe
2008-04-14 00:12	11,325	------w	E:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 00:12	10,752	----a-w	E:\WINDOWS\hh.exe
2008-04-14 00:12	1,033,728	----a-w	E:\WINDOWS\explorer.exe
2008-04-13 19:28	175,744	----a-w	E:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21	162,816	----a-w	E:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20	91,520	----a-w	E:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20	361,344	----a-w	E:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20	182,656	----a-w	E:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19	75,264	----a-w	E:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19	51,328	----a-w	E:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19	48,384	----a-w	E:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19	146,048	----a-w	E:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19	138,112	----a-w	E:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18	52,480	----a-w	E:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17	83,072	----a-w	E:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17	456,576	----a-w	E:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17	105,344	----a-w	E:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16	49,536	----a-w	E:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16	141,056	----a-w	E:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15	64,512	----a-w	E:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15	60,800	----a-w	E:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15	574,976	----a-w	E:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15	334,848	----a-w	E:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14	63,744	----a-w	E:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14	143,744	----a-w	E:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00	30,080	----a-w	E:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00	225,664	----a-w	E:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00	19,072	----a-w	E:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57	41,472	----a-w	E:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57	40,576	----a-w	E:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57	34,560	----a-w	E:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57	20,864	----a-w	E:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57	152,832	----a-w	E:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57	14,336	----a-w	E:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57	10,112	----a-w	E:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56	88,320	----a-w	E:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56	69,120	----a-w	E:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56	35,072	----a-w	E:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56	34,688	----a-w	E:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56	30,592	----a-w	E:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56	30,592	------w	E:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56	12,800	----a-w	E:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56	12,800	------w	E:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56	12,288	----a-w	E:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55	202,624	----a-w	E:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55	14,592	----a-w	E:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54	11,264	----a-w	E:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53	71,552	----a-w	E:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53	40,320	----a-w	E:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53	36,608	------w	E:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53	264,832	------w	E:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51	61,824	----a-w	E:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51	60,800	----a-w	E:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51	59,904	----a-w	E:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51	55,808	----a-w	E:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51	101,120	------w	E:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47	25,856	----a-w	E:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:45	60,160	----a-w	E:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 18:44	81,664	----a-w	E:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44	799,744	----a-w	E:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44	20,992	----a-w	E:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44	153,344	----a-w	E:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43	14,208	------w	E:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43	12,672	------w	E:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 18:41	52,352	----a-w	E:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:39	92,544	----a-w	E:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 18:39	7,552	----a-w	E:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 18:39	5,504	----a-w	E:\WINDOWS\system32\drivers\mstee.sys
2008-04-13 18:39	5,376	----a-w	E:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 18:39	42,368	----a-w	E:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 18:39	4,992	----a-w	E:\WINDOWS\system32\drivers\mspqm.sys
2008-04-13 18:39	4,352	----a-w	E:\WINDOWS\system32\drivers\swenum.sys
.

(((((((((((((((((((((((((((((   snapshot_2008-05-29_ 7.15.19.68   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 11:11:55	2,048	--s-a-w	E:\WINDOWS\bootstat.dat
+ 2008-05-29 12:16:02	2,048	--s-a-w	E:\WINDOWS\bootstat.dat
+ 2006-08-26 07:35:30	710,240	----a-w	E:\WINDOWS\system32\CanonIJ Uninstaller Information\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}\DelDrv.exe
+ 2006-08-24 22:01:48	40,960	----a-w	E:\WINDOWS\system32\CanonIJ Uninstaller Information\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}\RES\DLL\IJInstJP.dll
+ 2006-08-24 22:01:48	49,152	----a-w	E:\WINDOWS\system32\CanonIJ Uninstaller Information\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}\RES\DLL\IJInstUS.dll
+ 2006-09-30 03:12:04	73,807	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNCAABb.EXE
+ 2006-09-30 03:11:58	221,184	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNCAAIb.DLL
+ 2006-09-30 03:11:48	131,072	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNCAMGb.DLL
+ 2006-09-30 03:12:02	126,976	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNCAPFb.EXE
+ 2006-09-30 03:11:30	94,208	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNCAWSb.DLL
+ 2006-09-30 03:12:18	35,840	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNCF2Gb.dll
+ 2006-09-30 03:12:18	20,480	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNCF2Mb.DLL
+ 2006-09-30 03:12:18	29,696	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNCF2Ub.dll
+ 2006-09-30 03:12:28	69,632	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNCFCbJP.DLL
+ 2006-09-30 03:12:28	73,728	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNCFCbUS.DLL
+ 2006-09-30 03:12:06	176,128	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNCFDLb.DLL
+ 2006-09-30 03:11:24	94,285	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNCFIMb.DLL
- 2006-09-13 05:00:00	274,944	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMCB7Q.DLL
+ 2006-09-13 18:00:00	274,944	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMCB7Q.DLL
- 2006-09-13 05:00:00	106,496	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMCP7Q.DLL
+ 2006-09-13 18:00:00	106,496	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMCP7Q.DLL
- 2006-09-13 05:00:00	217,600	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMD57Q.DLL
+ 2006-09-13 18:00:00	217,600	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMD57Q.DLL
- 2006-09-13 05:00:00	540,160	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMDR7Q.DLL
+ 2006-09-13 18:00:00	540,160	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMDR7Q.DLL
- 2006-09-13 05:00:00	9,728	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMFU7Q.DLL
+ 2006-09-13 18:00:00	9,728	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMFU7Q.DLL
- 2006-09-13 05:00:00	8,704	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMLH7Q.DLL
+ 2006-09-13 18:00:00	8,704	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMLH7Q.DLL
- 2006-09-13 05:00:00	130,048	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMLR7Q.DLL
+ 2006-09-13 18:00:00	130,048	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMLR7Q.DLL
- 2006-09-13 05:00:00	30,720	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMOP7Q.DLL
+ 2006-09-13 18:00:00	30,720	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMOP7Q.DLL
- 2000-12-12 11:10:04	23,280	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMP07Q.DAT
+ 2000-12-13 00:10:04	23,280	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMP07Q.DAT
- 2000-12-12 11:10:04	27,140	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMP17Q.DAT
+ 2000-12-13 00:10:04	27,140	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMP17Q.DAT
- 2000-12-12 17:09:20	30,320	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMP27Q.DAT
+ 2000-12-13 06:09:20	30,320	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMP27Q.DAT
- 2006-09-13 05:00:00	12,288	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMPI7Q.DLL
+ 2006-09-13 18:00:00	12,288	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMPI7Q.DLL
- 2006-09-13 05:00:00	102,400	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMPV7Q.DLL
+ 2006-09-13 18:00:00	102,400	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMPV7Q.DLL
- 2006-09-13 05:00:00	223,232	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSB7Q.DLL
+ 2006-09-13 18:00:00	223,232	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSB7Q.DLL
- 2006-09-13 05:00:00	47,104	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSD7Q.DLL
+ 2006-09-13 18:00:00	47,104	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSD7Q.DLL
- 2006-09-13 08:22:24	15,448	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSE7Q.EXE
+ 2006-09-13 21:22:24	15,448	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSE7Q.EXE
- 2006-09-13 05:00:00	419,840	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSM7Q.DLL
+ 2006-09-13 18:00:00	419,840	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSM7Q.DLL
- 2006-09-13 05:00:00	44,032	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSQ7Q.DLL
+ 2006-09-13 18:00:00	44,032	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSQ7Q.DLL
- 2006-09-13 05:00:00	74,240	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSR7Q.DLL
+ 2006-09-13 18:00:00	74,240	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSR7Q.DLL
- 2006-09-13 05:00:00	536,576	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMUB7Q.DLL
+ 2006-09-13 18:00:00	536,576	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMUB7Q.DLL
- 2006-09-13 05:10:00	1,867,264	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMUI7Q.DLL
+ 2006-09-13 18:10:00	1,867,264	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMUI7Q.DLL
- 2006-09-13 05:00:00	334,848	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMUR7Q.DLL
+ 2006-09-13 18:00:00	334,848	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMUR7Q.DLL
- 2006-09-13 05:00:00	12,800	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMVS7Q.DLL
+ 2006-09-13 18:00:00	12,800	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMVS7Q.DLL
- 2006-09-13 05:00:00	10,752	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMW37Q.DLL
+ 2006-09-13 18:00:00	10,752	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\3\CNMW37Q.DLL
+ 2006-09-30 03:12:04	73,807	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp830_faxbfee\CNCAABb.EXE
+ 2006-09-30 03:11:58	221,184	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp830_faxbfee\CNCAAIb.DLL
+ 2006-09-30 03:11:48	131,072	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp830_faxbfee\CNCAMGb.DLL
+ 2006-09-30 03:12:02	126,976	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp830_faxbfee\CNCAPFb.EXE
+ 2006-09-30 03:11:30	94,208	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp830_faxbfee\CNCAWSb.DLL
+ 2006-09-30 03:12:18	35,840	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp830_faxbfee\CNCF2Gb.DLL
+ 2006-09-30 03:12:18	20,480	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp830_faxbfee\CNCF2Mb.DLL
+ 2006-09-30 03:12:18	29,696	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp830_faxbfee\CNCF2Ub.DLL
+ 2006-09-30 03:12:28	69,632	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp830_faxbfee\CNCFCbJP.DLL
+ 2006-09-30 03:12:28	73,728	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp830_faxbfee\CNCFCbUS.DLL
+ 2006-09-30 03:12:06	176,128	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp830_faxbfee\CNCFDLb.DLL
+ 2006-09-30 03:11:24	94,285	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp830_faxbfee\CNCFIMb.DLL
+ 2006-09-13 18:00:00	274,944	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMCB7Q.DLL
+ 2006-09-13 18:00:00	106,496	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMCP7Q.DLL
+ 2006-09-13 18:00:00	217,600	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMD57Q.DLL
+ 2006-09-13 18:00:00	540,160	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMDR7Q.DLL
+ 2006-09-13 18:00:00	9,728	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMFU7Q.DLL
+ 2006-09-13 18:00:00	8,704	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMLH7Q.DLL
+ 2006-09-13 18:00:00	130,048	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMLR7Q.DLL
+ 2006-09-13 18:00:00	30,720	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMOP7Q.DLL
+ 2000-12-13 00:10:04	23,280	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMP07Q.DAT
+ 2000-12-13 00:10:04	27,140	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMP17Q.DAT
+ 2000-12-13 06:09:20	30,320	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMP27Q.DAT
+ 2006-09-13 18:00:00	12,288	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMPI7Q.DLL
+ 2006-09-13 18:00:00	102,400	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMPV7Q.DLL
+ 2006-09-13 18:00:00	223,232	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMSB7Q.DLL
+ 2006-09-13 18:00:00	47,104	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMSD7Q.DLL
+ 2006-09-13 21:22:24	15,448	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMSE7Q.EXE
+ 2006-09-13 18:00:00	419,840	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMSM7Q.DLL
+ 2006-09-13 18:00:00	44,032	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMSQ7Q.DLL
+ 2006-09-13 18:00:00	74,240	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMSR7Q.DLL
+ 2006-09-13 18:00:00	536,576	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMUB7Q.DLL
+ 2006-09-13 18:10:00	1,867,264	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMUI7Q.DLL
+ 2006-09-13 18:00:00	334,848	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMUR7Q.DLL
+ 2006-09-13 18:00:00	12,800	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMVS7Q.DLL
+ 2006-09-13 18:00:00	10,752	----a-w	E:\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMW37Q.DLL
+ 2006-09-13 18:00:00	27,136	----a-w	E:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD7Q.DLL
+ 2006-09-13 18:00:00	69,632	----a-w	E:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP7Q.DLL
+ 2005-04-16 04:34:00	57,344	----a-w	E:\WINDOWS\twain_32\MP830\BaLCo.dll
+ 2005-08-25 04:51:00	126,976	----a-w	E:\WINDOWS\twain_32\MP830\CFine2.dll
+ 2005-08-31 21:52:00	2,660,416	----a-w	E:\WINDOWS\twain_32\MP830\CNC830.DAT
+ 2006-09-14 00:26:00	139,264	----a-w	E:\WINDOWS\twain_32\MP830\IOP.DLL
+ 2004-08-27 06:07:00	114,688	----a-w	E:\WINDOWS\twain_32\MP830\ITLIB32.DLL
+ 2003-08-22 08:55:00	24,576	----a-w	E:\WINDOWS\twain_32\MP830\JDA_CIMG.DLL
+ 2004-06-08 01:58:00	290,816	----a-w	E:\WINDOWS\twain_32\MP830\libBLC.dll
+ 2001-09-11 05:44:00	36,864	----a-w	E:\WINDOWS\twain_32\MP830\NBS4MB.DLL
+ 2001-09-11 05:44:00	479,232	----a-w	E:\WINDOWS\twain_32\MP830\NBSCOR4M.DLL
+ 2001-09-11 05:44:00	98,304	----a-w	E:\WINDOWS\twain_32\MP830\RMSLANTC.DLL
+ 2005-05-19 06:47:00	77,824	----a-w	E:\WINDOWS\twain_32\MP830\RSTCOL.DLL
+ 2006-09-14 00:26:00	131,072	----a-w	E:\WINDOWS\twain_32\MP830\SCANINTF.DLL
+ 2004-05-15 07:22:00	106,496	----a-w	E:\WINDOWS\twain_32\MP830\SCRPRMV.DLL
+ 2006-09-14 00:26:00	884,736	----a-w	E:\WINDOWS\twain_32\MP830\SGRES_JP.DLL
+ 2006-09-14 00:26:00	913,408	----a-w	E:\WINDOWS\twain_32\MP830\SGRES_US.DLL
+ 2006-09-14 00:27:00	901,120	----a-w	E:\WINDOWS\twain_32\MP830\SGUI.DLL
+ 2006-09-14 00:27:00	778,240	----a-w	E:\WINDOWS\twain_32\MP830\TPM.DLL
+ 2006-09-14 00:27:00	19,968	----a-w	E:\WINDOWS\twain_32\MP830\USDRESJP.DLL
+ 2006-09-14 00:27:00	19,968	----a-w	E:\WINDOWS\twain_32\MP830\USDRESUS.DLL
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{260D040C-375A-4F27-83FF-0C02C8F2C32D}]
			E:\WINDOWS\system32\yayyASlJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]
			E:\WINDOWS\system32\vtUlLEut.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64BA22C8-55A7-4792-BBE0-B3C64875F0E8}]
			E:\WINDOWS\system32\xxyabcAQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71A9BFA3-0B2F-47C8-8AA7-1CC3FC4E9825}]
			E:\WINDOWS\system32\geBrsTmK.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86DA05AD-3986-4DBB-92C2-64AC499F4CFD}]
			E:\WINDOWS\system32\awtutRIX.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4E5F6E1-69DD-4D93-9E5F-410DD4AB8CEA}]
			E:\WINDOWS\system32\jkkHYsPh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 15:30 68856]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"uTorrent"="E:\Program Files\uTorrent\uTorrent.exe" [2008-02-22 06:25 219952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB1450"="command /c del E:\WINDOWS\system32\xxyabcAQ.dll_old" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 22:07 49152]
"CTHelper"="CTHELPER.EXE" [2006-12-12 11:46 19456 E:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 11:46 20480 E:\WINDOWS\system32\Ctxfihlp.exe]
"UpdReg"="E:\WINDOWS\UpdReg.EXE" [2000-05-11 05:00 90112]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-10 23:22 180269]
"NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"DiscWizardMonitor.exe"="E:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 21:24 1169744]
"AcronisTimounterMonitor"="E:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 21:38 1945688]
"Acronis Scheduler2 Service"="E:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 21:29 149024]
"IAAnotif"="E:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-05-11 11:47 151552]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 E:\WINDOWS\system32\nwiz.exe]
"3c1ae13a"="E:\WINDOWS\system32\oxljxald.dll" [ ]
"BM2b0e49f6"="E:\WINDOWS\system32\jltfiklj.dll" [ ]
"Symantec NetDriver Monitor"="E:\PROGRA~1\SYMNET~1\SNDMon.exe" [ ]
"AVP"="E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA8911"="command /c del E:\WINDOWS\system32\awtutRIX.dll_old" [ ]
"SpybotDeletingC3072"="cmd /c del E:\WINDOWS\system32\awtutRIX.dll_old" [ ]
"SpybotDeletingA9331"="command /c del E:\WINDOWS\system32\xxyabcAQ.dll_old" [ ]
"SpybotDeletingC922"="cmd /c del E:\WINDOWS\system32\xxyabcAQ.dll_old" [ ]
"SpybotDeletingA5422"="command /c del E:\WINDOWS\system32\awtutRIX.dll_old" [ ]
"SpybotDeletingC7292"="cmd /c del E:\WINDOWS\system32\awtutRIX.dll_old" [ ]
"SpybotDeletingA5580"="command /c del E:\WINDOWS\system32\xxyabcAQ.dll_old" [ ]
"SpybotDeletingC6671"="cmd /c del E:\WINDOWS\system32\xxyabcAQ.dll_old" [ ]
"SpybotDeletingA4935"="command /c del E:\WINDOWS\system32\xxyabcAQ.dll_old" [ ]
"SpybotDeletingC9807"="cmd /c del E:\WINDOWS\system32\xxyabcAQ.dll_old" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 20:12 15360]
"LightScribe Control Panel"="E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]

E:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Beyond TV.lnk - E:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe [2008-03-19 19:01:26 303104]
EPSON Status Monitor 3 Environment Check(2).lnk - E:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-05-02 16:03:56 135680]
Google Updater.lnk - E:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-13 05:32:45 125624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{522E0112-EDD9-413D-A99E-C311A54B6676}"= E:\WINDOWS\system32\vtUlLEut.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUlLEut]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 relog_ap
Notification Packages	REG_MULTI_SZ   	scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Program Files\\eMule\\emule.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRegistrationService.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVLibraryService.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNetworkService.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRecordingEngine.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVGuideDataLoader.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVSettingsService.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVTaskManagerService.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVD3DShell.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\SetupWizard.exe"=
"E:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNotifierService.exe"=
"E:\\kav\\kav7.0\\english\\setup.exe"=
"E:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);E:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 08:46]
R1 oreans32;oreans32;E:\WINDOWS\system32\drivers\oreans32.sys [2008-05-15 11:08]
R2 UxTuneUp;TuneUp Design Expansion;E:\WINDOWS\System32\svchost.exe [2008-04-13 20:12]
R3 CXFALCON;Conexant Falcon Video Capture;E:\WINDOWS\system32\drivers\cxfalcon.sys [2005-09-09 04:12]
R3 Egatebus;Egatebus;E:\WINDOWS\system32\drivers\egatebus.sys [2006-05-19 14:22]
R3 Egaterdr;Egaterdr;E:\WINDOWS\system32\drivers\egaterdr.sys [2006-05-19 14:22]
R3 ha20x2k;Creative 20X HAL Driver;E:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 09:36]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;E:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 NmPar;PCI Parallel Port;E:\WINDOWS\system32\DRIVERS\NmPar.sys [2008-04-09 09:28]
R3 nmserial;PCI Serial Port;E:\WINDOWS\system32\DRIVERS\nmserial.sys [2008-04-04 07:30]
S3 bsusbser;PHD USB Device for Legacy Serial Communication;E:\WINDOWS\system32\DRIVERS\bsusbser.sys [2008-01-23 09:08]
S3 clipusb;ClipUsb - Kernel Driver;E:\WINDOWS\system32\DRIVERS\clipusb.sys [2007-11-06 16:36]
S3 Egatecard;Egatecard;E:\WINDOWS\system32\Drivers\egate.sys [2006-05-19 14:22]
S3 FTD2XX;NsPro Box;E:\WINDOWS\system32\Drivers\NSD2XX.sys [2006-07-02 09:47]
S3 MRT_box2;MRT_box2.SYS Martech BOX II device driver;E:\WINDOWS\system32\Drivers\MRT_box2.sys [2004-10-15 17:49]
S3 PortTalk;PortTalk;E:\WINDOWS\system32\drivers\PortTalk.sys [2004-02-23 11:10]
S3 sssdbus;SAMSUNG WMC Composite Device driver (WDM);E:\WINDOWS\system32\DRIVERS\sssdbus.sys [2006-07-21 06:12]
S3 sssdmdfl;SAMSUNG Modem Filter;E:\WINDOWS\system32\DRIVERS\sssdmdfl.sys [2006-07-21 06:13]
S3 sssdmdm;SAMSUNG Modem Driver;E:\WINDOWS\system32\DRIVERS\sssdmdm.sys [2006-07-21 06:13]
S3 sssdmgmt;SAMSUNG AT command Port Drivers (WDM);E:\WINDOWS\system32\DRIVERS\sssdmgmt.sys [2006-07-21 06:14]
S3 sssdobex;SAMSUNG OBEX Port Drivers (WDM);E:\WINDOWS\system32\DRIVERS\sssdobex.sys [2006-07-21 06:15]
S3 TCCrystalCpuInfo;TCCrystalCpuInfo;E:\DOCUME~1\ADMINI~2\LOCALS~1\Temp\TCCpuInfo.sys []
S3 tsbenum;tsbenum;E:\WINDOWS\system32\DRIVERS\tsbenum.sys [2005-02-14 16:02]
S3 tsbvfatc;tsbvfatc;E:\WINDOWS\system32\DRIVERS\tsbvfatc.sys [2005-10-05 16:08]
S3 tsbvfmdm;tsbvfmdm;E:\WINDOWS\system32\DRIVERS\tsbvfmdm.sys [2005-10-05 16:08]
S3 tsbvfobe;tsbvfobe;E:\WINDOWS\system32\DRIVERS\tsbvfobe.sys [2005-10-05 16:08]
S3 VSD2XX;VSD2XX.SYS USB - RS232 device driver;E:\WINDOWS\system32\Drivers\VSD2XX.sys [2003-10-30 11:03]
S3 WnsDrvr;WnsDrvr;E:\WINDOWS\system32\drivers\WnsDrvr.sys [2008-04-28 19:01]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b41e544-c8bd-11dc-9444-001bfc06720e}]
\Shell\AutoRun\command - H:\Autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"E:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 09:15:00 E:\WINDOWS\Tasks\1-Click Maintenance.job"
- E:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 08:16:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
E:\WINDOWS\system32\scardsvr.exe
E:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
E:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\oodag.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\CTxfispi.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
E:\WINDOWS\system32\notepad.exe
.
**************************************************************************
.
Completion time: 2008-05-29  8:22:27 - machine was rebooted
ComboFix-quarantined-files.txt  2008-05-29 12:22:23
ComboFix2.txt  2008-05-29 11:15:43
ComboFix3.txt  2008-05-28 07:26:09
ComboFix4.txt  2008-05-28 07:10:36
ComboFix5.txt  2008-05-28 06:26:00

Pre-Run: 19,895,484,416 bytes free
Post-Run: 19,982,430,208 bytes free

453	--- E O F ---	2008-05-18 07:00:53



i have multiple propmts popping up when pc starts saying that some dlls are not found



please help

Edited by dazzled101, 29 May 2008 - 07:47 AM.


BC AdBot (Login to Remove)

 


#2 dazzled101

dazzled101
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 29 May 2008 - 07:51 AM

some log from kaspersky

5/29/2008 8:19:54 AM	File E:\ComboFix\Catchme.tmp: detected modification of virus 'Heur.Invader'.
5/29/2008 8:20:00 AM	File e:\documents and settings\administrator\desktop\combofix.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe: detected modification of virus 'Heur.Invader'.
5/29/2008 8:22:28 AM	Process E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (PID: 2060): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_USERS\S-1-5-21-484763869-1214440339-725345543-500\Software\Microsoft\Windows\CurrentVersion\RunOnce, value SpybotDeletingB1450, data command /c del "E:\WINDOWS\system32\xxyabcAQ.dll_old").
5/29/2008 8:22:28 AM	Process E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (PID: 2060): attempt to create list of modules executed during system startup (key HKEY_USERS\S-1-5-21-484763869-1214440339-725345543-500\Software\Microsoft\Windows\CurrentVersion\RunOnce, value SpybotDeletingB1450, data command /c del "E:\WINDOWS\system32\xxyabcAQ.dll_old") allowed.
5/29/2008 8:22:40 AM	Process E:\WINDOWS\regedit.exe (PID: 3008): suspicious action. Attempt to delete list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run, value avp, data "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe").
5/29/2008 8:22:40 AM	Process E:\WINDOWS\regedit.exe (PID: 3008): attempt to delete list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run, value avp, data "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe") allowed.
5/29/2008 8:22:41 AM	Process E:\ComboFix\handle.cfexe (PID: 2152): suspicious action. Attempt to create list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PROCEXP90, value ImagePath, data \??\E:\WINDOWS\system32\Drivers\PROCEXP90.SYS).
5/29/2008 8:22:41 AM	Process E:\ComboFix\handle.cfexe (PID: 2152): attempt to create list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PROCEXP90, value ImagePath, data \??\E:\WINDOWS\system32\Drivers\PROCEXP90.SYS) allowed.
5/29/2008 8:22:56 AM	Process E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (PID: 2060): suspicious action. Attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run, value AVP, data "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe").
5/29/2008 8:22:56 AM	Process E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (PID: 2060): attempt to create list of modules executed during system startup (key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run, value AVP, data "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe") allowed.
5/29/2008 8:48:26 AM	File e:\documents and settings\administrator\desktop\combofix.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe: detected modification of virus 'Heur.Invader'.


#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:01:27 PM

Posted 27 June 2008 - 07:38 AM

Hello dazzled101

Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post. By replying to your own post you removed yourself from the Zero replies category that our helpers look for to work logs and that made you look like you where already being helped.

Download Trendmicros Hijackthis to your desktop.
Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.


Ken

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:01:27 PM

Posted 07 July 2008 - 03:51 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users