Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
Can someone please help me!!!!!
I have just reinstalled everything after somehow getting a mass mailer virus/spyware, which i could not get rid of, which every time I connected to the internet sent hundreds of emails. Now after the reinstall I have something else that norton internet security is calling Vundo. Norton finds and deletes it but after restart it finds it again!! the same goes to spybot S&D.
What happens is every time I open IE I get the page i want but then other instances of IE open on random security/ebay/advert sites.
The pc itself seems fine except it keeps wanting to connect to the internet.
I have run scans with HJT, MBAM & COMBOFIX. there results are below. Please can someone check them and advise on a solution. I will not use internet on my PC but shall use either Son or Daughters laptops.
Many Thanks
Peter
HIJACKTHIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:23, on 31/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/sport/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {12393C54-5D7E-4C73-803A-8FCBB382E709} - (no file)
O2 - BHO: (no name) - {129FA2A1-408C-4824-83A4-5001581FD01E} - C:\WINDOWS\system32\ssqOHaxw.dll
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\ojjmdjdw.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: {7137a0c2-0184-7c28-f114-e6da27722e26} - {62e22772-ad6e-411f-82c7-48102c0a7317} - C:\WINDOWS\system32\bhnaoxpp.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {A1313166-1629-4B38-8181-C840EDA2B0DE} - C:\WINDOWS\system32\urqQhFwt.dll (file missing)
O2 - BHO: (no name) - {C076F22D-B9B1-466C-B152-26C084ACDE25} - C:\WINDOWS\system32\nnnoMFuv.dll
O2 - BHO: (no name) - {FF0FBF02-604F-44C5-83E1-663B03C330E2} - C:\WINDOWS\system32\vtUlMFvW.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BHR] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
O4 - HKLM\..\Run: [18379699] rundll32.exe "C:\WINDOWS\system32\fhyompim.dll",b
O4 - HKLM\..\Run: [BM1b04a505] Rundll32.exe "C:\WINDOWS\system32\ofwqkbht.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1211919208000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211903344765
O20 - Winlogon Notify: ssqOHaxw - C:\WINDOWS\SYSTEM32\ssqOHaxw.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 10245 bytes
MBAM LOG
Malwarebytes' Anti-Malware 1.14
Database version: 808
20:10:22 31/05/2008
mbam-log-5-31-2008 (20-10-05).txt
Scan type: Full Scan (C:\|)
Objects scanned: 138757
Time elapsed: 48 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\ssqOHaxw.dll (Trojan.Vundo) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{514a5c49-0c7d-42c3-a71b-38864a269b7a} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{514a5c49-0c7d-42c3-a71b-38864a269b7a} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{129fa2a1-408c-4824-83a4-5001581fd01e} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{129fa2a1-408c-4824-83a4-5001581fd01e} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqohaxw (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c076f22d-b9b1-466c-b152-26c084acde25} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c076f22d-b9b1-466c-b152-26c084acde25} (Trojan.Vundo) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{129fa2a1-408c-4824-83a4-5001581fd01e} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\18379699 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM1b04a505 (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\ojjmdjdw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqOHaxw.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP63\A0010590.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\ofwqkbht.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\nnnoMFuv.dll (Trojan.Vundo) -> No action taken.
COBOFIX LOG
ComboFix 08-05-29.1 - Peter & Jo 2008-05-31 20:52:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1481 [GMT 1:00]
Running from: C:\Documents and Settings\Peter & Jo\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Peter & Jo\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
Error: Cfiles.dat
Error: Cfolders.dat
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM1b04a505.xml
C:\WINDOWS\system32\bhnaoxpp.dll
C:\WINDOWS\system32\cvieaxjc.ini
C:\WINDOWS\system32\dljrxefp.ini
C:\WINDOWS\system32\ehvithcp.ini
C:\WINDOWS\system32\mipmoyhf.ini
C:\WINDOWS\system32\nnnoMFuv.dll
C:\WINDOWS\system32\ofwqkbht.dll
C:\WINDOWS\system32\pchtivhe.dll
C:\WINDOWS\system32\twFhQqru.ini
C:\WINDOWS\system32\twFhQqru.ini2
C:\WINDOWS\system32\vuFMonnn.ini
C:\WINDOWS\system32\vuFMonnn.ini2
C:\WINDOWS\system32\WvFMlUtv.ini
C:\WINDOWS\system32\WvFMlUtv.ini2
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.
2008-05-31 20:52 . 2008-05-31 20:52 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-05-31 18:46 . 2008-05-31 18:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-31 17:42 . 2008-05-31 17:42 <DIR> d-------- C:\Documents and Settings\Peter & Jo\Application Data\Malwarebytes
2008-05-31 17:41 . 2008-05-31 17:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-31 17:41 . 2008-05-31 17:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-31 17:41 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-31 17:41 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 17:27 . 2008-05-31 17:27 92,160 --a------ C:\WINDOWS\system32\ojjmdjdw.dll
2008-05-30 23:03 . 2008-05-30 23:03 92,160 --a------ C:\WINDOWS\system32\qxxnlyiq.dll
2008-05-30 21:38 . 2008-05-30 21:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-30 21:38 . 2008-05-30 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-30 21:22 . 1998-06-24 13:00 244,024 --a------ C:\WINDOWS\system32\MSFLXGRD.OCX
2008-05-30 21:22 . 2000-05-22 17:00 203,976 --a------ C:\WINDOWS\system32\richtx32.ocx
2008-05-30 21:22 . 1998-06-24 13:00 140,096 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-05-30 21:22 . 2004-03-09 13:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-30 20:33 . 2008-05-30 20:33 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-05-30 16:55 . 2008-05-31 17:15 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2008-05-30 10:58 . 2008-05-30 10:58 92,160 --a------ C:\WINDOWS\system32\iqbufshd.dll
2008-05-30 10:57 . 2008-05-31 20:52 21 --a------ C:\WINDOWS\pskt.ini
2008-05-29 21:55 . 2008-05-30 21:05 465 --a------ C:\WINDOWS\cookies.ini
2008-05-29 17:27 . 2008-05-29 17:27 <DIR> d-------- C:\temp
2008-05-29 15:51 . 2008-05-29 15:59 <DIR> d-------- C:\Documents and Settings\Peter & Jo\Application Data\AdobeUM
2008-05-29 15:36 . 2008-05-29 15:36 280 --ah----- C:\sqmdata00.sqm
2008-05-29 15:36 . 2008-05-29 15:36 244 --ah----- C:\sqmnoopt00.sqm
2008-05-29 15:34 . 2008-05-29 17:04 <DIR> d-------- C:\Program Files\Eraser
2008-05-29 15:34 . 2006-04-09 10:18 610,304 --a------ C:\WINDOWS\system32\eraser.dll
2008-05-29 15:34 . 2006-04-09 10:18 282,624 --a------ C:\WINDOWS\system32\erasext.dll
2008-05-29 15:34 . 2006-04-09 10:18 233,472 --a------ C:\WINDOWS\system32\eraserl.exe
2008-05-29 15:32 . 2008-05-29 15:32 <DIR> d-------- C:\Program Files\MSN Messenger
2008-05-29 15:07 . 2008-05-29 15:07 59,392 --a------ C:\WINDOWS\system32\ssqOHaxw.dll
2008-05-29 14:46 . 2008-05-29 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-29 12:37 . 2008-05-31 20:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-29 12:37 . 2008-05-29 12:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-29 12:35 . 2008-05-29 12:35 <DIR> d-------- C:\Program Files\iTunes
2008-05-29 12:35 . 2008-05-29 12:35 <DIR> d-------- C:\Program Files\iPod
2008-05-29 12:35 . 2008-05-29 12:35 <DIR> d-------- C:\Documents and Settings\Peter & Jo\Application Data\Apple Computer
2008-05-29 12:34 . 2008-05-29 12:34 <DIR> d-------- C:\Program Files\QuickTime
2008-05-29 12:34 . 2008-05-29 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-29 12:33 . 2008-05-29 15:32 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-29 12:33 . 2008-05-29 12:33 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-29 12:33 . 2008-05-29 12:33 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-29 12:33 . 2008-05-29 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-29 12:08 . 2008-05-29 12:08 <DIR> d-------- C:\Program Files\Kontiki
2008-05-29 12:08 . 2008-05-29 12:08 <DIR> d-------- C:\logs3
2008-05-29 12:08 . 2008-05-31 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-05-29 10:26 . 2008-05-29 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-29 09:42 . 2008-05-29 09:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ConeXware
2008-05-29 09:41 . 2008-05-29 15:37 <DIR> d-------- C:\Program Files\PowerArchiver
2008-05-29 09:24 . 2008-05-30 22:55 <DIR> d-------- C:\Program Files\Bonjour
2008-05-29 09:11 . 2008-05-29 09:11 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-29 09:08 . 2008-05-29 09:06 286,720 --a------ C:\WINDOWS\iun507.exe
2008-05-29 09:08 . 2008-05-29 09:08 82 --a------ C:\WINDOWS\system32\RPRID.KEY
2008-05-29 09:07 . 2008-05-29 09:08 <DIR> d-------- C:\Program Files\RescuePRO
2008-05-28 22:03 . 2008-05-28 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Phase One
2008-05-28 22:00 . 2008-05-28 22:00 <DIR> d-------- C:\Program Files\Phase One
2008-05-28 21:33 . 2008-05-28 21:33 <DIR> d-------- C:\Program Files\MSBuild
2008-05-28 21:29 . 2008-05-28 21:29 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-28 21:28 . 2008-05-28 21:28 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-28 21:27 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-28 19:51 . 2008-05-28 19:51 <DIR> d-------- C:\Documents and Settings\Peter & Jo\Application Data\Ahead
2008-05-28 19:49 . 2008-05-28 19:49 <DIR> d-------- C:\Program Files\Nero
2008-05-28 19:49 . 2008-05-29 10:27 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-28 18:27 . 2008-05-28 18:27 <DIR> d-------- C:\Documents and Settings\Peter & Jo\Application Data\HP
2008-05-28 18:26 . 2008-05-28 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-05-28 18:25 . 2008-05-28 18:25 <DIR> d-------- C:\bin
2008-05-28 18:23 . 2008-05-28 18:23 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-28 18:23 . 2008-05-28 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-28 18:22 . 2008-05-28 18:23 <DIR> d-------- C:\Program Files\Common Files\HP
2008-05-28 18:19 . 2008-05-28 18:20 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-05-28 18:19 . 2008-05-28 18:19 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-28 18:18 . 2006-01-04 10:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2008-05-28 18:18 . 2006-04-13 01:04 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-05-28 18:18 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2008-05-28 18:18 . 2006-04-13 01:04 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-05-28 18:18 . 2008-04-13 19:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-28 18:18 . 2008-04-13 19:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-28 18:16 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-28 18:16 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-28 18:16 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-28 18:16 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-28 18:16 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-28 18:16 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-28 18:15 . 2008-05-28 18:26 <DIR> d-------- C:\Program Files\HP
2008-05-28 18:14 . 2008-04-13 19:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-28 18:14 . 2008-04-13 19:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-28 18:12 . 2008-05-28 18:36 117,092 --a------ C:\WINDOWS\hpoins11.dat
2008-05-28 18:09 . 2001-08-15 16:54 9,366 --a------ C:\WINDOWS\DjVuDoc.ico
2008-05-28 18:03 . 2008-05-28 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Calico Pie
2008-05-28 18:02 . 2008-05-28 18:08 <DIR> d-------- C:\Program Files\Family Historian
2008-05-28 17:37 . 2008-05-29 17:07 <DIR> d-------- C:\Program Files\Canon
2008-05-28 17:34 . 2008-05-28 17:37 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-05-28 17:30 . 2008-05-28 17:31 <DIR> d-------- C:\Program Files\Microsoft AutoRoute
2008-05-28 08:45 . 2008-05-28 08:45 376 --a------ C:\WINDOWS\ODBC.INI
2008-05-28 08:44 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-28 08:43 . 2008-05-28 08:43 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-28 08:43 . 2008-05-28 08:43 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-05-28 08:42 . 2008-05-28 08:43 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-28 08:41 . 2008-05-28 08:41 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-28 08:40 . 2008-05-28 08:40 <DIR> dr-h----- C:\MSOCache
2008-05-28 00:06 . 2008-05-28 00:07 <DIR> d-------- C:\WINDOWS\I386
2008-05-28 00:01 . 2008-04-14 01:12 294,912 --a------ C:\WINDOWS\system32\msh263.drv
2008-05-28 00:00 . 2001-08-17 15:02 262,528 --a------ C:\WINDOWS\system32\drivers\cinemst2.sys
2008-05-27 23:59 . 2008-05-31 18:46 <DIR> dr------- C:\Program Files
2008-05-27 23:59 . 2008-05-29 15:47 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-05-27 23:58 . 2008-05-30 20:35 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2008-05-27 23:58 . 2008-05-27 23:58 0 --a------ C:\SMINST
2008-05-27 22:15 . 2008-05-30 22:57 <DIR> d-------- C:\Program Files\Google
2008-05-27 21:16 . 2008-05-27 21:16 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\X10 Commander
2008-05-27 21:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-27 21:14 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-27 21:13 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-27 21:10 . 2008-05-27 21:11 <DIR> d-------- C:\wuagent
2008-05-27 20:01 . 2008-05-27 20:01 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-27 18:51 . 2008-05-27 18:51 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-27 18:49 . 2008-05-27 18:50 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-27 18:46 . 2008-05-27 18:47 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-27 17:37 . 2008-03-01 14:06 459,264 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-27 17:37 . 2008-03-01 14:06 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-27 17:36 . 2008-03-01 14:06 6,066,176 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-27 17:36 . 2007-04-17 10:32 2,455,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-27 17:36 . 2007-03-08 06:10 991,232 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-27 17:36 . 2008-03-01 14:06 383,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-27 17:36 . 2008-03-01 14:06 267,776 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-27 17:36 . 2008-03-01 14:06 63,488 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-27 17:36 . 2008-02-22 11:00 13,824 --a--c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 19:14 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-05-29 15:44 --------- d-----w C:\Program Files\Napster
2008-05-29 15:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-29 15:11 --------- d-----w C:\Program Files\Microsoft Works
2008-05-29 15:07 --------- d-----w C:\Program Files\Musicmatch
2008-05-29 15:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 15:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-05-29 09:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-05-28 18:44 --------- d-----w C:\Program Files\Ahead
2008-05-27 17:49 --------- d-----w C:\Program Files\Windows Media Connect
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:46 85,248 ----a-w C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:46 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 19,200 ----a-w C:\WINDOWS\system32\drivers\wstcodec.sys
2008-04-13 18:46 17,024 ----a-w C:\WINDOWS\system32\drivers\ccdecode.sys
2008-04-13 18:46 15,232 ----a-w C:\WINDOWS\system32\drivers\streamip.sys
2008-04-13 18:46 15,232 ----a-w C:\WINDOWS\system32\drivers\mpe.sys
2008-04-13 18:46 11,776 ----a-w C:\WINDOWS\system32\drivers\bdasup.sys
2008-04-13 18:46 11,136 ----a-w C:\WINDOWS\system32\drivers\slip.sys
2008-04-13 18:46 10,880 ----a-w C:\WINDOWS\system32\drivers\ndisip.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:41 8,576 ----a-w C:\WINDOWS\system32\drivers\i2omgmt.sys
2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:41 18,560 ----a-w C:\WINDOWS\system32\drivers\i2omp.sys
2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 18:39 5,504 ----a-w C:\WINDOWS\system32\drivers\mstee.sys
2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 18:39 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 18:39 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
2008-04-13 18:39 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
2008-04-13 18:39 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys
2008-04-13 18:39 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-13 18:39 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-13 18:38 71,168 ----a-w C:\WINDOWS\system32\drivers\dxg.sys
2008-04-13 18:33 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-13 18:32 66,048 ----a-w C:\WINDOWS\system32\drivers\udfs.sys
2008-04-13 18:32 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys
2008-04-13 18:32 196,224 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
2008-04-13 18:32 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys
2008-04-13 18:32 180,608 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2008-04-13 18:32 129,792 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
2002-11-12 10:36 114,688 ----a-w C:\Program Files\internet explorer\plugins\DjVuControl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12393C54-5D7E-4C73-803A-8FCBB382E709}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{129FA2A1-408C-4824-83A4-5001581FD01E}]
2008-05-29 15:07 59392 --a------ C:\WINDOWS\system32\ssqOHaxw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
2008-05-31 17:27 92160 --a------ C:\WINDOWS\system32\ojjmdjdw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-27 16:31 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1313166-1629-4B38-8181-C840EDA2B0DE}]
C:\WINDOWS\system32\urqQhFwt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF0FBF02-604F-44C5-83E1-663B03C330E2}]
C:\WINDOWS\system32\vtUlMFvW.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 04:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2008-02-27 17:56 1032376]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 06:42 212992]
"Keyboard Status"="C:\PROGRA~1\Medion\KeyStat\KeyStat.exe" [ ]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 23:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-03 03:24 32768]
"Dit"="Dit.exe" [2004-07-21 01:18 90112 C:\WINDOWS\Dit.exe]
"CHotkey"="mHotkey.exe" [2004-02-24 21:05 508416 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2004-02-04 00:15 5794816 C:\WINDOWS\CNYHKey.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-08 22:53 88203 C:\WINDOWS\AGRSMMSG.exe]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-04-07 23:43 127118]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 05:53 714608]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BHR"="C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe" [ ]
"18379699"="C:\WINDOWS\system32\fhyompim.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM 288472]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{129FA2A1-408C-4824-83A4-5001581FD01E}"= C:\WINDOWS\system32\ssqOHaxw.dll [2008-05-29 15:07 59392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqOHaxw]
ssqOHaxw.dll 2008-05-29 15:07 59392 C:\WINDOWS\system32\ssqOHaxw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-02-23 19:57]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]
R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 17:13]
R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 19:07]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-05-31 20:14]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a303923e-b33d-11d9-aee5-001109df94c7}]
\Shell\AutoRun\command - I:\
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5ff044e-afdd-11d9-936f-001109df94c7}]
\Shell\AutoRun\command - I:\
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 11:33:54 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-27 15:25:11 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Peter & Jo.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 20:58:06
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ssqOHaxw.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-05-31 21:02:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-31 20:01:43
Pre-Run: 231,708,266,496 bytes free
Post-Run: 234,933,161,984 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
427 --- E O F --- 2008-05-27 20:10:14
