Google Redirect Virus

This virus or spyware really pisses me off because when I try to visit sites on google it would send me to these different sites. It won't let me visit tech sites too.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:32 PM, on 11/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\bob\Desktop\Hijack(GP)This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {13A0F024-F5BD-4CB5-962C-3A18ADCCEFDB} - C:\WINDOWS\system32\xxyxXrpO.dll
O2 - BHO: {7a563980-8c49-4649-cc04-64663c3b3a14} - {41a3b3c3-6646-40cc-9464-94c8089365a7} - C:\WINDOWS\system32\hykxln.dll
O2 - BHO: (no name) - {73259091-9574-4ED8-A40F-7F65AFC28634} - C:\WINDOWS\system32\hgGayYPi.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cc46d0b3] rundll32.exe "C:\WINDOWS\system32\wtvknuvg.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {3270EED1-B285-4828-A0A7-F55913A9B724} (S2PlayerPan Class) - http://listen.daum.net/52st/52street/S2MusicPlayer.dll
O16 - DPF: {68B5B09E-9CB4-4E93-A75B-44DD4362120C} (ToonsXContentsPlug Control) - http://comic.daum.net/download/new/ToonsXContentsPlug.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {9B1A393B-ECBD-494A-A2D6-917DA09C7D1A} (BonanzaBHO Class) - http://tvzonedoc15.media.daum.net/pcp_download.php?fhandle=RlBOaEB0dnpvbmVkb2MxNS5tZWRpYS5kYXVtLm5ldDovQTAwMDAwNC8wLzc1LmNhYg==&filename=bonanza.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_4/DaumActiveX.cab?ver=2,0,0,4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: hgGayYPi - C:\WINDOWS\SYSTEM32\hgGayYPi.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7179 bytes

ComboFix 08-11-23.02 - bob 2008-11-24 19:43:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.265 [GMT -8:00]
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\services.exe
c:\windows\system32\byXPFYSj.dll
c:\windows\system32\cghsojus.dll
c:\windows\system32\gvunkvtw.ini
c:\windows\system32\hgGayYPi.dll
c:\windows\system32\hykxln.dll
c:\windows\system32\jvnpolpg.dll
c:\windows\system32\mlJYopoL.dll
c:\windows\system32\oksmgd.dll
c:\windows\system32\OprXxyxx.ini
c:\windows\system32\OprXxyxx.ini2
c:\windows\system32\qsctlxvs.dll
c:\windows\system32\qypudq.dll
c:\windows\system32\rqRHaaby.dll
c:\windows\system32\snjonpwk.dll
c:\windows\system32\ssqRKDuT.dll
c:\windows\system32\sujoshgc.ini
c:\windows\system32\xxyxXrpO.dll
c:\windows\system32\yayVMfGY.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))
.

2008-11-24 19:39 . 2008-11-24 19:49 d-------- C:\-Combo-Fix-
2008-11-23 18:32 . 2008-11-24 19:30 2,274 --a------ c:\windows\system32\TDSSlxwp.dll
2008-11-23 18:32 . 2008-11-23 19:45 527 --a------ c:\windows\system32\TDSSosvd.dat
2008-11-23 18:17 . 2008-11-23 18:17 d-------- C:\Temp
2008-11-23 18:17 . 2008-11-23 18:17 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-23 18:17 . 2008-11-23 18:17 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-22 20:51 . 2008-11-22 20:51 d-------- c:\documents and settings\bob\Application Data\GRETECH
2008-11-22 20:51 . 2008-11-22 20:51 d-------- c:\documents and settings\All Users\Application Data\GRETECH
2008-11-22 20:50 . 2008-11-22 20:50 d-------- c:\program files\GRETECH
2008-11-22 20:48 . 2008-11-22 20:48 28 --a------ c:\windows\v2d.INI
2008-11-22 20:37 . 2008-11-22 20:37 d-------- C:\v2d
2008-11-22 20:36 . 2008-11-22 20:49 d-------- c:\program files\Free MKV Video2Dvd
2008-11-22 20:23 . 2008-11-22 20:30 d-------- c:\program files\Avi2Dvd
2008-11-22 12:23 . 2008-11-22 12:23 176 --a------ c:\windows\system32\msexcr.ini
2008-11-08 23:46 . 2008-11-08 23:46 d-------- c:\documents and settings\bob\Application Data\2K Sports
2008-10-31 20:07 . 2008-11-04 19:23 331,776 --a------ c:\windows\system\rundlI32.exe
2008-10-31 20:07 . 2008-11-04 19:23 278,528 --a------ c:\windows\system\run.dll
2008-10-26 21:10 . 2008-10-26 21:10 d-------- c:\documents and settings\com\Application Data\acccore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 20:50 --------- d-----w c:\program files\Steam
2008-11-23 04:31 --------- d-----w c:\program files\AviSynth 2.5
2008-11-23 04:15 --------- d-----w c:\documents and settings\bob\Application Data\uTorrent
2008-11-23 02:56 --------- d-----w c:\program files\Starcraft
2008-11-22 07:22 --------- d-----w c:\documents and settings\bob\Application Data\FrostWire
2008-11-18 03:46 2,560 -c--a-w c:\windows\_MSRSTRT.EXE
2008-11-15 19:48 --------- d-----w c:\documents and settings\com\Application Data\uTorrent
2008-11-12 05:01 --------- d-----w c:\program files\iPod
2008-11-12 04:26 --------- d-----w c:\documents and settings\bob\Application Data\Apple Computer
2008-10-25 20:22 --------- d-----w c:\program files\World of Warcraft
2008-10-12 19:55 --------- d-----w c:\program files\iTunes
2008-10-12 19:54 --------- d-----w c:\program files\Apple Software Update
2008-10-12 19:53 --------- d-----w c:\program files\Common Files\Apple
2008-10-12 06:58 --------- d-----w c:\program files\winpwn
2008-10-12 06:57 --------- d-----w c:\program files\iTunesblah
2008-10-12 06:56 --------- d-----w c:\program files\Bonjour
2008-10-09 05:56 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-10-08 20:08 --------- d-----w c:\program files\Common Files\Stardock
2008-10-08 05:15 --------- d-----w c:\program files\IconTweaker
2008-10-08 05:15 --------- d-----w c:\documents and settings\bob\Application Data\IconTweaker
2008-10-08 04:46 --------- d-----w c:\program files\Conduit
2008-10-08 04:18 --------- d-----w c:\program files\Google
2008-10-08 04:15 --------- d-----w c:\program files\boost
2008-10-06 05:11 --------- d-----w c:\program files\Alcohol Soft
2008-09-26 04:20 --------- d-----w c:\program files\WinSCP
2008-09-25 05:38 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-09-25 05:38 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-09-25 05:31 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-03-23 23:46 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008032320080324\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-05-19 136600]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=hykxln.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^bob^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\bob\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-06-19 09:51 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HncUpdate]
-ra--c--- 2004-10-31 13:05 241664 c:\windows\system32\HncUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 09:51 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-05-17 17:48 77824 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"wuauserv"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:mysqld-nt

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-02-20 24652]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2004-08-03 3584]
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\documents and settings\bob\Desktop\Risk's Hackpack\MoonLight Engine 1129.1\IlvMoney1129.sys []
S3 MzBot.sys;MzBot.sys;\??\c:\windows\system32\MzBot.sys [2007-04-01 3584]
S3 ROCKSTAR;ROCKSTAR;\??\c:\documents and settings\bob\Desktop\Dspider0 v57\Dspider0 v57\ksysdrv.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-10-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe []

2008-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A5A2642F-DEAB-439A-B3CC-21EB99CE6C55} - c:\windows\system32\xxyxXrpO.dll
BHO-{ab1e0026-2b04-4dd2-86f1-89c24c3ccd11} - c:\windows\system32\oksmgd.dll
HKCU-Run-Aim6 - (no file)
MSConfigStartUp-AHNSD - c:\program files\AhnLab\Smart Update Utility\AhnSD.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-ViOrb - c:\program files\ViOrb\ViOrb.exe
MSConfigStartUp-ViStart - c:\program files\ViStart\ViStart.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\bob\Application Data\Mozilla\Firefox\Profiles\6x4ektyk.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 19:49:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\rsaenh.dll

- - - - - - - > 'lsass.exe'(600)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-24 19:51:53 - machine was rebooted [bob]
ComboFix-quarantined-files.txt 2008-11-25 03:51:49

Pre-Run: 136,383,889,408 bytes free
Post-Run: 136,405,291,008 bytes free

217 --- E O F --- 2008-01-11 21:56:05

Hello.
Nearly there, lets keep going.

Nearly there.

Now open a new notepad file.
Input this into the notepad file:

Driver::
Viewpoint Manager Service

File::
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system\rundlI32.exe
c:\windows\system\run.dll

Folder::
c:\program files\Viewpoint

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

I pm'd you the combofix log and thanks for your help

Hello, please post all logs in the open forum, thank you.

ComboFix 08-11-23.02 - bob 2008-11-25 19:15:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.196 [GMT -8:00]
Running from: c:\documents and settings\bob\Desktop\-Combo-Fix-.exe
Command switches used :: c:\documents and settings\bob\Desktop\CFscript.txt
* Created a new restore point
* Resident AV is active


FILE ::
c:\windows\system\run.dll
c:\windows\system\rundlI32.exe
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSosvd.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VETscriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
c:\windows\system\run.dll
c:\windows\system\rundlI32.exe
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSosvd.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2008-10-26 to 2008-11-26 )))))))))))))))))))))))))))))))
.

2008-11-25 19:13 . 2008-11-25 19:21 d-------- C:\-Combo-Fix-
2008-11-24 22:19 . 2008-11-25 19:11 1,393 --a------ c:\windows\imsins.BAK
2008-11-24 20:40 . 2008-11-24 20:40 d-------- c:\program files\Lavasoft
2008-11-24 20:40 . 2008-11-24 20:44 d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-24 20:39 . 2008-11-24 20:39 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-24 20:09 . 2008-11-24 20:08 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-24 19:57 . 2008-11-24 20:29 d-------- c:\windows\system32\CatRoot_bak
2008-11-24 19:56 . 2008-06-13 05:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-24 19:56 . 2008-06-13 05:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-23 18:17 . 2008-11-23 18:17 d-------- C:\Temp
2008-11-23 18:17 . 2008-11-23 18:17 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-23 18:17 . 2008-11-23 18:17 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-22 20:51 . 2008-11-22 20:51 d-------- c:\documents and settings\bob\Application Data\GRETECH
2008-11-22 20:51 . 2008-11-22 20:51 d-------- c:\documents and settings\All Users\Application Data\GRETECH
2008-11-22 20:50 . 2008-11-22 20:50 d-------- c:\program files\GRETECH
2008-11-22 20:48 . 2008-11-22 20:48 28 --a------ c:\windows\v2d.INI
2008-11-22 20:37 . 2008-11-22 20:37 d-------- C:\v2d
2008-11-22 20:36 . 2008-11-22 20:49 d-------- c:\program files\Free MKV Video2Dvd
2008-11-22 20:23 . 2008-11-22 20:30 d-------- c:\program files\Avi2Dvd
2008-11-22 12:23 . 2008-11-22 12:23 176 --a------ c:\windows\system32\msexcr.ini
2008-11-08 23:46 . 2008-11-08 23:46 d-------- c:\documents and settings\bob\Application Data\2K Sports
2008-10-26 21:10 . 2008-10-26 21:10 d-------- c:\documents and settings\com\Application Data\acccore

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 20:50 --------- d-----w c:\program files\Steam
2008-11-23 04:31 --------- d-----w c:\program files\AviSynth 2.5
2008-11-23 04:15 --------- d-----w c:\documents and settings\bob\Application Data\uTorrent
2008-11-23 02:56 --------- d-----w c:\program files\Starcraft
2008-11-22 07:22 --------- d-----w c:\documents and settings\bob\Application Data\FrostWire
2008-11-18 03:46 2,560 -c--a-w c:\windows\_MSRSTRT.EXE
2008-11-15 19:48 --------- d-----w c:\documents and settings\com\Application Data\uTorrent
2008-11-12 05:01 --------- d-----w c:\program files\iPod
2008-11-12 04:26 --------- d-----w c:\documents and settings\bob\Application Data\Apple Computer
2008-10-25 20:22 --------- d-----w c:\program files\World of Warcraft
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-12 19:55 --------- d-----w c:\program files\iTunes
2008-10-12 19:54 --------- d-----w c:\program files\Apple Software Update
2008-10-12 19:53 --------- d-----w c:\program files\Common Files\Apple
2008-10-12 06:58 --------- d-----w c:\program files\winpwn
2008-10-12 06:57 --------- d-----w c:\program files\iTunesblah
2008-10-12 06:56 --------- d-----w c:\program files\Bonjour
2008-10-09 05:56 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-10-08 20:08 --------- d-----w c:\program files\Common Files\Stardock
2008-10-08 05:15 --------- d-----w c:\program files\IconTweaker
2008-10-08 05:15 --------- d-----w c:\documents and settings\bob\Application Data\IconTweaker
2008-10-08 04:46 --------- d-----w c:\program files\Conduit
2008-10-08 04:18 --------- d-----w c:\program files\Google
2008-10-08 04:15 --------- d-----w c:\program files\boost
2008-10-06 05:11 --------- d-----w c:\program files\Alcohol Soft
2008-09-26 04:20 --------- d-----w c:\program files\WinSCP
2008-03-23 23:46 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008032320080324\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-24_19.51.17.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-24 16:28:00 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll
- 2008-01-11 21:28:57 1,257,472 -c--a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-11-25 06:21:28 1,265,664 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-01-11 21:29:00 1,224,704 -c--a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-11-25 06:21:30 1,232,896 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-11-25 06:21:44 61,440 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_407c9401\CustomMarshalers.dll
+ 2008-11-25 06:22:17 118,784 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_f13a0469\CustomMarshalers.dll
+ 2008-11-25 06:22:10 3,391,488 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8aeec7da\mscorlib.dll
+ 2008-11-25 06:22:35 8,908,800 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c808f62e\mscorlib.dll
+ 2008-11-25 06:22:29 3,395,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_20c2b9bb\System.Design.dll
+ 2008-11-25 06:22:05 1,470,464 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_419e4eba\System.Design.dll
+ 2008-11-25 06:22:18 192,512 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_2e92cff0\System.Drawing.Design.dll
+ 2008-11-25 06:21:48 90,112 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_a5761a0d\System.Drawing.Design.dll
+ 2008-11-25 06:22:07 835,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_628a3945\System.Drawing.dll
+ 2008-11-25 06:22:31 2,244,608 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_9e765954\System.Drawing.dll
+ 2008-11-25 06:22:23 7,884,800 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7d08d982\System.Windows.Forms.dll
+ 2008-11-25 06:21:56 3,018,752 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_9f75b7f0\System.Windows.Forms.dll
+ 2008-11-25 06:22:01 2,088,960 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_318b2811\System.Xml.dll
+ 2008-11-25 06:22:27 5,513,216 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f14e7daa\System.Xml.dll
+ 2008-11-25 06:22:16 4,788,224 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_07599ee6\System.dll
+ 2008-11-25 06:21:42 1,966,080 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_29af1d4a\System.dll
+ 2008-06-13 13:10:50 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 -c----w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 -c----w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2007-10-10 23:55:51 124,928 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2007-08-14 02:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2007-10-10 23:55:51 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2007-10-10 23:55:51 132,608 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2007-10-10 23:55:51 63,488 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2007-10-10 10:59:40 70,656 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2007-10-10 23:55:51 153,088 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2007-10-10 23:55:51 230,400 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2007-10-10 05:46:55 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2007-10-10 23:55:52 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2007-10-10 23:55:52 384,512 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2007-10-10 23:55:54 6,065,664 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2007-10-10 23:55:55 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2007-10-10 23:55:55 267,776 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2007-10-10 10:59:40 13,824 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2007-10-10 10:59:52 625,152 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2007-10-10 23:55:56 27,648 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2007-10-10 23:55:56 459,264 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2007-10-10 23:55:56 52,224 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2007-10-31 13:12:30 3,590,656 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2007-10-10 23:55:58 478,208 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2007-10-10 23:55:58 193,024 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2007-10-10 23:55:59 671,232 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2007-10-10 23:55:59 102,400 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2007-08-14 02:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2007-10-10 23:55:59 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2007-10-10 23:56:00 1,159,680 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2007-10-10 23:56:00 232,960 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2007-10-10 23:56:00 824,832 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
- 2004-07-15 09:49:16 258,048 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-14 05:30:52 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 09:49:22 32,768 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-14 05:30:52 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-15 08:32:22 81,920 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-14 04:57:52 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 02:09:14 86,016 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-14 04:57:58 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-15 08:25:06 315,392 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-14 04:56:30 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 08:33:04 102,400 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-14 04:58:00 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 22:29:02 2,138,112 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-14 04:50:46 2,142,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-21 02:09:18 77,824 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-14 04:58:02 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-15 08:26:52 2,510,848 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-14 04:57:00 2,523,136 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-15 08:28:34 2,502,656 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-14 04:57:28 2,514,944 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-11 00:20:00 106,496 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-16 00:11:26 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-15 09:49:16 258,048 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1292\_aspnet_isapi.dll
+ 2004-07-15 08:32:22 81,920 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1292\_CORPerfMonExt.dll
+ 2004-07-15 08:24:30 282,624 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1292\_fusion.dll
+ 2004-07-15 08:25:06 315,392 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1292\_mscorjit.dll
+ 2004-07-15 22:29:02 2,138,112 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1292\_mscorlib.dll
+ 2003-02-21 02:09:18 77,824 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1292\_mscorsn.dll
+ 2004-07-15 08:26:52 2,510,848 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1292\_mscorsvr.dll
+ 2004-07-15 08:28:34 2,502,656 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1292\_mscorwks.dll
+ 2003-02-21 11:42:22 348,160 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1292\_msvcr71.dll
+ 2004-07-15 08:34:50 94,208 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1292\_PerfCounter.dll
- 2004-07-15 22:31:16 1,224,704 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-14 05:35:38 1,232,896 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-07-15 22:29:00 1,257,472 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-14 05:35:46 1,265,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

- 2007-10-10 23:55:51 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
- 2007-07-31 02:19:20 92,504 -c--a-w c:\windows\system32\cdm.dll
+ 2008-10-16 22:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2008-05-20 02:41:45 410,976 -c--a-w c:\windows\system32\deploytk.dll
+ 2008-11-25 04:08:42 410,976 -c--a-w c:\windows\system32\deploytk.dll
- 2007-10-10 23:55:51 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 01:07:00 138,496 -c--a-w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c--a-w c:\windows\system32\dllcache\afd.sys
- 2007-07-31 02:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 22:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2007-08-14 02:35:46 346,624 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2007-10-10 23:55:51 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2005-07-26 04:39:45 243,200 -c--a-w c:\windows\system32\dllcache\es.dll
+ 2008-07-07 20:32:22 253,952 -c--a-w c:\windows\system32\dllcache\es.dll
- 2007-10-10 23:55:51 132,608 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
- 2007-10-10 23:55:51 63,488 -c--a-w c:\windows\system32\dllcache\icardie.dll
+ 2008-08-26 07:24:28 63,488 -c--a-w c:\windows\system32\dllcache\icardie.dll
- 2007-10-10 10:59:40 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2007-10-10 23:55:51 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2007-10-10 23:55:51 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2007-10-10 05:46:55 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2007-10-10 23:55:52 383,488 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll
- 2007-10-10 23:55:52 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2007-10-10 23:55:54 6,065,664 -c--a-w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 -c--a-w c:\windows\system32\dllcache\ieframe.dll
- 2007-10-10 23:55:55 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2007-10-10 23:55:55 267,776 -c--a-w c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-26 07:24:29 267,776 -c--a-w c:\windows\system32\dllcache\iertutil.dll
- 2007-10-10 10:59:40 13,824 -c--a-w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 -c--a-w c:\windows\system32\dllcache\ieudinit.exe
- 2007-10-10 10:59:52 625,152 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2007-08-21 06:15:44 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll
- 2007-10-10 23:55:56 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
- 2004-08-04 01:07:00 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
+ 2008-05-01 14:30:33 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
- 2005-06-29 01:46:00 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll
+ 2008-06-24 16:23:05 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll
- 2007-10-10 23:55:56 459,264 -c--a-w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 -c--a-w c:\windows\system32\dllcache\msfeeds.dll
- 2007-10-10 23:55:56 52,224 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-10-31 13:12:30 3,590,656 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2007-10-10 23:55:58 478,208 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2007-10-10 23:55:58 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2007-10-10 23:55:59 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2007-06-26 06:08:16 1,104,896 -c--a-w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll
- 2006-08-17 12:28:27 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll
- 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
- 2007-10-10 23:55:59 102,400 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-08-26 07:24:30 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2007-08-14 02:36:12 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 -c--a-w c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c--a-w c:\windows\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w c:\windows\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys
- 2006-08-14 10:34:41 332,928 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2007-10-10 23:55:59 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-08-26 07:24:30 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2007-10-10 23:56:00 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2007-10-10 23:56:00 232,960 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-09-06 07:30:42 241,704 -c----w c:\windows\system32\dllcache\wgaLogon.dll
+ 2008-09-06 07:29:58 917,032 -c----w c:\windows\system32\dllcache\WgaTray.exe
- 2007-03-08 13:47:48 1,843,584 -c--a-w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 -c--a-w c:\windows\system32\dllcache\win32k.sys
- 2007-10-10 23:56:00 824,832 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2007-07-31 02:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 22:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2007-07-31 02:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 22:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-31 02:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 22:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

- 2007-07-31 02:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 22:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2007-07-31 02:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 22:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2007-07-31 02:19:28 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 22:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2004-08-04 01:07:00 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-04-29 19:19:50 12,960 ----a-w c:\windows\system32\drivers\Awrtpd.sys
+ 2008-04-29 19:19:54 15,648 ----a-w c:\windows\system32\drivers\Awrtrd.sys
+ 2008-04-29 19:20:00 15,648 ----a-w c:\windows\system32\drivers\NSDriver.sys
- 2006-07-13 08:48:58 202,240 -c--a-w c:\windows\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys
- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys
- 2007-08-14 02:35:46 346,624 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2007-10-10 23:55:51 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2005-07-26 04:39:45 243,200 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll
- 2007-10-10 23:55:51 132,608 ------w c:\windows\system32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ------w c:\windows\system32\extmgr.dll
- 2008-11-23 18:56:50 300,968 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-26 03:08:27 300,968 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2007-10-10 23:55:51 63,488 -c--a-w c:\windows\system32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
- 2007-10-10 10:59:40 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2007-10-10 23:55:51 153,088 -c----w c:\windows\system32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ------w c:\windows\system32\ieakeng.dll
- 2007-10-10 23:55:51 230,400 -c----w c:\windows\system32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ------w c:\windows\system32\ieaksie.dll
- 2007-10-10 05:46:55 161,792 -c----w c:\windows\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ------w c:\windows\system32\ieakui.dll
- 2007-10-10 23:55:52 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2007-10-10 23:55:52 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2007-10-10 23:55:54 6,065,664 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2007-10-10 23:55:55 44,544 -c----w c:\windows\system32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ------w c:\windows\system32\iernonce.dll
- 2007-10-10 23:55:55 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2007-10-10 10:59:40 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2007-08-21 06:15:44 683,520 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll
- 2008-05-20 02:41:45 139,264 ----a-w c:\windows\system32\java.exe
+ 2008-11-25 04:08:43 144,792 ----a-w c:\windows\system32\java.exe
- 2008-05-20 02:41:46 139,264 -c--a-w c:\windows\system32\javaw.exe
+ 2008-11-25 04:08:43 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-05-20 02:41:46 143,360 -c--a-w c:\windows\system32\javaws.exe
+ 2008-11-25 04:08:43 148,888 ----a-w c:\windows\system32\javaws.exe
- 2007-10-10 23:55:56 27,648 -c----w c:\windows\system32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ------w c:\windows\system32\jsproxy.dll
- 2008-03-30 16:05:45 1,488,688 -c--a-w c:\windows\system32\LegitCheckControl.dll
+ 2008-09-06 07:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll
+ 2008-05-16 19:58:04 12,632 ----a-w c:\windows\system32\lsdelete.exe
- 2008-01-02 18:21:36 17,642,616 -c--a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:26 17,318,336 -c--a-w c:\windows\system32\MRT.exe
- 2005-06-29 01:46:00 74,240 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll
- 2007-10-10 23:55:56 459,264 -c--a-w c:\windows\system32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2007-10-10 23:55:56 52,224 -c--a-w c:\windows\system32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2007-10-31 13:12:30 3,590,656 ----a-w c:\windows\system32\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2007-10-10 23:55:58 478,208 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2007-10-10 23:55:58 193,024 ------w c:\windows\system32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ------w c:\windows\system32\msrating.dll
- 2007-10-10 23:55:59 671,232 -c----w c:\windows\system32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ------w c:\windows\system32\mstime.dll
- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-15 23:43:10 1,320,800 -c--a-w c:\windows\system32\msxml6.dll
+ 2008-08-30 04:06:44 1,350,664 ----a-w c:\windows\system32\msxml6.dll
- 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2007-02-28 08:38:56 2,057,600 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2007-02-28 09:10:58 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
- 2007-10-10 23:55:59 102,400 ----a-w c:\windows\system32\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
- 2007-08-14 02:36:12 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 ----a-w c:\windows\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows\system32\quartz.dll
+ 2008-10-16 22:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 22:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2006-10-17 00:10:58 14,640 -c--a-w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
- 2007-11-13 11:31:11 60,416 -c--a-w c:\windows\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2007-10-10 23:55:59 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
- 2007-10-10 23:56:00 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
- 2007-10-10 23:56:00 232,960 ----a-w c:\windows\system32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-03-30 16:06:03 200,064 -c--a-w c:\windows\system32\WgaLogon.dll
+ 2008-09-06 07:30:42 241,704 ----a-w c:\windows\system32\WgaLogon.dll
- 2008-03-30 16:06:21 332,672 -c--a-w c:\windows\system32\WgaTray.exe
+ 2008-09-06 07:29:58 917,032 ----a-w c:\windows\system32\WgaTray.exe
- 2007-03-08 13:47:48 1,843,584 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\win32k.sys
- 2007-10-10 23:56:00 824,832 ----a-w c:\windows\system32\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
- 2007-07-31 02:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 22:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2007-07-31 02:19:16 53,080 -c--a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 22:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2007-07-31 02:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 22:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2007-07-31 02:19:32 325,976 -c--a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 22:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2007-07-31 02:18:40 33,624 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 22:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2007-07-31 02:19:12 43,352 -c--a-w c:\windows\system32\wups2.dll
+ 2008-10-16 22:09:44 43,544 -c--a-w c:\windows\system32\wups2.dll
- 2007-07-31 02:19:28 203,096 -c--a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 22:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2008-11-26 03:19:40 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_61c.dat
+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^bob^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\bob\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-06-19 09:51 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HncUpdate]
-ra--c--- 2004-10-31 13:05 241664 c:\windows\system32\HncUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 09:51 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-05-17 17:48 77824 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"wuauserv"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:mysqld-nt

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2004-08-03 3584]
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\documents and settings\bob\Desktop\Risk's Hackpack\MoonLight Engine 1129.1\IlvMoney1129.sys []
S3 MzBot.sys;MzBot.sys;\??\c:\windows\system32\MzBot.sys [2007-04-01 3584]
S3 ROCKSTAR;ROCKSTAR;\??\c:\documents and settings\bob\Desktop\Dspider0 v57\Dspider0 v57\ksysdrv.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-10-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe []

2008-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 19:20:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\WgaLogon.dll

- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\WgaTray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-11-25 19:22:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-26 03:22:45
ComboFix2.txt 2008-11-25 03:51:54

Pre-Run: 134,848,598,016 bytes free
Post-Run: 134,832,279,552 bytes free

557 --- E O F --- 2008-11-26 03:12:06

Looks clean, what problems remain?

Computer runs slower or it's just me.

If it's still slow, that probably isn't malware. The logs are clean and there shouldn't be any popups now, the vundo is gone.

Download ATF Cleaner

• Double-click ATF-Cleaner.exe to run the program.
  
• Click Select All found at the bottom of the list.
  
• Click the Empty Selected button.
  

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
  
• Click the Empty Selected button.
  
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
  
• Click the Empty Selected button.
  
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

Please download Purera.exe from HERE

• First, unzip the program.
  
• Double click Purera.exe to open it.
  
• When it opens, press the "Clean" button.
  
• This will open up a menu of options.
  
• Tick the box that says "Check All"
  
• Then press the "Clean Selected" button.
  
• This will start the cleaning proccess.
  
• For a minute or two, Purera.exe may act like it isn't responding, but let it run.
  
• After it's done, it will make a log file of what it's removed, but I don't need to see it.
  

THANK YOU so much.

Glad I could help.
Delete this folder:
C:\Qoobox

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.
====

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck.

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.