Help with unknown process file NTV32.exe

I've seem to have gotten this unknown process called "ntv32.exe "
With it running it shuts off my task manager right after I open it, even regedit

Now I finally terminated it running cmd using the command taskkill and now I can open regedit and taskmanager without it closing a second after.

I can't come across any information on this process and ran a virus scan using Kaspersky and a Hijackthis log doesn't detect anything. I can't even find it in my windows system folder.

Someone help me get rid of this evil thing!

 

Welcome to WindowsBBS Burzum

Please read through this topic, install HijackThis and run a scan, creating a logfile. We won't need that log so you can close it.
Next, download and run Deckards System Scanner and post the main.txt log it creates.

 

OK here's my log
It seems to be in system32 but hidden somehow.

Deckard's System Scanner v20071014.68
Run by Mikey on 2008-07-07 12:12:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mikey.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:03 PM, on 7/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntv32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mikey\My Documents\dss.exe
C:\DOCUME~1\Mikey\MYDOCU~1\DOWNLO~1\Programs\Mikey.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\ntv32.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212366452607
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4943 bytes

-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-06 21:12:31 221184 --a------ C:\WINDOWS\system32\wmpns.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
2008-07-06 21:11:13 0 d-------- C:\WINDOWS\Prefetch
2008-07-06 21:01:47 0 d-------- C:\WINDOWS\system32\scripting
2008-07-06 21:01:46 0 d-------- C:\WINDOWS\l2schemas
2008-07-06 21:01:45 0 d-------- C:\WINDOWS\system32\en
2008-07-06 21:01:44 0 d-------- C:\WINDOWS\system32\bits
2008-07-06 20:57:28 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-06 20:54:34 0 d-------- C:\WINDOWS\network diagnostic
2008-07-06 19:50:09 0 d--hs---- C:\found.000
2008-07-06 19:13:31 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-06 19:13:31 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-06 19:13:31 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-06 19:13:31 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-06 19:13:31 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-06 19:13:31 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-06 19:13:31 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-06 19:13:31 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-06 19:13:31 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-06 19:13:31 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-06 19:13:31 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-06 19:13:31 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-06 19:13:31 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-06 19:13:31 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-06 19:08:17 0 d-------- C:\WINDOWS\pss
2008-07-06 19:03:43 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-07-03 13:45:37 0 d-------- C:\WINDOWS\Sun
2008-07-03 13:45:37 0 d-------- C:\Documents and Settings\Mikey\Application Data\Sun
2008-06-28 20:52:28 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-06-28 20:43:16 0 d-------- C:\Program Files\AviSynth 2.5
2008-06-26 17:31:35 0 d-------- C:\Program Files\Soulseek
2008-06-26 16:56:06 0 d-------- C:\Movies
2008-06-26 10:27:49 0 d-------- C:\Documents and Settings\All Users\Application Data\EPS
2008-06-25 17:06:12 52301 --a------ C:\WINDOWS\system32\uninstall.exe
2008-06-24 17:56:18 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-24 17:56:14 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-24 17:55:29 0 d-------- C:\Program Files\Microsoft.NET
2008-06-24 17:52:26 0 dr-h----- C:\MSOCache
2008-06-23 17:37:31 0 d-------- C:\Program Files\Java
2008-06-23 17:36:58 0 d-------- C:\Program Files\Common Files\Java
2008-06-23 13:58:56 0 dr-h----- C:\Documents and Settings\Mikey\Recent
2008-06-19 19:52:33 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-13 18:00:59 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-10 21:39:31 0 d-------- C:\run
2008-06-08 11:59:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-06-08 11:52:59 0 d-------- C:\Program Files\Elaborate Bytes
2008-06-07 15:13:06 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-07 15:10:16 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-07 15:10:09 0 d-------- C:\Documents and Settings\Mikey\Application Data\DAEMON Tools


-- Find3M Report ---------------------------------------------------------------

2008-07-07 12:02:18 0 d-------- C:\Documents and Settings\Mikey\Application Data\DMCache
2008-07-07 11:46:36 0 d-------- C:\Documents and Settings\Mikey\Application Data\uTorrent
2008-07-07 11:28:07 0 d-------- C:\Program Files\eMule
2008-07-06 21:02:38 0 d-------- C:\Program Files\Messenger
2008-07-06 21:01:44 0 d-------- C:\Program Files\Movie Maker
2008-07-06 20:57:04 0 d-------- C:\Program Files\Windows NT
2008-07-05 20:42:54 0 d-------- C:\Documents and Settings\Mikey\Application Data\U3
2008-07-05 00:25:24 0 d-------- C:\Program Files\Common Files\Nero
2008-07-04 20:14:59 0 d-------- C:\Documents and Settings\Mikey\Application Data\dvdcss
2008-06-24 17:56:03 0 d-------- C:\Program Files\Common Files
2008-06-17 13:42:54 0 d-------- C:\Documents and Settings\Mikey\Application Data\Mozilla
2008-06-13 22:48:34 0 d-------- C:\Documents and Settings\Mikey\Application Data\IDM
2008-06-13 18:00:56 0 d-------- C:\Program Files\Opera
2008-06-06 03:00:37 0 d-------- C:\Program Files\MSXML 4.0
2008-06-05 12:19:07 0 d-------- C:\Program Files\DVD Shrink
2008-06-05 10:25:34 0 d-------- C:\Documents and Settings\Mikey\Application Data\Nero
2008-06-05 10:22:41 0 d-------- C:\Program Files\Nero
2008-06-04 11:17:46 0 d-------- C:\Program Files\Internet Download Manager
2008-06-04 03:02:38 0 d-------- C:\Program Files\MSXML 6.0
2008-06-03 11:15:59 0 d-------- C:\Program Files\madmax
2008-06-03 11:11:40 0 d-------- C:\Program Files\Accessdiver
2008-06-02 20:26:19 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-02 19:10:38 0 d-------- C:\Program Files\MSBuild
2008-06-02 18:47:10 0 d-------- C:\Program Files\Reference Assemblies
2008-06-01 22:04:30 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-01 20:47:33 0 d-------- C:\Program Files\illiminable
2008-06-01 19:34:24 0 d-------- C:\Documents and Settings\Mikey\Application Data\Macromedia
2008-06-01 19:34:23 0 d-------- C:\Documents and Settings\Mikey\Application Data\Adobe
2008-06-01 19:02:02 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-01 18:21:18 0 d-------- C:\Program Files\SiS7012
2008-06-01 18:21:05 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-01 18:19:56 0 d-------- C:\Documents and Settings\Mikey\Application Data\WinRAR
2008-06-01 18:19:28 0 d-------- C:\Documents and Settings\Mikey\Application Data\vlc
2008-06-01 18:14:55 0 d-------- C:\Program Files\VideoLAN
2008-06-01 17:22:31 0 d-------- C:\Documents and Settings\Mikey\Application Data\Identities
2008-06-01 16:39:16 0 d-------- C:\Program Files\microsoft frontpage
2008-06-01 16:38:55 0 -rahs---- C:\MSDOS.SYS
2008-06-01 16:38:55 0 -rahs---- C:\IO.SYS
2008-06-01 16:38:55 0 --a------ C:\CONFIG.SYS
2008-06-01 16:38:55 0 --a------ C:\AUTOEXEC.BAT
2008-06-01 16:37:12 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-01 16:37:08 0 d-------- C:\Program Files\Online Services
2008-06-01 16:36:10 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-01 16:35:06 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-01 16:34:31 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-01 09:08:52 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-01 09:08:49 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-01 09:08:18 62 --ahs---- C:\Documents and Settings\Mikey\Application Data\desktop.ini
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP "= "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz "= "nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
"NeroFilterCheck "= "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [04/28/2008 05:14 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"MSConfig "= "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [04/13/2008 05:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan "= "C:\Program Files\Internet Download Manager\IDMan.exe" [06/01/2008 10:36 PM]
"Windows Update "= "C:\WINDOWS\system32\ntv32.exe" [08/04/2004 05:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- "G:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e70840bb-3372-11dd-99f7-0018f8ac60ac}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f24ac82d-3b1d-11dd-894e-0018f8ac60ac}]
AutoRun\command- "E:\Install FreeAgent Tools.exe" /run


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CBC86A61-B52C-B9FE-F270-A31E17DEBF4D}]
C:\WINDOWS\system32\ntv32.exe



-- End of Deckard's System Scanner: finished at 2008-07-07 12:18:43 ------------

 

Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Wow whatever that program did it seemed to have had gotten rid of it.


ComboFix 08-07-05.1 - Mikey 2008-07-07 15:50:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.247 [GMT -7:00]
Running from: C:\Documents and Settings\Mikey\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\uninstall.exe
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.

2008-07-07 13:33 . 2008-07-07 14:52 361,344 --a--c--- C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-07-07 12:12 . 2008-07-07 12:12 <DIR> d-------- C:\Deckard
2008-07-06 21:12 . 2004-08-04 05:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-06 21:01 . 2008-07-06 21:01 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-06 21:01 . 2008-07-06 21:01 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-06 21:01 . 2008-07-06 21:01 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-06 21:01 . 2008-07-06 21:01 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-06 20:57 . 2008-07-06 21:02 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-06 20:26 . 2008-04-13 17:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-07-06 20:25 . 2008-04-13 17:10 102,912 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-07-06 20:24 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-06 20:23 . 2008-04-13 17:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-07-06 19:50 . 2008-07-06 19:50 <DIR> d--hs---- C:\found.000
2008-07-06 19:13 . 2008-07-06 19:13 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-06 19:03 . 2005-08-09 18:35 2,639,365 --------- C:\WINDOWS\C-Sploiter-final.CAB
2008-07-06 19:03 . 2008-07-06 19:03 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-07-06 19:03 . 2008-07-06 19:03 340 --a------ C:\WINDOWS\ST6UNST.000
2008-07-06 17:24 . 2008-07-07 15:50 108,336 --a------ C:\WINDOWS\system32\mswinsck.ocx
2008-07-04 10:16 . 2008-07-03 20:53 3,454,724,096 --a------ C:\panterahomevideos.img
2008-07-03 13:45 . 2008-07-03 13:45 <DIR> d-------- C:\WINDOWS\Sun
2008-06-30 20:02 . 2008-06-30 20:05 79,204,244 --a------ C:\wc_and_the_madd_circle-the_one-1995-vDz.mpg
2008-06-28 20:52 . 2008-06-28 20:52 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-06-28 20:43 . 2008-06-30 16:47 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-06-28 20:41 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-26 17:31 . 2008-07-02 01:27 <DIR> d-------- C:\Program Files\Soulseek
2008-06-26 16:56 . 2008-06-27 19:57 <DIR> d-------- C:\Movies
2008-06-26 10:33 . 2008-07-07 13:33 361,344 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-06-26 10:27 . 2008-06-30 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPS
2008-06-24 17:57 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-24 17:57 . 2008-06-24 17:57 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-24 17:56 . 2008-06-24 17:56 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-24 17:56 . 2008-06-24 17:56 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-24 17:55 . 2008-06-24 17:55 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-24 17:52 . 2008-06-24 17:52 <DIR> dr-h----- C:\MSOCache
2008-06-23 17:38 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-23 17:37 . 2008-06-23 17:38 <DIR> d-------- C:\Program Files\Java
2008-06-23 17:36 . 2008-06-23 17:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-19 19:52 . 2008-06-19 19:52 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-10 21:39 . 2008-07-06 15:09 <DIR> d-------- C:\run
2008-06-10 19:48 . 2008-06-13 04:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 19:48 . 2008-06-13 04:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 19:48 . 2008-05-08 07:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-08 11:59 . 2008-06-08 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-06-08 11:54 . 2008-06-08 11:59 48 ---hs---- C:\WINDOWS\S8A6D8144.tmp
2008-06-08 11:52 . 2008-06-17 15:55 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-06-07 15:13 . 2008-06-07 15:13 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-07 15:10 . 2008-06-07 15:10 <DIR> d-------- C:\Documents and Settings\Mikey\Application Data\DAEMON Tools
2008-06-07 15:10 . 2008-06-07 15:10 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 22:54 627,744 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-07 22:54 19,948,576 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-07 22:48 --------- d-----w C:\Documents and Settings\Mikey\Application Data\DMCache
2008-07-07 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-07 22:46 65,972 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-07 22:46 277,280 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-07 21:52 361,344 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-07-07 18:46 --------- d-----w C:\Documents and Settings\Mikey\Application Data\uTorrent
2008-07-07 18:28 --------- d-----w C:\Program Files\eMule
2008-07-06 03:42 --------- d-----w C:\Documents and Settings\Mikey\Application Data\U3
2008-07-05 07:25 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-05 03:14 --------- d-----w C:\Documents and Settings\Mikey\Application Data\dvdcss
2008-06-29 05:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-14 05:48 --------- d-----w C:\Documents and Settings\Mikey\Application Data\IDM
2008-06-14 01:00 --------- d-----w C:\Program Files\Opera
2008-06-06 10:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-05 19:19 --------- d-----w C:\Program Files\DVD Shrink
2008-06-05 17:25 --------- d-----w C:\Documents and Settings\Mikey\Application Data\Nero
2008-06-05 17:22 --------- d-----w C:\Program Files\Nero
2008-06-05 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-04 18:17 --------- d-----w C:\Program Files\Internet Download Manager
2008-06-04 10:02 --------- d-----w C:\Program Files\MSXML 6.0
2008-06-03 18:15 --------- d-----w C:\Program Files\madmax
2008-06-03 18:11 --------- d-----w C:\Program Files\Accessdiver
2008-06-03 02:10 --------- d-----w C:\Program Files\MSBuild
2008-06-03 01:47 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-02 05:04 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-02 03:47 --------- d-----w C:\Program Files\illiminable
2008-06-02 02:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-02 02:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-02 02:10 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-06-02 02:10 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-06-02 02:10 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-02 02:02 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-02 01:21 --------- d-----w C:\Program Files\SiS7012
2008-06-02 01:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-02 01:19 --------- d-----w C:\Documents and Settings\Mikey\Application Data\vlc
2008-06-02 01:14 --------- d-----w C:\Program Files\VideoLAN
2008-06-01 23:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-01 00:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-14 12:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 12:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 12:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2004-08-04 12:00 794,975 --sh--w C:\WINDOWS\system32\ntv32.exe
.

------- Sigcheck -------

2008-02-16 02:32 666112 bb1eacd6ab47e78ebca02eb781550d55 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2004-08-04 05:00 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 01:59 659456 0c690e77c0e924c45b4d7045b182fff1 C:\WINDOWS\ie7\wininet.dll
2008-04-13 17:12 666112 7a4f775abb2f1c97def3e73afa2faedd C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-04-13 17:12 666112 7a4f775abb2f1c97def3e73afa2faedd C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\system32\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-26 10:33 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\tcpip.sys
2008-07-07 14:52 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-07-07 14:52 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan "= "C:\Program Files\Internet Download Manager\IDMan.exe" [2008-06-01 22:36 2594224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"NeroFilterCheck "= "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"nwiz "= "nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds "= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Documents and Settings\\Mikey\\Desktop\\utorrent.exe "=
"C:\\kav\\kav7\\setup.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2004-11-03 14:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - "G:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e70840bb-3372-11dd-99f7-0018f8ac60ac}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CBC86A61-B52C-B9FE-F270-A31E17DEBF4D}]
C:\WINDOWS\system32\ntv32.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 15:54:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-07 15:56:36
ComboFix-quarantined-files.txt 2008-07-07 22:56:32

Pre-Run: 27,678,068,736 bytes free
Post-Run: 27,662,319,616 bytes free

218 --- E O F --- 2008-06-26 23:18:38

 

Please copy the bolded command below.

attrib -h -s C:\WINDOWS\system32\ntv32.exe

Click Start>Run and type cmd then hit Enter to open a command window.
Right click in the command window and paste the command, then hit Enter
Close the command window
Now, please upload the C:\WINDOWS\system32\ntv32.exe file to my submission channel for analysis. Leave a link back to this topic.

Thanks!


It will be a while (couple hours maybe) before I have a chance to review your log in depth and post further instructions. I also want to have a look at that file first.

 

What exactly did that command do, restore back in system32?

I did exactly that and deleted the file right after I uploaded it.

It also did not give me a link it says as read:

 

The command removed the hidden and system attributes. Would have been advisable to analyze the file before deleting it though. Thanks for the upload!

I'll post back a bit later with further instructions.

 

ntv32.exe is definitely a baddie.

Are you familiar with this file?
C:\WINDOWS\C-Sploiter-final.CAB

Alright, I installed that file to see what all changes it makes and think the following should pretty well cleanup it's mess

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CBC86A61-B52C-B9FE-F270-A31E17DEBF4D}]
[-HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Windows Update]
[-HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{CBC86A61-B52C-B9FE-F270-A31E17DEBF4D}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

Yeah I believe that c-sploiter made my computer infected, there was probably a program in there that installed that ****.

Ok I did what you said now here's the log

ComboFix 08-07-05.1 - Mikey 2008-07-08 20:46:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.206 [GMT -7:00]
Running from: C:\Documents and Settings\Mikey\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mikey\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

2008-07-07 16:13 . 2008-04-22 21:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-07 16:13 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-07 16:13 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-07 16:13 . 2008-04-22 21:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-07 16:13 . 2008-04-22 21:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-07 16:13 . 2008-04-22 21:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-07 16:13 . 2008-04-22 21:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-07 16:13 . 2008-04-22 21:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-07 16:13 . 2008-04-22 00:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-07 13:33 . 2008-07-07 14:52 361,344 --a--c--- C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-07-07 12:12 . 2008-07-07 12:12 <DIR> d-------- C:\Deckard
2008-07-06 21:12 . 2004-08-04 05:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-06 21:01 . 2008-07-06 21:01 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-06 21:01 . 2008-07-06 21:01 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-06 21:01 . 2008-07-06 21:01 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-06 21:01 . 2008-07-06 21:01 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-06 20:57 . 2008-07-06 21:02 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-06 20:26 . 2008-04-13 17:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-07-06 20:25 . 2008-04-13 17:10 102,912 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-07-06 20:24 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-06 20:23 . 2008-04-13 17:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-07-06 19:50 . 2008-07-06 19:50 <DIR> d--hs---- C:\found.000
2008-07-06 19:13 . 2008-07-06 19:13 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-06 19:03 . 2005-08-09 18:35 2,639,365 --------- C:\WINDOWS\C-Sploiter-final.CAB
2008-07-06 19:03 . 2008-07-06 19:03 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-07-06 19:03 . 2008-07-06 19:03 340 --a------ C:\WINDOWS\ST6UNST.000
2008-07-06 17:24 . 2008-07-07 15:50 108,336 --a------ C:\WINDOWS\system32\mswinsck.ocx
2008-07-03 13:45 . 2008-07-03 13:45 <DIR> d-------- C:\WINDOWS\Sun
2008-06-28 20:52 . 2008-06-28 20:52 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-06-28 20:43 . 2008-06-30 16:47 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-06-28 20:41 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-26 17:31 . 2008-07-02 01:27 <DIR> d-------- C:\Program Files\Soulseek
2008-06-26 10:33 . 2008-07-07 13:33 361,344 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-06-26 10:27 . 2008-06-30 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPS
2008-06-24 17:57 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-24 17:57 . 2008-06-24 17:57 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-24 17:56 . 2008-06-24 17:56 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-24 17:56 . 2008-06-24 17:56 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-24 17:55 . 2008-06-24 17:55 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-24 17:52 . 2008-06-24 17:52 <DIR> dr-h----- C:\MSOCache
2008-06-23 17:38 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-23 17:37 . 2008-06-23 17:38 <DIR> d-------- C:\Program Files\Java
2008-06-23 17:36 . 2008-06-23 17:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-19 19:52 . 2008-06-19 19:52 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-10 21:39 . 2008-07-06 15:09 <DIR> d-------- C:\run
2008-06-10 19:48 . 2008-06-13 04:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 19:48 . 2008-06-13 04:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 19:48 . 2008-05-08 07:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 03:44 --------- d-----w C:\Documents and Settings\Mikey\Application Data\DMCache
2008-07-09 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-09 03:31 68,276 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-09 03:31 652,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-09 03:31 281,696 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-09 03:31 20,292,640 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-09 03:30 --------- d-----w C:\Documents and Settings\Mikey\Application Data\uTorrent
2008-07-08 06:12 --------- d-----w C:\Program Files\eMule
2008-07-07 21:52 361,344 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-07-06 03:42 --------- d-----w C:\Documents and Settings\Mikey\Application Data\U3
2008-07-05 07:25 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-05 03:14 --------- d-----w C:\Documents and Settings\Mikey\Application Data\dvdcss
2008-06-29 05:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-17 22:55 --------- d-----w C:\Program Files\Elaborate Bytes
2008-06-14 05:48 --------- d-----w C:\Documents and Settings\Mikey\Application Data\IDM
2008-06-14 01:00 --------- d-----w C:\Program Files\Opera
2008-06-08 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-06-07 22:13 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-07 22:10 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-07 22:10 --------- d-----w C:\Documents and Settings\Mikey\Application Data\DAEMON Tools
2008-06-06 10:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-05 19:19 --------- d-----w C:\Program Files\DVD Shrink
2008-06-05 17:25 --------- d-----w C:\Documents and Settings\Mikey\Application Data\Nero
2008-06-05 17:22 --------- d-----w C:\Program Files\Nero
2008-06-05 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-04 18:17 --------- d-----w C:\Program Files\Internet Download Manager
2008-06-04 10:02 --------- d-----w C:\Program Files\MSXML 6.0
2008-06-03 18:15 --------- d-----w C:\Program Files\madmax
2008-06-03 18:11 --------- d-----w C:\Program Files\Accessdiver
2008-06-03 02:10 --------- d-----w C:\Program Files\MSBuild
2008-06-03 01:47 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-02 05:04 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-02 03:47 --------- d-----w C:\Program Files\illiminable
2008-06-02 02:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-02 02:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-02 02:10 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-06-02 02:10 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-06-02 02:10 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-02 02:02 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-02 01:21 --------- d-----w C:\Program Files\SiS7012
2008-06-02 01:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-02 01:19 --------- d-----w C:\Documents and Settings\Mikey\Application Data\vlc
2008-06-02 01:14 --------- d-----w C:\Program Files\VideoLAN
2008-06-01 23:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-01 00:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 12:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 12:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 12:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

------- Sigcheck -------

2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-26 10:33 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\tcpip.sys
2008-07-07 14:52 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-07-07 14:52 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-07-07_15.55.48.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-07 22:48:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-09 03:31:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-08-14 01:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2007-08-14 01:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2007-08-14 01:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2007-08-14 01:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2007-08-14 01:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2007-08-14 01:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2007-08-14 01:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2007-08-14 01:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2007-08-14 00:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2007-02-12 23:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dat
+ 2007-07-11 19:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2007-08-14 01:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2007-08-14 01:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2007-08-14 01:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2007-08-14 01:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2007-08-14 01:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2007-08-14 01:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2007-08-14 01:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2007-08-14 01:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2007-08-14 01:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2007-08-14 01:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2007-08-14 01:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2007-08-14 01:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2007-08-14 01:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2007-08-14 01:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2007-08-14 01:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2007-08-14 01:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2007-08-14 01:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2007-08-14 01:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2007-08-14 01:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2007-08-14 01:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-08-14 01:39:00 123,904 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2006-09-23 20:12:50 1,022,976 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-08-14 01:42:54 17,408 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
- 2007-08-14 01:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-14 01:35:38 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-14 01:54:10 131,584 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-14 01:39:06 54,784 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-14 01:39:26 152,064 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-14 01:39:54 229,376 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-14 00:56:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-08-14 01:39:50 382,976 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-08-14 01:45:18 78,336 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2007-08-14 01:39:10 43,008 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-14 01:43:56 622,080 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:18 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-14 01:38:04 491,520 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-08-14 01:54:10 27,136 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-08-14 01:54:12 3,578,368 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-24 05:16:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-14 01:54:10 475,648 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-14 01:44:26 192,000 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-14 01:54:10 670,720 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-14 01:44:06 101,376 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-14 01:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2006-09-23 20:12:50 1,497,088 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2006-09-23 20:12:50 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2007-08-14 01:44:30 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-14 01:54:10 1,162,240 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-14 01:54:10 413,696 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-08-14 01:54:10 231,424 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-14 01:54:10 818,688 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-08-14 01:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-14 01:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-14 01:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-14 01:36:26 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-08-14 01:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-14 01:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-14 01:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-14 00:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-02-12 23:10:12 2,451,312 ------w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2007-07-11 19:27:48 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-14 01:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-14 01:54:10 6,049,280 ------w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-14 01:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-14 01:34:04 266,752 ------w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-14 01:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-14 01:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
+ 2008-07-08 06:01:19 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2007-08-14 01:54:10 458,752 ------w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-14 01:54:10 50,688 ------w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-14 01:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 05:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-14 01:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-14 01:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-14 01:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-08-14 01:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-08-14 01:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-08-14 01:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-14 01:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-14 01:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan "= "C:\Program Files\Internet Download Manager\IDMan.exe" [2008-06-01 22:36 2594224]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"NeroFilterCheck "= "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"nwiz "= "nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds "= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Documents and Settings\\Mikey\\Desktop\\utorrent.exe "=
"C:\\kav\\kav7\\setup.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2004-11-03 14:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - "G:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e70840bb-3372-11dd-99f7-0018f8ac60ac}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CBC86A61-B52C-B9FE-F270-A31E17DEBF4D}]
C:\WINDOWS\system32\ntv32.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 20:51:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-08 20:53:35
ComboFix-quarantined-files.txt 2008-07-09 03:53:30
ComboFix2.txt 2008-07-07 22:56:42

Pre-Run: 28,180,615,168 bytes free
Post-Run: 28,168,773,632 bytes free

360 --- E O F --- 2008-06-26 23:18:38

 

Hmmm, registry entry still left. Please copy the bolded command below and paste it into a command window then hit enter.

reg delete "HKLM\software\microsoft\active setup\installed components\{CBC86A61-B52C-B9FE-F270-A31E17DEBF4D}" /f

Please upload that C:\WINDOWS\C-Sploiter-final.CAB file to my submission channel for analysis. Leave a link back to this topic. Thanks!

Lets see if anything else is lurking about now. Please scan with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the Kaspersky log and a fresh HijackThis log to this topic.