Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virtumonde infection [RESOLVED]

Started by Screenager , Mar 07 2008 06:35 PM

  • This topic is locked This topic is locked

#1
Screenager
Posted 07 March 2008 - 06:35 PM

Screenager

    New Member

  • Member
  • Pip
  • 6 posts
I appear to have become infected with the Virtumonde trojan. Spybot has detected it, but is unable to remove it. I have tried removing it in safe mode but that wasn't successful either. I'm not seeing any ads, but my explorer.exe process keeps restarting, whenever I try to open control panel/my computer etc. Spybot identified a file called ssqqn.dll as being the cause of my problem (as well as a few registry entries), however I am unable to delete this file.

Neither VundoFix or Virtumundobegone have been able to fix my problem

Here is my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:35, on 07/03/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Simon\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...amp;ibd=1080130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...amp;ibd=1080130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljhih.dll,#1
O4 - HKLM\..\Run: [20fe618b] rundll32.exe "C:\Windows\system32\nsnvqegq.dll",b
O4 - HKLM\..\Run: [BM23cd5217] Rundll32.exe "C:\Windows\system32\tpjbnvsk.dll",s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\Windows\TEMP\E_SC496.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epso...rg/ESTPTest.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55E87295-D5CC-43DD-A188-14F61B78F9C5}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9543 bytes

I would appreciate any help as I have run out of ideas and am out my depth now.

Thanks.
  • 0

Advertisements

#2
Rorschach112
Posted 07 March 2008 - 07:04 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
Screenager
Posted 09 March 2008 - 08:13 AM

Screenager

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Rorschach112, thanks for the help. Sorry it has taken me so long to reply, Combofix appeared to mess around with my internet settings and it has taken me a while to get online again.

Here is my ComboFix log:

ComboFix 08-03-07.4 - Simon 2008-03-08 2:06:28.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.852 [GMT 0:00]
Running from: C:\Users\Simon\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\BM23cd5217.xml
C:\Windows\pskt.ini
C:\Windows\System32\acccf.ini
C:\Windows\System32\acccf.ini2
C:\Windows\system32\fccca.dll
C:\Windows\system32\fkoiypoy.dll
C:\Windows\system32\gebby.dll
C:\Windows\system32\gmmbwajq.dll
C:\Windows\system32\hsmhuxus.dll
C:\Windows\system32\ixfsvjul.dll
C:\Windows\System32\jaevymjn.ini
C:\Windows\system32\lbpxoqgp.dll
C:\Windows\system32\njmyveaj.dll
C:\Windows\System32\nqqss.ini
C:\Windows\System32\nqqss.ini2
C:\Windows\system32\nuqqqefh.dll
C:\Windows\system32\ssqmyisi.dll
C:\Windows\system32\ssqqn.dll
C:\Windows\system32\tflgkbon.dll
C:\Windows\system32\tpjbnvsk.dll
C:\Windows\System32\yopyiokf.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.

2008-03-08 00:19 . 2008-03-08 00:19 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-03-07 12:55 . 2008-03-07 20:32 1,670 ---hs---- C:\Windows\System32\qgeqvnsn.ini
2008-03-06 23:30 . 2008-03-06 23:44 524,288 --ahs---- C:\ntuser.dat{ffbf599e-ebd4-11dc-a916-abfabd401af3}.TMContainer00000000000000000002.regtrans-ms
2008-03-06 23:30 . 2008-03-06 23:44 524,288 --ahs---- C:\ntuser.dat{ffbf599e-ebd4-11dc-a916-abfabd401af3}.TMContainer00000000000000000001.regtrans-ms
2008-03-06 23:30 . 2008-03-06 23:44 65,536 --ahs---- C:\ntuser.dat{ffbf599e-ebd4-11dc-a916-abfabd401af3}.TM.blf
2008-03-06 21:17 . 2008-03-06 22:03 524,288 --ahs---- C:\ntuser.dat{80a9f912-eba8-11dc-b4c2-001d09366e26}.TMContainer00000000000000000002.regtrans-ms
2008-03-06 21:17 . 2008-03-06 22:03 524,288 --ahs---- C:\ntuser.dat{80a9f912-eba8-11dc-b4c2-001d09366e26}.TMContainer00000000000000000001.regtrans-ms
2008-03-06 21:17 . 2008-03-06 22:03 65,536 --ahs---- C:\ntuser.dat{80a9f912-eba8-11dc-b4c2-001d09366e26}.TM.blf
2008-03-06 17:28 . 2008-03-07 14:07 <DIR> d-------- C:\VundoFix Backups
2008-03-06 17:24 . 2008-03-06 23:44 262,144 --a------ C:\ntuser.dat
2008-03-06 17:24 . 2008-03-06 23:44 5,120 --ah----- C:\ntuser.dat.LOG1
2008-03-06 17:24 . 2008-03-06 21:17 0 --ah----- C:\ntuser.dat.LOG2
2008-03-06 16:13 . 2008-03-06 22:03 240 --a------ C:\Windows\wininit.ini
2008-03-06 15:28 . 2008-03-06 16:26 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-03-06 15:28 . 2008-03-06 15:28 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-06 15:17 . 2008-03-06 15:17 <DIR> d-------- C:\Program Files\CCleaner
2008-03-05 17:56 . 2008-03-05 18:06 <DIR> d-------- C:\Users\Simon\AppData\Roaming\ImgBurn
2008-03-05 17:41 . 2008-03-05 17:41 <DIR> d-------- C:\Program Files\ImgBurn
2008-03-05 10:11 . 2008-03-05 10:11 <DIR> d-------- C:\Program Files\MagicISO
2008-02-28 12:47 . 2008-02-28 12:47 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-02-26 20:24 . 2007-12-26 20:02 164,400 --a------ C:\Windows\System32\drivers\Apfiltr.sys
2008-02-25 13:48 . 2008-03-08 00:10 23 --a------ C:\Windows\BlendSettings.ini
2008-02-25 13:34 . 2008-02-25 13:34 <DIR> d-------- C:\Program Files\Oldblivion
2008-02-25 12:42 . 2008-02-25 12:42 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-02-19 23:09 . 2008-02-19 23:09 <DIR> d-------- C:\Program Files\Bluetack
2008-02-19 00:26 . 2008-02-19 00:26 <DIR> d-------- C:\Windows\System32\Epson
2008-02-18 16:36 . 2008-02-18 16:40 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-02-17 19:37 . 2008-02-17 22:03 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-02-17 19:37 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-02-17 19:36 . 2008-02-17 19:36 <DIR> d-------- C:\Windows\System32\AGEIA
2008-02-17 19:36 . 2008-02-17 19:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 19:36 . 2008-02-17 19:36 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-02-17 17:21 . 2006-12-08 02:04 76,800 --a------ C:\Windows\System32\E_FLBBZE.DLL
2008-02-17 17:21 . 2006-04-19 02:00 62,976 --a------ C:\Windows\System32\E_FD4BBZE.DLL
2008-02-17 17:21 . 2004-09-10 20:12 49,152 --a------ C:\Windows\System32\E_DCINST.DLL
2008-02-17 17:20 . 2008-02-17 17:24 <DIR> d-------- C:\ProgramData\EPSON
2008-02-17 17:20 . 2008-02-17 17:20 <DIR> d-------- C:\Program Files\EPSON
2008-02-17 17:11 . 2008-02-17 17:11 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-17 17:10 . 2008-02-17 17:10 <DIR> d-------- C:\Program Files\Real
2008-02-17 17:10 . 2008-02-17 17:11 <DIR> d-------- C:\Program Files\Common Files\Real
2008-02-15 01:23 . 2008-02-17 20:16 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
2008-02-14 14:41 . 2008-02-14 14:41 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-02-13 20:39 . 2008-02-13 20:39 <DIR> d-------- C:\Program Files\EA Games
2008-02-12 15:59 . 2008-02-12 15:59 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-02-11 20:51 . 2008-02-11 20:51 <DIR> d-------- C:\PerfLogs
2008-02-11 20:17 . 2008-02-11 19:30 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-02-11 20:17 . 2008-02-11 19:30 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-02-11 20:00 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-02-11 20:00 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-02-11 19:57 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-02-11 19:56 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-02-11 19:55 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-02-11 19:49 . 2008-01-18 23:33 5,714,432 --a------ C:\Windows\System32\logon.scr
2008-02-11 19:47 . 2008-01-18 23:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-02-11 19:46 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-02-11 19:43 . 2008-01-18 23:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll
2008-02-11 19:35 . 2007-12-06 04:04 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-02-11 19:32 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-02-11 19:30 . 2008-02-11 20:20 196,608 --a------ C:\Windows\SPInstall.etl
2008-02-11 01:26 . 2008-02-11 01:26 <DIR> d-------- C:\Program Files\MCQ Questions
2008-02-11 01:26 . 1999-03-11 20:47 1,037,312 --a------ C:\Windows\System32\MSJET35.DLL
2008-02-11 01:26 . 1999-03-11 20:47 404,240 --a------ C:\Windows\System32\MsRepl35.dll
2008-02-11 01:26 . 1999-03-11 20:47 251,664 --a------ C:\Windows\System32\MSRD2x35.dll
2008-02-11 01:26 . 1999-03-11 20:47 121,104 --a------ C:\Windows\System32\MSJInt35.dll
2008-02-11 01:26 . 1999-03-11 20:47 78,608 --a------ C:\Windows\System32\VB5DB.dll
2008-02-11 01:26 . 1999-03-11 20:47 77,824 --a------ C:\Windows\System32\ODBCTL32.dll
2008-02-11 01:26 . 1999-03-11 20:47 24,336 --a------ C:\Windows\System32\MSJtEr35.dll
2008-02-11 01:25 . 1999-03-11 20:47 1,347,344 --a------ C:\Windows\System32\MSVBVM50.dll
2008-02-11 01:25 . 1999-03-11 20:47 71,680 --a------ C:\Windows\ST5UNST.EXE
2008-02-11 01:25 . 1999-03-11 20:47 29,696 --a------ C:\Windows\System32\VB5StKit.dll
2008-02-10 22:59 . 2008-02-13 03:12 <DIR> d-------- C:\Users\Simon\AppData\Roaming\Vso
2008-02-10 22:59 . 2008-02-13 03:10 <DIR> d-------- C:\Program Files\VSO Convert Xto DVD
2008-02-10 22:59 . 2008-02-10 22:59 <DIR> d-------- C:\Program Files\VSO
2008-02-10 22:59 . 2004-05-04 11:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-02-10 22:59 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-02-10 22:59 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-02-10 22:59 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-02-10 22:59 . 2008-02-10 22:59 87,608 --a------ C:\Users\Simon\AppData\Roaming\inst.exe
2008-02-10 22:59 . 2007-03-18 20:37 65,602 --a------ C:\Windows\System32\cook3260.dll
2008-02-10 22:59 . 2008-02-10 22:59 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-02-10 22:59 . 2008-02-10 22:59 47,360 --a------ C:\Users\Simon\AppData\Roaming\pcouffin.sys
2008-02-10 22:53 . 2008-02-10 22:53 43,698 --a------ C:\Windows\System32\xvid-uninstall.exe
2008-02-10 22:52 . 2008-02-10 22:52 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-02-10 22:51 . 2008-02-10 22:51 <DIR> d-------- C:\Program Files\Gabest
2008-02-10 22:51 . 2008-02-10 22:53 <DIR> d-------- C:\Program Files\AutoGK
2008-02-10 22:46 . 2008-02-10 22:46 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-02-09 17:48 . 2003-06-12 23:25 7,062 --a------ C:\Windows\System32\audiopid.vxd
2008-02-09 17:32 . 2008-02-09 17:32 <DIR> d-------- C:\Program Files\Legacy Interactive
2008-02-09 17:07 . 2008-02-09 17:07 417,792 --a------ C:\Windows\System32\awrdscdc.ax
2008-02-09 17:07 . 2006-10-05 22:17 53,248 --------- C:\Windows\Ctregrun.exe
2008-02-09 17:07 . 2001-08-17 22:43 24,576 --------- C:\Windows\System32\msxml3a.dll
2008-02-09 17:06 . 2008-02-09 17:06 <DIR> d-------- C:\Users\Simon\New Folder
2008-02-09 17:05 . 2008-02-09 17:47 <DIR> d-------- C:\ProgramData\Creative
2008-02-09 17:03 . 2008-02-12 16:09 <DIR> d--h----- C:\Program Files\Creative Installation Information
2008-02-09 17:03 . 2008-02-09 17:03 <DIR> d-------- C:\Program Files\Common Files\Creative
2008-02-09 17:01 . 2008-02-12 16:22 <DIR> d-------- C:\Program Files\Creative ZEN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 02:11 --------- d-----w C:\Users\Simon\AppData\Roaming\uTorrent
2008-03-06 23:52 --------- d-----w C:\Program Files\Unlocker
2008-03-06 13:10 --------- d-----w C:\Program Files\McAfee
2008-02-27 18:54 --------- d-----w C:\Program Files\IsoBuster
2008-02-27 13:22 --------- d-----w C:\Program Files\DellTPad
2008-02-26 20:14 --------- d-----w C:\ProgramData\Dell
2008-02-25 12:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 14:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 17:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-12 16:22 --------- d-----w C:\Program Files\Creative
2008-02-11 21:05 174 --sha-w C:\Program Files\desktop.ini
2008-02-11 20:55 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-11 20:55 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-02-11 20:55 --------- d-----w C:\Program Files\Windows Mail
2008-02-11 20:55 --------- d-----w C:\Program Files\Windows Journal
2008-02-11 20:55 --------- d-----w C:\Program Files\Windows Defender
2008-02-11 20:55 --------- d-----w C:\Program Files\Windows Collaboration
2008-02-11 20:55 --------- d-----w C:\Program Files\Windows Calendar
2008-02-11 20:29 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-02-11 20:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-02-09 17:39 --------- d-----w C:\Users\Simon\AppData\Roaming\Creative
2008-02-02 23:32 --------- d-----w C:\Users\Simon\AppData\Roaming\DAEMON Tools
2008-02-02 23:32 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-02-02 23:27 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-02-02 19:14 --------- d-----w C:\ProgramData\FLEXnet
2008-02-02 15:10 --------- d-----w C:\Users\Simon\AppData\Roaming\TVU Networks
2008-02-02 14:56 --------- d-----w C:\Program Files\TVUPlayer
2008-02-01 19:20 --------- d-----w C:\Program Files\UltraISO
2008-02-01 19:20 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-02-01 18:41 --------- d-----w C:\Program Files\SEGA
2008-02-01 18:35 737,280 ----a-w C:\Windows\iun6002.exe
2008-02-01 17:27 --------- d-----w C:\Program Files\TVAnts
2008-02-01 17:12 --------- d-----w C:\Program Files\SopCast
2008-02-01 17:07 --------- d-----w C:\Users\Simon\AppData\Roaming\SopCast
2008-02-01 00:24 --------- d-----w C:\Users\Simon\AppData\Roaming\Media Player Classic
2008-01-31 23:54 --------- d-----w C:\Program Files\Nero
2008-01-31 23:54 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-31 22:54 --------- d-----w C:\Users\Simon\AppData\Roaming\Roxio
2008-01-31 22:47 --------- d-----w C:\Program Files\Microsoft Works
2008-01-31 22:43 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-31 22:33 --------- d-----w C:\Program Files\[bleep] NFO Viewer
2008-01-31 22:32 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-31 20:34 --------- d-----w C:\Program Files\uTorrent
2008-01-31 20:13 --------- d-----w C:\Program Files\MozBackup
2008-01-31 20:03 --------- d-----w C:\Program Files\Windows Live
2008-01-31 20:02 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-31 19:55 --------- d-----w C:\ProgramData\WLInstaller
2008-01-31 18:53 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-31 18:44 --------- d-----w C:\Users\Simon\AppData\Roaming\Talkback
2008-01-31 17:13 --------- d-sh--w C:\ProgramData\Templates
2008-01-31 17:13 --------- d-sh--w C:\ProgramData\Start Menu
2008-01-31 17:13 --------- d-sh--w C:\ProgramData\Favorites
2008-01-31 17:13 --------- d-sh--w C:\ProgramData\Documents
2008-01-31 17:13 --------- d-sh--w C:\ProgramData\Desktop
2008-01-31 17:13 --------- d-sh--w C:\ProgramData\Application Data
2008-01-30 08:12 25,784 ------w C:\Windows\system32\drivers\msahci.sys
2008-01-30 08:12 20,152 ------w C:\Windows\system32\drivers\viaide.sys
2008-01-30 08:12 19,128 ------w C:\Windows\system32\drivers\cmdide.sys
2008-01-30 08:12 18,104 ------w C:\Windows\system32\drivers\amdide.sys
2008-01-30 08:12 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-01-30 08:12 17,592 ------w C:\Windows\system32\drivers\aliide.sys
2008-01-30 08:05 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys
2008-01-30 07:58 58,472 ------w C:\Windows\system32\drivers\ULIAGPKX.SYS
2008-01-30 07:58 54,888 ------w C:\Windows\system32\drivers\AMDAGP.SYS
2008-01-30 07:58 54,376 ------w C:\Windows\system32\drivers\VIAAGP.SYS
2008-01-30 07:58 53,864 ------w C:\Windows\system32\drivers\AGP440.sys
2008-01-30 07:58 53,352 ------w C:\Windows\system32\drivers\SISAGP.SYS
2008-01-30 07:58 47,208 ------w C:\Windows\system32\drivers\isapnp.sys
2008-01-30 07:58 242,688 ------w C:\Windows\system32\drivers\rdpdr.sys
2008-01-30 07:58 106,600 ------w C:\Windows\system32\drivers\NV_AGP.SYS
2008-01-30 07:54 4,480 ----a-w C:\Windows\system32\drivers\1028_Dell_INS_1525.mrk
2008-01-30 00:57 --------- d-----w C:\ProgramData\Roxio
2008-01-30 00:54 --------- d-----w C:\Program Files\Tiscali
2008-01-30 00:54 --------- d-----w C:\Program Files\Dell
2008-01-30 00:52 --------- d-----w C:\Program Files\CyberLink
2008-01-30 00:51 --------- d-----w C:\ProgramData\CyberLink
2008-01-30 00:50 --------- d-----w C:\ProgramData\SupportSoft
2008-01-30 00:50 --------- d-----w C:\Program Files\Dell Support Center
2008-01-30 00:50 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-30 00:48 --------- d-----w C:\ProgramData\McAfee
2008-01-30 00:47 --------- d-----w C:\Program Files\McAfee.com
2008-01-30 00:47 --------- d-----w C:\Program Files\Google
2008-01-30 00:47 --------- d-----w C:\Program Files\Common Files\McAfee
2008-01-30 00:44 --------- d-----w C:\Program Files\Roxio
2008-01-30 00:44 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-01-30 00:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-30 00:41 --------- d-----w C:\ProgramData\Sonic
2008-01-30 00:41 --------- d-----w C:\ProgramData\InstallShield
2008-01-30 00:41 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-01-30 00:41 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-30 00:40 --------- d-----w C:\Program Files\Intel
2008-01-30 00:34 --------- d-----w C:\Program Files\Creative Live! Cam
2008-01-30 00:34 --------- d-----w C:\Program Files\Common Files\Reallusion
2008-01-30 00:33 --------- d-----w C:\Program Files\Digital Line Detect
2008-01-30 00:32 --------- d-----w C:\Program Files\NetWaiting
2008-01-30 00:31 --------- d-----w C:\Program Files\Modem Diagnostic Tool
2008-01-30 00:31 --------- d-----w C:\Program Files\Java
2008-01-30 00:31 --------- d-----w C:\Program Files\Common Files\Java
2008-01-30 00:18 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-01-30 00:18 --------- d-----w C:\Program Files\Sigmatel
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"EPSON Stylus D92 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.exe" [2006-09-27 04:00 139264]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 16:51 486856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 06:03 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-10-25 13:31 167936]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-12-15 03:54 137752]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-12-15 03:53 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-12-15 03:53 133656]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-01-30 00:31 77824]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-30 00:47 1838592]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 15:39 189736]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 11:07 405504]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/30/2008 12:33:02 AM 50688]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [9/7/2007 4:27:08 PM 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-08 11:06 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-07-17 11:03 868352 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 16:51 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--------- 2007-07-27 16:43 118784 C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-10-03 11:35 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-10-03 11:37 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
--a------ 2008-02-17 17:10 69632 C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
--a------ 2007-08-28 05:51 36864 C:\Windows\OEM02Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-11-05 11:22 221184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72E8BD29-1412-4681-A7CC-ADE992949990}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent|Desc=McAfee Network Agent
"{52A11DD9-3D0A-431A-AB85-9DEDF7946994}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect|Desc=Dell MediaDirect
"{0450BE48-9CC0-4911-84C2-BA3737D8A264}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program|Desc=CyberLink PowerCinema Resident Program
"{5AAB7E1E-BBE7-4236-8044-0C5B7126889A}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine|Desc=Cyberlink Media Server Browser Engine
"{69158F8F-8CE3-4EE5-8519-53F54E201DB3}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server|Desc=CyberLink Media Server
"{2287B5E4-6D10-4531-864C-469F5D845C9C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{808DD07E-959E-4C4F-9FEE-0AE8330C4F1F}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{156388F3-B31F-41E8-B023-29693E3FE999}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{E333E074-2F79-4F29-B507-5E4287E12F9D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{EDFA9BFB-739C-44D8-8BBB-E64A06AE6495}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2FC51C5F-B13F-4CC1-B4BB-622FF51F8D3D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 11:07]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 00:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-12-15 03:53]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-12-15 03:54]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 08:12]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 05:51]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 05:51]
R3 ProtoWall;ProtoWall Network Service;C:\Windows\system32\DRIVERS\ProtoWall.sys [2006-01-02 04:20]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 05:31]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 07:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2520a55-d1e6-11dc-b87d-001d09366e26}]
\shell\AutoRun\command - F:\OblivionLauncher.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 01:00:00 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 00:59:59 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 02:13:37
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\system32\CISVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2008-03-08 2:18:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-08 02:18:29
.
2008-03-05 21:53:15 --- E O F ---


And here is my new Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:21, on 09/03/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Simon\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...amp;ibd=1080130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\Windows\TEMP\E_SC496.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epso...rg/ESTPTest.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9610 bytes
  • 0

#4
Rorschach112
Posted 09 March 2008 - 12:59 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\System32\qgeqvnsn.ini
C:\Windows\System32\cbsra.exe
F:\OblivionLauncher.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2520a55-d1e6-11dc-b87d-001d09366e26}]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#5
Screenager
Posted 09 March 2008 - 03:38 PM

Screenager

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok, here is my combofix log:
ComboFix 08-03-07.4 - Simon 2008-03-09 20:29:26.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.941 [GMT 0:00]
Running from: C:\Users\Simon\Desktop\ComboFix.exe
Command switches used :: C:\Users\Simon\Desktop\CFscript.txt
* Created a new restore point

FILE ::
C:\Windows\System32\cbsra.exe
C:\Windows\System32\qgeqvnsn.ini
F:\OblivionLauncher.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Simon\AppData\Roaming\inst.exe
C:\Windows\System32\qgeqvnsn.ini
F:\OblivionLauncher.exe
C:\Windows\System32\cbsra.exe . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-08 00:19 . 2008-03-08 00:19 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-03-06 23:30 . 2008-03-06 23:44 524,288 --ahs---- C:\ntuser.dat{ffbf599e-ebd4-11dc-a916-abfabd401af3}.TMContainer00000000000000000002.regtrans-ms
2008-03-06 23:30 . 2008-03-06 23:44 524,288 --ahs---- C:\ntuser.dat{ffbf599e-ebd4-11dc-a916-abfabd401af3}.TMContainer00000000000000000001.regtrans-ms
2008-03-06 23:30 . 2008-03-06 23:44 65,536 --ahs---- C:\ntuser.dat{ffbf599e-ebd4-11dc-a916-abfabd401af3}.TM.blf
2008-03-06 21:17 . 2008-03-06 22:03 524,288 --ahs---- C:\ntuser.dat{80a9f912-eba8-11dc-b4c2-001d09366e26}.TMContainer00000000000000000002.regtrans-ms
2008-03-06 21:17 . 2008-03-06 22:03 524,288 --ahs---- C:\ntuser.dat{80a9f912-eba8-11dc-b4c2-001d09366e26}.TMContainer00000000000000000001.regtrans-ms
2008-03-06 21:17 . 2008-03-06 22:03 65,536 --ahs---- C:\ntuser.dat{80a9f912-eba8-11dc-b4c2-001d09366e26}.TM.blf
2008-03-06 17:28 . 2008-03-07 14:07 <DIR> d-------- C:\VundoFix Backups
2008-03-06 17:24 . 2008-03-06 23:44 262,144 --a------ C:\ntuser.dat
2008-03-06 17:24 . 2008-03-06 23:44 5,120 --ah----- C:\ntuser.dat.LOG1
2008-03-06 17:24 . 2008-03-06 21:17 0 --ah----- C:\ntuser.dat.LOG2
2008-03-06 16:13 . 2008-03-06 22:03 240 --a------ C:\Windows\wininit.ini
2008-03-06 15:28 . 2008-03-06 16:26 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-03-06 15:28 . 2008-03-06 15:28 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-06 15:17 . 2008-03-06 15:17 <DIR> d-------- C:\Program Files\CCleaner
2008-03-05 17:56 . 2008-03-05 18:06 <DIR> d-------- C:\Users\Simon\AppData\Roaming\ImgBurn
2008-03-05 17:41 . 2008-03-05 17:41 <DIR> d-------- C:\Program Files\ImgBurn
2008-03-05 10:11 . 2008-03-05 10:11 <DIR> d-------- C:\Program Files\MagicISO
2008-02-28 12:47 . 2008-02-28 12:47 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-02-26 20:24 . 2007-12-26 20:02 164,400 --a------ C:\Windows\System32\drivers\Apfiltr.sys
2008-02-25 13:48 . 2008-03-08 00:10 23 --a------ C:\Windows\BlendSettings.ini
2008-02-25 13:34 . 2008-02-25 13:34 <DIR> d-------- C:\Program Files\Oldblivion
2008-02-25 12:42 . 2008-02-25 12:42 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-02-19 23:09 . 2008-02-19 23:09 <DIR> d-------- C:\Program Files\Bluetack
2008-02-19 00:26 . 2008-02-19 00:26 <DIR> d-------- C:\Windows\System32\Epson
2008-02-18 16:36 . 2008-02-18 16:40 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-02-17 19:37 . 2008-02-17 22:03 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-02-17 19:37 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-02-17 19:36 . 2008-02-17 19:36 <DIR> d-------- C:\Windows\System32\AGEIA
2008-02-17 19:36 . 2008-02-17 19:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 19:36 . 2008-02-17 19:36 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-02-17 17:21 . 2006-12-08 02:04 76,800 --a------ C:\Windows\System32\E_FLBBZE.DLL
2008-02-17 17:21 . 2006-04-19 02:00 62,976 --a------ C:\Windows\System32\E_FD4BBZE.DLL
2008-02-17 17:21 . 2004-09-10 20:12 49,152 --a------ C:\Windows\System32\E_DCINST.DLL
2008-02-17 17:20 . 2008-02-17 17:24 <DIR> d-------- C:\ProgramData\EPSON
2008-02-17 17:20 . 2008-02-17 17:20 <DIR> d-------- C:\Program Files\EPSON
2008-02-17 17:11 . 2008-02-17 17:11 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-17 17:10 . 2008-02-17 17:10 <DIR> d-------- C:\Program Files\Real
2008-02-17 17:10 . 2008-02-17 17:11 <DIR> d-------- C:\Program Files\Common Files\Real
2008-02-15 01:23 . 2008-02-17 20:16 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
2008-02-14 14:41 . 2008-02-14 14:41 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-02-13 20:39 . 2008-02-13 20:39 <DIR> d-------- C:\Program Files\EA Games
2008-02-12 15:59 . 2008-02-12 15:59 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-02-11 20:51 . 2008-02-11 20:51 <DIR> d-------- C:\PerfLogs
2008-02-11 20:17 . 2008-02-11 19:30 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-02-11 20:17 . 2008-02-11 19:30 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-02-11 20:00 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-02-11 20:00 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-02-11 19:57 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-02-11 19:56 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-02-11 19:55 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-02-11 19:49 . 2008-01-18 23:33 5,714,432 --a------ C:\Windows\System32\logon.scr
2008-02-11 19:47 . 2008-01-18 23:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-02-11 19:46 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-02-11 19:43 . 2008-01-18 23:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll
2008-02-11 19:35 . 2007-12-06 04:04 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-02-11 19:32 . 2008-03-09 20:32 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-02-11 19:30 . 2008-02-11 20:20 196,608 --a------ C:\Windows\SPInstall.etl
2008-02-11 01:26 . 2008-02-11 01:26 <DIR> d-------- C:\Program Files\MCQ Questions
2008-02-11 01:26 . 1999-03-11 20:47 1,037,312 --a------ C:\Windows\System32\MSJET35.DLL
2008-02-11 01:26 . 1999-03-11 20:47 404,240 --a------ C:\Windows\System32\MsRepl35.dll
2008-02-11 01:26 . 1999-03-11 20:47 251,664 --a------ C:\Windows\System32\MSRD2x35.dll
2008-02-11 01:26 . 1999-03-11 20:47 121,104 --a------ C:\Windows\System32\MSJInt35.dll
2008-02-11 01:26 . 1999-03-11 20:47 78,608 --a------ C:\Windows\System32\VB5DB.dll
2008-02-11 01:26 . 1999-03-11 20:47 77,824 --a------ C:\Windows\System32\ODBCTL32.dll
2008-02-11 01:26 . 1999-03-11 20:47 24,336 --a------ C:\Windows\System32\MSJtEr35.dll
2008-02-11 01:25 . 1999-03-11 20:47 1,347,344 --a------ C:\Windows\System32\MSVBVM50.dll
2008-02-11 01:25 . 1999-03-11 20:47 71,680 --a------ C:\Windows\ST5UNST.EXE
2008-02-11 01:25 . 1999-03-11 20:47 29,696 --a------ C:\Windows\System32\VB5StKit.dll
2008-02-10 22:59 . 2008-02-13 03:12 <DIR> d-------- C:\Users\Simon\AppData\Roaming\Vso
2008-02-10 22:59 . 2008-02-13 03:10 <DIR> d-------- C:\Program Files\VSO Convert Xto DVD
2008-02-10 22:59 . 2008-02-10 22:59 <DIR> d-------- C:\Program Files\VSO
2008-02-10 22:59 . 2004-05-04 11:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-02-10 22:59 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-02-10 22:59 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-02-10 22:59 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-02-10 22:59 . 2007-03-18 20:37 65,602 --a------ C:\Windows\System32\cook3260.dll
2008-02-10 22:59 . 2008-02-10 22:59 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-02-10 22:59 . 2008-02-10 22:59 47,360 --a------ C:\Users\Simon\AppData\Roaming\pcouffin.sys
2008-02-10 22:53 . 2008-02-10 22:53 43,698 --a------ C:\Windows\System32\xvid-uninstall.exe
2008-02-10 22:52 . 2008-02-10 22:52 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-02-10 22:51 . 2008-02-10 22:51 <DIR> d-------- C:\Program Files\Gabest
2008-02-10 22:51 . 2008-02-10 22:53 <DIR> d-------- C:\Program Files\AutoGK
2008-02-10 22:46 . 2008-02-10 22:46 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-02-09 17:48 . 2003-06-12 23:25 7,062 --a------ C:\Windows\System32\audiopid.vxd
2008-02-09 17:32 . 2008-02-09 17:32 <DIR> d-------- C:\Program Files\Legacy Interactive
2008-02-09 17:07 . 2008-02-09 17:07 417,792 --a------ C:\Windows\System32\awrdscdc.ax
2008-02-09 17:07 . 2006-10-05 22:17 53,248 --------- C:\Windows\Ctregrun.exe
2008-02-09 17:07 . 2001-08-17 22:43 24,576 --------- C:\Windows\System32\msxml3a.dll
2008-02-09 17:06 . 2008-02-09 17:06 <DIR> d-------- C:\Users\Simon\New Folder
2008-02-09 17:05 . 2008-02-09 17:47 <DIR> d-------- C:\ProgramData\Creative
2008-02-09 17:03 . 2008-02-12 16:09 <DIR> d--h----- C:\Program Files\Creative Installation Information
2008-02-09 17:03 . 2008-02-09 17:03 <DIR> d-------- C:\Program Files\Common Files\Creative
2008-02-09 17:01 . 2008-02-12 16:22 <DIR> d-------- C:\Program Files\Creative ZEN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 02:11 --------- d-----w C:\Users\Simon\AppData\Roaming\uTorrent
2008-03-06 23:52 --------- d-----w C:\Program Files\Unlocker
2008-03-06 13:10 --------- d-----w C:\Program Files\McAfee
2008-02-27 18:54 --------- d-----w C:\Program Files\IsoBuster
2008-02-27 13:22 --------- d-----w C:\Program Files\DellTPad
2008-02-26 20:14 --------- d-----w C:\ProgramData\Dell
2008-02-25 12:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 14:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 17:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-12 16:22 --------- d-----w C:\Program Files\Creative
2008-02-11 21:05 174 --sha-w C:\Program Files\desktop.ini
2008-02-11 20:55 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-11 20:55 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-02-11 20:55 --------- d-----w C:\Program Files\Windows Mail
2008-02-11 20:55 --------- d-----w C:\Program Files\Windows Journal
2008-02-11 20:55 --------- d-----w C:\Program Files\Windows Defender
2008-02-11 20:55 --------- d-----w C:\Program Files\Windows Collaboration
2008-02-11 20:55 --------- d-----w C:\Program Files\Windows Calendar
2008-02-11 20:29 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-02-11 20:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-02-09 17:39 --------- d-----w C:\Users\Simon\AppData\Roaming\Creative
2008-02-02 23:32 --------- d-----w C:\Users\Simon\AppData\Roaming\DAEMON Tools
2008-02-02 23:32 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-02-02 23:27 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-02-02 19:14 --------- d-----w C:\ProgramData\FLEXnet
2008-02-02 15:10 --------- d-----w C:\Users\Simon\AppData\Roaming\TVU Networks
2008-02-02 14:56 --------- d-----w C:\Program Files\TVUPlayer
2008-02-01 19:20 --------- d-----w C:\Program Files\UltraISO
2008-02-01 19:20 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-02-01 18:41 --------- d-----w C:\Program Files\SEGA
2008-02-01 18:35 737,280 ----a-w C:\Windows\iun6002.exe
2008-02-01 17:27 --------- d-----w C:\Program Files\TVAnts
2008-02-01 17:12 --------- d-----w C:\Program Files\SopCast
2008-02-01 17:07 --------- d-----w C:\Users\Simon\AppData\Roaming\SopCast
2008-02-01 00:24 --------- d-----w C:\Users\Simon\AppData\Roaming\Media Player Classic
2008-01-31 23:54 --------- d-----w C:\Program Files\Nero
2008-01-31 23:54 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-31 22:54 --------- d-----w C:\Users\Simon\AppData\Roaming\Roxio
2008-01-31 22:47 --------- d-----w C:\Program Files\Microsoft Works
2008-01-31 22:43 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-31 22:33 --------- d-----w C:\Program Files\[bleep] NFO Viewer
2008-01-31 22:32 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-31 20:34 --------- d-----w C:\Program Files\uTorrent
2008-01-31 20:13 --------- d-----w C:\Program Files\MozBackup
2008-01-31 20:03 --------- d-----w C:\Program Files\Windows Live
2008-01-31 20:02 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-31 19:55 --------- d-----w C:\ProgramData\WLInstaller
2008-01-31 18:53 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-31 18:44 --------- d-----w C:\Users\Simon\AppData\Roaming\Talkback
2008-01-31 17:13 --------- d-sh--w C:\ProgramData\Templates
2008-01-31 17:13 --------- d-sh--w C:\ProgramData\Start Menu
2008-01-31 17:13 --------- d-sh--w C:\ProgramData\Favorites
2008-01-31 17:13 --------- d-sh--w C:\ProgramData\Documents
2008-01-31 17:13 --------- d-sh--w C:\ProgramData\Desktop
2008-01-31 17:13 --------- d-sh--w C:\ProgramData\Application Data
2008-01-30 08:12 25,784 ------w C:\Windows\system32\drivers\msahci.sys
2008-01-30 08:12 20,152 ------w C:\Windows\system32\drivers\viaide.sys
2008-01-30 08:12 19,128 ------w C:\Windows\system32\drivers\cmdide.sys
2008-01-30 08:12 18,104 ------w C:\Windows\system32\drivers\amdide.sys
2008-01-30 08:12 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-01-30 08:12 17,592 ------w C:\Windows\system32\drivers\aliide.sys
2008-01-30 08:05 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys
2008-01-30 07:58 58,472 ------w C:\Windows\system32\drivers\ULIAGPKX.SYS
2008-01-30 07:58 54,888 ------w C:\Windows\system32\drivers\AMDAGP.SYS
2008-01-30 07:58 54,376 ------w C:\Windows\system32\drivers\VIAAGP.SYS
2008-01-30 07:58 53,864 ------w C:\Windows\system32\drivers\AGP440.sys
2008-01-30 07:58 53,352 ------w C:\Windows\system32\drivers\SISAGP.SYS
2008-01-30 07:58 47,208 ------w C:\Windows\system32\drivers\isapnp.sys
2008-01-30 07:58 242,688 ------w C:\Windows\system32\drivers\rdpdr.sys
2008-01-30 07:58 106,600 ------w C:\Windows\system32\drivers\NV_AGP.SYS
2008-01-30 07:54 4,480 ----a-w C:\Windows\system32\drivers\1028_Dell_INS_1525.mrk
2008-01-30 00:57 --------- d-----w C:\ProgramData\Roxio
2008-01-30 00:54 --------- d-----w C:\Program Files\Tiscali
2008-01-30 00:54 --------- d-----w C:\Program Files\Dell
2008-01-30 00:52 --------- d-----w C:\Program Files\CyberLink
2008-01-30 00:51 --------- d-----w C:\ProgramData\CyberLink
2008-01-30 00:50 --------- d-----w C:\ProgramData\SupportSoft
2008-01-30 00:50 --------- d-----w C:\Program Files\Dell Support Center
2008-01-30 00:50 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-30 00:48 --------- d-----w C:\ProgramData\McAfee
2008-01-30 00:47 --------- d-----w C:\Program Files\McAfee.com
2008-01-30 00:47 --------- d-----w C:\Program Files\Google
2008-01-30 00:47 --------- d-----w C:\Program Files\Common Files\McAfee
2008-01-30 00:44 --------- d-----w C:\Program Files\Roxio
2008-01-30 00:44 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-01-30 00:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-30 00:41 --------- d-----w C:\ProgramData\Sonic
2008-01-30 00:41 --------- d-----w C:\ProgramData\InstallShield
2008-01-30 00:41 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-01-30 00:41 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-30 00:40 --------- d-----w C:\Program Files\Intel
2008-01-30 00:34 --------- d-----w C:\Program Files\Creative Live! Cam
2008-01-30 00:34 --------- d-----w C:\Program Files\Common Files\Reallusion
2008-01-30 00:33 --------- d-----w C:\Program Files\Digital Line Detect
2008-01-30 00:32 --------- d-----w C:\Program Files\NetWaiting
2008-01-30 00:31 --------- d-----w C:\Program Files\Modem Diagnostic Tool
2008-01-30 00:31 --------- d-----w C:\Program Files\Java
2008-01-30 00:31 --------- d-----w C:\Program Files\Common Files\Java
2008-01-30 00:18 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-01-30 00:18 --------- d-----w C:\Program Files\Sigmatel
.

((((((((((((((((((((((((((((( snapshot@2008-03-08_ 2.17.58.94 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-08 02:12:55 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-09 20:34:19 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-03-08 02:13:23 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-09 20:34:48 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-09 20:34:48 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-03-08 02:13:23 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-09 20:34:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-09 20:34:48 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-08 02:13:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-09 20:34:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-08 02:13:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-09 20:34:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-08 02:13:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-09 20:34:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-08 00:28:33 107,966 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-09 14:02:16 107,966 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-08 00:28:33 605,792 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-09 14:02:16 605,792 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-08 00:27:16 6,364 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1649942046-2699060810-2164943762-1000_UserData.bin
+ 2008-03-09 13:59:48 6,666 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1649942046-2699060810-2164943762-1000_UserData.bin
- 2008-03-08 00:27:14 65,204 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-09 13:59:48 65,560 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-07 12:44:48 37,792 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-09 13:59:45 38,678 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-03-03 13:10:06 66,588 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-03-09 17:32:41 93,254 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-02-25 17:05:53 141,526 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-03-09 20:19:37 164,690 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"EPSON Stylus D92 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.exe" [2006-09-27 04:00 139264]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 16:51 486856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 06:03 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-10-25 13:31 167936]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-12-15 03:54 137752]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-12-15 03:53 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-12-15 03:53 133656]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-01-30 00:31 77824]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-30 00:47 1838592]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 15:39 189736]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 11:07 405504]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/30/2008 12:33:02 AM 50688]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [9/7/2007 4:27:08 PM 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-08 11:06 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-07-17 11:03 868352 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 16:51 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--------- 2007-07-27 16:43 118784 C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-10-03 11:35 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-10-03 11:37 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
--a------ 2008-02-17 17:10 69632 C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
--a------ 2007-08-28 05:51 36864 C:\Windows\OEM02Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-11-05 11:22 221184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72E8BD29-1412-4681-A7CC-ADE992949990}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent|Desc=McAfee Network Agent
"{52A11DD9-3D0A-431A-AB85-9DEDF7946994}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect|Desc=Dell MediaDirect
"{0450BE48-9CC0-4911-84C2-BA3737D8A264}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program|Desc=CyberLink PowerCinema Resident Program
"{5AAB7E1E-BBE7-4236-8044-0C5B7126889A}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine|Desc=Cyberlink Media Server Browser Engine
"{69158F8F-8CE3-4EE5-8519-53F54E201DB3}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server|Desc=CyberLink Media Server
"{2287B5E4-6D10-4531-864C-469F5D845C9C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{808DD07E-959E-4C4F-9FEE-0AE8330C4F1F}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{156388F3-B31F-41E8-B023-29693E3FE999}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{E333E074-2F79-4F29-B507-5E4287E12F9D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{EDFA9BFB-739C-44D8-8BBB-E64A06AE6495}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2FC51C5F-B13F-4CC1-B4BB-622FF51F8D3D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 11:07]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 00:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-12-15 03:53]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-12-15 03:54]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 08:12]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 05:51]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 05:51]
R3 ProtoWall;ProtoWall Network Service;C:\Windows\system32\DRIVERS\ProtoWall.sys [2006-01-02 04:20]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 05:31]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 07:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2520a55-d1e6-11dc-b87d-001d09366e26}]
\shell\AutoRun\command - F:\OblivionLauncher.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 01:00:00 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 00:59:59 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 20:34:58
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\system32\CISVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2008-03-09 20:38:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-09 20:38:34
ComboFix2.txt 2008-03-08 02:18:37
.
2008-03-05 21:53:15 --- E O F ---


And my MBAM log:

Malwarebytes' Anti-Malware 1.07
Database version: 471

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 147432
Time elapsed: 50 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
Rorschach112
Posted 10 March 2008 - 09:10 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\Windows\System32\cbsra.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.
  • 0

#7
Screenager
Posted 10 March 2008 - 10:37 AM

Screenager

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here are the results:

Posted Image
  • 0

#8
Rorschach112
Posted 10 March 2008 - 07:03 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "C:\Windows\System32\cbsra.exe"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:


    • C:\Windows\System32\cbsra.exe

  • Click Open.
  • Click Post.
Thank you!


Also tell me how your PC is running
  • 0

#9
Screenager
Posted 11 March 2008 - 05:27 AM

Screenager

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok, I have done all that. File has been posted at:

http://thespykiller....mp;topic=6160.0

Computer is running fine now. I'm no longer having that problems with explorer that I was having previously. There were a few small problems after running Combofix (display, internet connection) but I have sorted that out now.

Thank you for all the help that you have given me so far. I really appreciate it as there is no way that I would have been able to do this alone.

Screenager
  • 0

#10
Rorschach112
Posted 11 March 2008 - 08:19 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

Now lets uninstall Combofix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
The above procedure will do the following:
  • Delete ComboFix and its associated files and folders.
  • Delete VundoFix backups, if present
  • Delete the C:\Deckard folder, if present
  • Delete the C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#11
Screenager
Posted 11 March 2008 - 09:43 AM

Screenager

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks again for all your help, Rorschach112. :)
  • 0

#12
Rorschach112
Posted 11 March 2008 - 04:58 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP