Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

i need help i have the cryp tap-2 virus [RESOLVED]

Started by sisa722 , May 03 2008 10:25 AM

  • This topic is locked This topic is locked

#1
sisa722
Posted 03 May 2008 - 10:25 AM

sisa722

    New Member

  • Member
  • Pip
  • 9 posts
hi have read the "before posting a hijacklist" and i've followed the steps. but i think i'm still infected. my icons are still transparent and also my mouse touchpad no longer lets me scroll up and down on a page.
Here is my hijackthis log and the uninstalllog, and also the malaware log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:40 PM, on 5/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10062 bytes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~


Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Advanced Audio FX Engine
Advanced Video FX Engine
AdwareAlert
AIM 6
AIM Toolbar 5.0
AOL Install
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
Browser Address Error Redirector
Conexant HDA D330 MDC V.92 Modem
Dell Automated PC TuneUp
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Digital Line Detect
EarthLink Setup Files
Feurio! CD-Writer
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Intel® Matrix Storage Manager
Intel® PROSet/Wireless Software
Internet Service Offers Launcher
iTunes
Java™ SE Runtime Environment 6
Laptop Integrated Webcam Driver (1.03.02.0719)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
McAfee SecurityCenter
mCore
MediaDirect
mHelp
Microsoft Works
mMHouse
Modem Diagnostic Tool
mPfMgr
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Music, Photos & Videos Launcher
mWMI
NetWaiting
NetZeroInstallers
OutlookAddinSetup
Panda ActiveScan 2.0
Product Documentation Launcher
QuickSet
QuickTime
RealPlayer
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Safari
Smart Menus (Windows Live Toolbar)
Sonic Activation Module
SUPERAntiSpyware Free Edition
Trend Micro PC-cillin Internet Security
Trend Micro PC-cillin Internet Security
User's Guides
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes' Anti-Malware 1.11
Database version: 711

Scan type: Quick Scan
Objects scanned: 33664
Time elapsed: 8 minute(s), 50 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 31
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 13
Files Infected: 29

Memory Processes Infected:
C:\Program Files\AdwareAlert\AdwareAlert.srv.exe (Rogue.AdwareAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\Users\Rachel\AppData\Local\Temp\ssqOIBtq.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Program Files\AdwareAlert\TCL.dll (Rogue.AdwareAlert) -> Unloaded module successfully.
C:\Program Files\AdwareAlert\zlib.dll (Rogue.AdwareAlert) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0a9aecbd-50fb-42b5-a46e-5a6347674334} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1c3cba14-11ca-4e6b-b63f-07b43a6679df} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{28ef043c-5452-4278-be6b-1949598b21b1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31c2eed1-9228-4626-a6ee-abccc7f08047} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e870fed-312a-483b-93e5-2d8b359513da} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7daaae62-66f8-4053-b639-e437a019f53c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b04b1177-d6da-4d5c-85ef-972c96dadb38} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bdbbf7ff-aad3-4098-83fa-2b36a91adc55} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf0e3436-82b4-4255-b16a-8596ad25ad77} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d992296f-6ef2-41a0-901c-a54ac6e0f367} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc14f7ae-3154-453a-b3ad-473a14eab332} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2af1f6f-05e5-4758-9e9a-6da52ba34716} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9cb7a56-6a25-4469-a3cb-699e44b66fbf} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6743c36c-cbfe-11db-9705-005056c00008} (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6743c36c-cbfe-11db-9705-005056c00008} (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5b4016981c40d5f4b9925ed64ad7b526 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70b07021d02a5e347a162b223ea41cd5 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\a30d1592adaa3d743884b8318328ad99 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\a491438a809f60f458df33e67c80a5d2 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\bf91bd5c23255be4c8550acdf0f2ee89 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\cb6591e4426ef2b49aee7437e1144918 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\e326614894984a1468ca53b7dfcf99a5 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adwarealertsrv (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\adwarealertsrv (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adwarealertsrv (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMcf449fba (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cc77ac26 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\AdwareAlert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\AdwareAlert\FilterDrv\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdwareAlert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\FilterDrv (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Rachel\AppData\Roaming\AdwareAlert (Rogue.AdwareAlert) -> Delete on reboot.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\Quarantine (Rogue.AdwareAlert) -> Delete on reboot.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\Quarantine\01-05-2008-21-33-25 (Rogue.AdwareAlert) -> Delete on reboot.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\Quarantine\01-05-2008-21-33-25\77.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\Quarantine\01-05-2008-21-33-25\78.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\Quarantine\01-05-2008-21-33-25\79.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\Quarantine\01-05-2008-21-33-25\80.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\Quarantine\01-05-2008-21-33-25\81.qit (Rogue.AdwareAlert) -> Delete on reboot.

Files Infected:
C:\Users\Rachel\AppData\Local\Temp\ssqOIBtq.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\Installer\{276B6867-680A-49A6-ADF0-C0EC5CA011FD}\Icon.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\AdwareAlert.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\AdwareAlert.srv.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\AdwareAlert.url (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\DataBase.ref (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\Difxapi.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\SpyCleaner.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\TCL.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\vistaCPtasks.xml (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\zlib.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\FilterDrv\AdwareAlert.amd64.sys (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\FilterDrv\AdwareAlert.cat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\FilterDrv\AdwareAlert.inf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\FilterDrv\AdwareAlert.x86.sys (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdwareAlert\AdwareAlert on the Web.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdwareAlert\AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\Log\2008 May 03 - 08_34_03 AM_748.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\Log\2008 May 03 - 09_31_49 AM_735.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\Log\2008 May 03 - 09_35_17 AM_780.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\Log\2008 May 03 - 09_55_31 AM_836.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\Log\2008 May 03 - 09_58_16 AM_567.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\Log\2008 May 03 - 10_00_40 AM_267.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Rachel\AppData\Roaming\AdwareAlert\Log\2008 May 03 - 10_04_42 AM_054.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Rachel\AppData\Local\Temp\pnasakbe.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\Rachel\AppData\Local\Temp\imomjmqy.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\All Users\Desktop\AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Edited by sisa722, 03 May 2008 - 10:33 AM.

  • 0

Advertisements

#2
greyknight17
Posted 03 May 2008 - 07:00 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

I see both TrendMicro and McAfee installed there. Do they provide similar features/functions? If so, uninstall one of them now as they may conflict with each other.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
sisa722
Posted 03 May 2008 - 07:52 PM

sisa722

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ok...i ran the combofix below is the log:

ComboFix 08-05-01.3 - Rachel 2008-05-03 21:44:39.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1084 [GMT -4:00]
Running from: C:\Users\Rachel\Desktop\ComboFix2.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-03 11:57 . 2008-05-03 11:57 <DIR> d-------- C:\Program Files\Panda Security
2008-05-03 10:49 . 2008-05-03 10:49 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\SUPERAntiSpyware.com
2008-05-03 10:49 . 2008-05-03 10:49 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-03 10:49 . 2008-05-03 10:49 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-03 10:49 . 2008-05-03 10:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-03 10:48 . 2008-05-03 10:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 10:18 . 2008-05-03 10:18 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\Malwarebytes
2008-05-03 10:18 . 2008-05-03 10:18 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-03 10:18 . 2008-05-03 10:18 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-03 10:18 . 2008-05-03 10:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-03 10:17 . 2008-05-03 10:17 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\Download Manager
2008-05-01 21:23 . 2008-05-01 21:23 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-05-01 21:23 . 2008-04-24 13:46 22,512 --a------ C:\Windows\System32\drivers\adwarealert.sys
2008-05-01 20:49 . 2008-05-01 20:49 <DIR> d-------- C:\VundoFix Backups
2008-04-29 19:09 . 2006-03-03 11:07 143,360 --a------ C:\Windows\System32\dunzip32.dll
2008-04-29 19:08 . 2008-04-29 19:08 <DIR> d-------- C:\mcafee_mcpr
2008-04-29 19:08 . 2008-02-06 09:51 171,400 --a------ C:\Windows\System32\drivers\mfehidk.sys
2008-04-29 19:08 . 2007-03-02 14:17 120,360 --a------ C:\Windows\System32\drivers\Mpfp.sys
2008-04-29 19:08 . 2007-06-25 14:54 71,496 --a------ C:\Windows\System32\drivers\mfeavfk.sys
2008-04-29 19:08 . 2007-06-25 10:57 37,480 --a------ C:\Windows\System32\drivers\mfesmfk.sys
2008-04-29 19:08 . 2007-06-25 10:57 34,184 --a------ C:\Windows\System32\drivers\mfebopk.sys
2008-04-29 19:08 . 2007-06-25 10:57 32,008 --a------ C:\Windows\System32\drivers\mferkdk.sys
2008-04-29 19:07 . 2008-04-29 19:07 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-29 19:07 . 2008-04-29 21:57 <DIR> d-------- C:\Program Files\McAfee
2008-04-29 19:07 . 2008-04-29 19:09 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-29 18:53 . 2008-04-29 19:10 <DIR> d-------- C:\Users\All Users\McAfee
2008-04-29 18:53 . 2008-04-29 19:10 <DIR> d-------- C:\ProgramData\McAfee
2008-04-28 00:27 . 2008-05-01 22:18 <DIR> d--hs---- C:\Users\Rachel\!
2008-04-28 00:20 . 2008-04-28 00:20 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-28 00:20 . 2008-04-28 00:20 1,409 --a------ C:\Windows\QTFont.for
2008-04-27 11:35 . 2008-04-27 11:35 0 --a------ C:\Windows\cdplayer.ini
2008-04-27 11:34 . 2008-04-27 11:41 <DIR> d-------- C:\Program Files\Feurio
2008-04-15 18:29 . 2008-04-15 18:29 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-09 20:40 . 2008-04-09 20:40 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-09 20:40 . 2008-04-09 20:40 <DIR> d-------- C:\Program Files\Common Files\Real
2008-04-08 18:31 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-08 18:31 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-08 18:31 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-08 18:31 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-08 18:31 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-08 18:31 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-08 18:31 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-08 18:31 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-08 18:31 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-08 18:30 . 2008-02-29 00:16 2,027,008 --a------ C:\Windows\System32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 16:14 --------- d-----w C:\Program Files\Trend Micro
2008-04-30 02:35 --------- d-----w C:\Users\Rachel\AppData\Roaming\LimeWire
2008-04-30 02:01 --------- d-----w C:\Program Files\LimeWire
2008-04-28 01:48 --------- d-----w C:\ProgramData\Roxio
2008-04-10 00:40 --------- d-----w C:\Program Files\Real
2008-04-09 23:15 --------- d-----w C:\Program Files\Windows Mail
2008-03-27 03:41 --------- d-----w C:\Users\Rachel\AppData\Roaming\Apple Computer
2008-03-25 03:47 --------- d-----w C:\Program Files\Safari
2008-03-21 03:02 --------- d-----w C:\Users\Rachel\AppData\Roaming\Roxio
2008-03-20 00:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-13 23:53 0 ----a-w C:\Users\Rachel\AppData\Roaming\wklnhst.dat
2008-03-13 23:53 --------- d-----w C:\Users\Rachel\AppData\Roaming\Template
2008-03-08 06:42 --------- d-----w C:\Users\Rachel\AppData\Roaming\Intel
2008-03-08 01:42 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-08 01:42 --------- d-----w C:\Program Files\Windows Live Favorites
2008-03-08 01:41 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 01:41 --------- d-----w C:\Program Files\Windows Live
2008-03-08 01:35 --------- d-----w C:\ProgramData\WLInstaller
2008-03-08 01:19 --------- d--h--w C:\Users\Rachel\AppData\Roaming\GTek
2008-03-08 00:16 --------- d-----w C:\ProgramData\AOL OCP
2008-03-08 00:15 --------- d-----w C:\Users\Rachel\AppData\Roaming\acccore
2008-03-08 00:15 --------- d-----w C:\Program Files\AIM6
2008-03-08 00:14 --------- d-----w C:\ProgramData\AOL
2008-03-08 00:14 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-06 03:27 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-06 03:25 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-06 03:25 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-06 03:25 --------- d-----w C:\ProgramData\Apple Computer
2008-03-06 03:25 --------- d-----w C:\Program Files\iTunes
2008-03-06 03:25 --------- d-----w C:\Program Files\iPod
2008-03-06 03:23 --------- d-----w C:\ProgramData\Apple
2008-03-06 03:23 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-06 03:22 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-06 03:22 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-06 03:22 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-06 03:22 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-06 03:22 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-06 03:22 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-06 03:22 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-03-06 03:22 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-06 03:20 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-06 03:16 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-06 03:07 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-06 03:07 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-06 03:07 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-06 03:07 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-03-06 03:07 33,624 ----a-w C:\Windows\System32\wups.dll
2008-03-06 03:07 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-03-06 03:07 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-03-06 03:07 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-03-06 03:07 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-03-05 23:59 --------- d-----w C:\Users\Rachel\AppData\Roaming\Creative
2008-03-05 23:52 --------- d-----w C:\Users\Rachel\AppData\Roaming\tmp
2008-03-05 23:52 --------- d-----w C:\Users\Rachel\AppData\Roaming\Reallusion
2008-03-05 23:14 --------- d-sh--w C:\ProgramData\Templates
2008-03-05 23:14 --------- d-sh--w C:\ProgramData\Start Menu
2008-03-05 23:14 --------- d-sh--w C:\ProgramData\Favorites
2008-03-05 23:14 --------- d-sh--w C:\ProgramData\Documents
2008-03-05 23:14 --------- d-sh--w C:\ProgramData\Desktop
2008-03-05 23:14 --------- d-sh--w C:\ProgramData\Application Data
2008-02-29 23:06 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-02-29 23:05 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-02-29 23:05 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-02-29 23:05 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-02-29 23:05 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-02-29 23:05 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-02-29 23:05 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-02-29 23:02 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-02-29 23:02 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-02-29 23:02 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-02-29 23:02 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-02-29 23:02 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-02-29 23:02 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-02-29 23:02 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-02-29 23:00 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-02-29 22:57 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-02-29 22:56 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-02-29 22:56 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-02-29 22:56 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-02-29 22:56 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-02-29 22:55 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-02-29 22:55 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-02-29 22:55 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-02-29 22:55 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-02-29 22:52 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-02-29 22:52 36,864 ----a-w C:\Windows\System32\wmdmps.dll
2008-02-29 22:52 311,296 ----a-w C:\Windows\System32\mswmdm.dll
2008-02-29 22:52 31,744 ----a-w C:\Windows\System32\wmdmlog.dll
2008-02-29 22:52 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-02-29 22:50 53,760 ----a-w C:\Windows\System32\Mcx2Svc.dll
2008-02-29 22:50 475,136 ----a-w C:\Windows\System32\evr.dll
2008-02-29 22:50 414,208 ----a-w C:\Windows\System32\msdri.dll
2008-02-29 22:50 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-02-29 22:50 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-02-29 22:50 22,632 ----a-w C:\Windows\System32\streamci.dll
2008-02-29 22:50 160,872 ----a-w C:\Windows\System32\halmacpi.dll
2008-02-29 22:50 135,680 ----a-w C:\Windows\System32\wusa.exe
2008-02-29 22:50 134,760 ----a-w C:\Windows\System32\halacpi.dll
2008-02-29 22:50 134,144 ----a-w C:\Windows\System32\rdpdd.dll
2008-02-29 15:15 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=C:\Windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2007-09-07 02:49 159744 C:\Program Files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcf449fba]
C:\Users\Rachel\AppData\Local\Temp\pnasakbe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\Rachel\AppData\Local\Temp\ssqOIBtq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--------- 2007-07-27 18:43 118784 C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
--a------ 2007-10-11 11:49 465136 C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-10-09 20:57 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2007-05-25 02:03 17920 C:\Dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2006-11-02 08:35 125440 C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-02-29 11:41 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-12-14 23:53 154136 C:\Windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-03-21 15:00 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-12-14 23:54 137752 C:\Windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-10-03 13:37 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware Reboot]
--a------ 2008-04-07 20:17 1175160 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
--a------ 2007-08-28 01:51 36864 C:\Windows\OEM02Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a------ 2007-08-27 05:21 1807696 C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2007-11-01 17:39 189736 C:\Program Files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-12-14 23:53 133656 C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-03-05 23:21 1232896 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-11-12 07:07 405504 C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-09 20:40 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-02-29 18:55 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 08:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B7A81D67-136B-49A7-8AD6-AB42EBD63D62}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{BF9FD3BA-EA9A-43E8-B637-591ABDF24030}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{BAFBB4ED-EC0C-43BB-9FB8-940364289AEF}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{9E79D527-BBD4-4192-8037-2AF2E730ED17}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{88CFAA95-FCA4-46ED-9247-19EE0E6270EE}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2BEB06AB-2449-4F74-B248-E2141C7DC064}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{CFF3418A-9671-4DC3-A0D1-361976F3238E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{863C33D0-81F2-4CEC-826F-E635F84E1841}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{098D8314-6EC5-4796-9C52-6F28C2033B65}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F7DD7809-4460-43C2-9F10-BF0F7F56E463}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B00D04D4-A765-4D74-BFEE-672F57484C03}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E5D34C9F-612A-4E03-BA8C-2C6965BC9933}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 adwarealert;adwarealert;C:\Windows\system32\DRIVERS\adwarealert.sys [2008-04-24 13:46]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 07:07]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;C:\Windows\system32\DRIVERS\datunidr.sys [2007-08-23 20:29]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 20:39]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 21:37]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 19:13]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 19:13]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-12-14 23:53]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-12-14 23:54]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 01:51]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 01:51]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 01:31]
S3 DellAMBrokerService;DellAMBrokerService;"C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe" [2007-10-11 11:49]
S3 PTproct;PTproct;C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [2006-10-05 18:07]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 03:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 14:31:49 C:\Windows\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert.RachelWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
"2008-03-08 01:42:29 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-30 01:56:44 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-30 01:56:44 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-05-03 18:12:19 C:\Windows\Tasks\User_Feed_Synchronization-{4F32B8DA-94A1-456C-B67C-C330643BF1EE}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 21:47:02
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\explorer.exe
-> ?:\Windows\system32\Normaliz.dll
.
Completion time: 2008-05-03 21:48:12
ComboFix-quarantined-files.txt 2008-05-04 01:47:59

Pre-Run: 103,171,436,544 bytes free
Post-Run: 103,155,884,032 bytes free

318 --- E O F --- 2008-04-09 04:03:59

Edited by sisa722, 03 May 2008 - 08:56 PM.

  • 0

#4
greyknight17
Posted 04 May 2008 - 12:03 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

DirLook::
C:\Users\Rachel\!
File::
C:\Users\Rachel\AppData\Local\Temp\pnasakbe.dll
C:\Users\Rachel\AppData\Local\Temp\ssqOIBtq.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcf449fba]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#5
sisa722
Posted 05 May 2008 - 07:43 AM

sisa722

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
thanks for helping me!!
i followed your instructions and here is the log: (also, the log is 2.5mb, and it is to large to copy and paste the page keeps freezing; the majority of the log are these movies .avi (there is like over a 1,000 of them) that i have no idea where it came from so i'm only copying and pasteing a few of them just so you can see them...there are all in the same location)

ComboFix 08-05-01.3 - Rachel 2008-05-04 14:13:49.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1040 [GMT -4:00]
Running from: C:\Users\Rachel\Desktop\ComboFix2.exe
Command switches used :: C:\Users\Rachel\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Users\Rachel\AppData\Local\Temp\pnasakbe.dll
C:\Users\Rachel\AppData\Local\Temp\ssqOIBtq.dll
.

((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-03 11:57 . 2008-05-03 11:57 <DIR> d-------- C:\Program Files\Panda Security
2008-05-03 10:49 . 2008-05-03 10:49 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\SUPERAntiSpyware.com
2008-05-03 10:49 . 2008-05-03 10:49 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-03 10:49 . 2008-05-03 10:49 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-03 10:49 . 2008-05-03 10:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-03 10:48 . 2008-05-03 10:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 10:18 . 2008-05-03 10:18 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\Malwarebytes
2008-05-03 10:18 . 2008-05-03 10:18 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-03 10:18 . 2008-05-03 10:18 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-03 10:18 . 2008-05-03 10:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-03 10:17 . 2008-05-03 10:17 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\Download Manager
2008-05-01 21:23 . 2008-05-01 21:23 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-05-01 21:23 . 2008-04-24 13:46 22,512 --a------ C:\Windows\System32\drivers\adwarealert.sys
2008-05-01 20:49 . 2008-05-01 20:49 <DIR> d-------- C:\VundoFix Backups
2008-04-29 19:09 . 2006-03-03 11:07 143,360 --a------ C:\Windows\System32\dunzip32.dll
2008-04-29 19:08 . 2008-04-29 19:08 <DIR> d-------- C:\mcafee_mcpr
2008-04-29 19:08 . 2008-02-06 09:51 171,400 --a------ C:\Windows\System32\drivers\mfehidk.sys
2008-04-29 19:08 . 2007-03-02 14:17 120,360 --a------ C:\Windows\System32\drivers\Mpfp.sys
2008-04-29 19:08 . 2007-06-25 14:54 71,496 --a------ C:\Windows\System32\drivers\mfeavfk.sys
2008-04-29 19:08 . 2007-06-25 10:57 37,480 --a------ C:\Windows\System32\drivers\mfesmfk.sys
2008-04-29 19:08 . 2007-06-25 10:57 34,184 --a------ C:\Windows\System32\drivers\mfebopk.sys
2008-04-29 19:08 . 2007-06-25 10:57 32,008 --a------ C:\Windows\System32\drivers\mferkdk.sys
2008-04-29 19:07 . 2008-04-29 19:07 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-29 19:07 . 2008-04-29 21:57 <DIR> d-------- C:\Program Files\McAfee
2008-04-29 19:07 . 2008-04-29 19:09 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-29 18:53 . 2008-04-29 19:10 <DIR> d-------- C:\Users\All Users\McAfee
2008-04-29 18:53 . 2008-04-29 19:10 <DIR> d-------- C:\ProgramData\McAfee
2008-04-28 00:27 . 2008-05-01 22:18 <DIR> d--hs---- C:\Users\Rachel\!
2008-04-28 00:20 . 2008-04-28 00:20 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-28 00:20 . 2008-04-28 00:20 1,409 --a------ C:\Windows\QTFont.for
2008-04-27 11:35 . 2008-04-27 11:35 0 --a------ C:\Windows\cdplayer.ini
2008-04-27 11:34 . 2008-04-27 11:41 <DIR> d-------- C:\Program Files\Feurio
2008-04-15 18:29 . 2008-04-15 18:29 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-09 20:40 . 2008-04-09 20:40 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-09 20:40 . 2008-04-09 20:40 <DIR> d-------- C:\Program Files\Common Files\Real
2008-04-08 18:31 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-08 18:31 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-08 18:31 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-08 18:31 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-08 18:31 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-08 18:31 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-08 18:31 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-08 18:31 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-08 18:31 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-08 18:30 . 2008-02-29 00:16 2,027,008 --a------ C:\Windows\System32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 16:14 --------- d-----w C:\Program Files\Trend Micro
2008-04-30 02:35 --------- d-----w C:\Users\Rachel\AppData\Roaming\LimeWire
2008-04-30 02:01 --------- d-----w C:\Program Files\LimeWire
2008-04-28 01:48 --------- d-----w C:\ProgramData\Roxio
2008-04-10 00:40 --------- d-----w C:\Program Files\Real
2008-04-09 23:15 --------- d-----w C:\Program Files\Windows Mail
2008-03-27 03:41 --------- d-----w C:\Users\Rachel\AppData\Roaming\Apple Computer
2008-03-25 03:47 --------- d-----w C:\Program Files\Safari
2008-03-21 03:02 --------- d-----w C:\Users\Rachel\AppData\Roaming\Roxio
2008-03-20 00:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-13 23:53 0 ----a-w C:\Users\Rachel\AppData\Roaming\wklnhst.dat
2008-03-13 23:53 --------- d-----w C:\Users\Rachel\AppData\Roaming\Template
2008-03-08 06:42 --------- d-----w C:\Users\Rachel\AppData\Roaming\Intel
2008-03-08 01:42 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-08 01:42 --------- d-----w C:\Program Files\Windows Live Favorites
2008-03-08 01:41 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 01:41 --------- d-----w C:\Program Files\Windows Live
2008-03-08 01:35 --------- d-----w C:\ProgramData\WLInstaller
2008-03-08 01:19 --------- d--h--w C:\Users\Rachel\AppData\Roaming\GTek
2008-03-08 00:16 --------- d-----w C:\ProgramData\AOL OCP
2008-03-08 00:15 --------- d-----w C:\Users\Rachel\AppData\Roaming\acccore
2008-03-08 00:15 --------- d-----w C:\Program Files\AIM6
2008-03-08 00:14 --------- d-----w C:\ProgramData\AOL
2008-03-08 00:14 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-06 03:27 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-06 03:25 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-06 03:25 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-06 03:25 --------- d-----w C:\ProgramData\Apple Computer
2008-03-06 03:25 --------- d-----w C:\Program Files\iTunes
2008-03-06 03:25 --------- d-----w C:\Program Files\iPod
2008-03-06 03:23 --------- d-----w C:\ProgramData\Apple
2008-03-06 03:23 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-06 03:22 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-06 03:22 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-06 03:22 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-06 03:22 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-06 03:22 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-06 03:22 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-06 03:22 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-03-06 03:22 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-06 03:20 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-06 03:16 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-06 03:07 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-06 03:07 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-06 03:07 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-06 03:07 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-03-06 03:07 33,624 ----a-w C:\Windows\System32\wups.dll
2008-03-06 03:07 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-03-06 03:07 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-03-06 03:07 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-03-06 03:07 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-03-05 23:59 --------- d-----w C:\Users\Rachel\AppData\Roaming\Creative
2008-03-05 23:52 --------- d-----w C:\Users\Rachel\AppData\Roaming\tmp
2008-03-05 23:52 --------- d-----w C:\Users\Rachel\AppData\Roaming\Reallusion
2008-03-05 23:14 --------- d-sh--w C:\ProgramData\Templates
2008-03-05 23:14 --------- d-sh--w C:\ProgramData\Start Menu
2008-03-05 23:14 --------- d-sh--w C:\ProgramData\Favorites
2008-03-05 23:14 --------- d-sh--w C:\ProgramData\Documents
2008-03-05 23:14 --------- d-sh--w C:\ProgramData\Desktop
2008-03-05 23:14 --------- d-sh--w C:\ProgramData\Application Data
2008-02-29 23:06 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-02-29 23:05 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-02-29 23:05 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-02-29 23:05 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-02-29 23:05 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-02-29 23:05 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-02-29 23:05 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-02-29 23:02 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-02-29 23:02 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-02-29 23:02 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-02-29 23:02 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-02-29 23:02 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-02-29 23:02 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-02-29 23:02 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-02-29 23:00 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-02-29 22:57 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-02-29 22:56 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-02-29 22:56 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-02-29 22:56 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-02-29 22:56 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-02-29 22:55 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-02-29 22:55 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-02-29 22:55 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-02-29 22:55 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-02-29 22:52 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-02-29 22:52 36,864 ----a-w C:\Windows\System32\wmdmps.dll
2008-02-29 22:52 311,296 ----a-w C:\Windows\System32\mswmdm.dll
2008-02-29 22:52 31,744 ----a-w C:\Windows\System32\wmdmlog.dll
2008-02-29 22:52 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-02-29 22:50 53,760 ----a-w C:\Windows\System32\Mcx2Svc.dll
2008-02-29 22:50 475,136 ----a-w C:\Windows\System32\evr.dll
2008-02-29 22:50 414,208 ----a-w C:\Windows\System32\msdri.dll
2008-02-29 22:50 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-02-29 22:50 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-02-29 22:50 22,632 ----a-w C:\Windows\System32\streamci.dll
2008-02-29 22:50 160,872 ----a-w C:\Windows\System32\halmacpi.dll
2008-02-29 22:50 135,680 ----a-w C:\Windows\System32\wusa.exe
2008-02-29 22:50 134,760 ----a-w C:\Windows\System32\halacpi.dll
2008-02-29 22:50 134,144 ----a-w C:\Windows\System32\rdpdd.dll
2008-02-29 15:15 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Users\Rachel\! ----

2008-04-28 00:41 39576 --ah----- C:\Users\Rachel\!\(Xvid ita)La Soldatessa Alla Visita Militare(dvd-rip by echo) .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Zvezda (2002) PLwww warezonek xt pl.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Zorlac - Zero Hero.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Yvonne Ridley Explains Islam and Women Clears Misconceptions.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Yours, mine and ours.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\You Got Served - Full DVD - Perfect Quality.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Yoga for Women.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Yoga for Women Monthly.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Yoga for Dummies1-2_xvid.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Yoga for Dummies1-1_xvid.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Yoga for Dummies_1-1_SaraIvanhoe.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Yesterday CVCD .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Y.Tu.que.Sabes.Spanish.CVCD.DvDScreener.WWW.ZonaKXviD.ya.st.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\xvid ita ac3 flashdance.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\XviD - Mike Portnoy Archives - Live At Budokan (DVD Rip - 288x208, double audio FullBand-IsolatedDrum) - by bpx.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\xvid-ita Mp3Ac3Shopgirl.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\xvid-ita Mp3Ac3Il nascondiglio del diavol.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\XviD-ITA Il Commissario Montalbano -02- La Forma dellAcqua.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Xuxa Amor Estranho Amorvideo proibido upload by neumann.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\xbox 360 banned commercial.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\X3 (Xmen 3, Xmen III) Trailer Large (7min-tvspot) .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\www.depechemode.com.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\www france free frking-kong-french-svcd.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\www el com Fragiles MP3 Spanish XViD .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\www el com Fragiles MP3 Spanish MVCD .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\www el com Election TELECiNE MP3 Spanish XViD .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\www el com Asuntos pendientes MP3 Spanish XViD .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\WWE_Smackdown 05 05 06.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\WWE - WWF Wrestlemania XXI DVD-Rip .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\WWE - WWF Wrestlemania XX DVD-Rip .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\WWE - WWF Wrestlemania XVIII DVD-Rip .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\WWE - WWF Wrestlemania XIX DVD-Rip .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\WWE - WWF Wrestlemania XIII DVD-Rip .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\WWE - WWF Wrestlemania XII DVD-Rip .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\WWE - WWF Wrestlemania VII DVD-Rip .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\WWE - WWF Wrestlemania I DVD-Rip .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\WoW rogue PvP.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\World Cup Fever 1966.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Woodturning Natural edges and Hollow forms.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Wolf Creek 2005 viD AFO 26 12 05 pass.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\With Love - 09 .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\White Christmas Xvid .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\When.a.Stranger.Calls.CVCD.V.O.Sub.Spanish WWW.ZonaKXviD.ya.st.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\whca-colbert.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Weekend 1967 Jean-Luc Godard ViD - 833f d3m0n.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Webmaster Spanish CVCD .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\WARNING NASTY ZFX-South of the Border7 .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Walt Disneys The Story Of Menstruation (1946).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Wallander_8_-_Fotografen.mkv.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Wallander.9.Täckmanteln.XVID Cp.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Wallander.9.Tackmanteln.SWEDiSH.XViD TheEnd.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Wahre Luegen SCREENER MD German RSVCD-TSC.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Vts 4 4 Marcia Imperator Fidelidade a Prova mt23br.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Vts 4 4 Marcia Imperator Fidelidade a Prova mt23br .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Vts 3 4 Marcia Imperator Fidelidade a Prova mt23br.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Vts 3 4 Marcia Imperator Fidelidade a Prova mt23br .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Vts 2 4 Marcia Imperator Fidelidade a Prova mt23br.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Vts 2 4 Marcia Imperator Fidelidade a Prova mt23br .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Vts 1 4 Marcia Imperator Fidelidade a Prova mt23br.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Vts 1 4 Marcia Imperator Fidelidade a Prova mt23br .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Vts 0 0 Marcia Imperator Fidelidade a Prova MakingOf mt23br.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Voglia Di Vincere ITA Div TNT Village.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Vodka Lemon viD Elite NeTETG.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Voces Inocentes CVCD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Virgen a los 40 Spanish TeleCine .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Virgen a los 40 CVCD Spanish TeleCine .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Vince Carter 1998-1999.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\VIENTOS DE AGUA CAP. 10, 11 , 12.ratDVD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\VIENTOS DE AGUA CAP 7,8,9.ratDVD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Vida y color TS SCREENER.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\VH1s quot;I Love The 90squot; - (1991).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\verry funny video,s (by cyborg).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Veritas the Quest Pilot.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Vaya Noche .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\VANS Warped Tour (2005) WWW [bleep] S TK.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\vanguard e3 videos.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Van Veeteren-Covers.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Valiant CVCD .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\V_For_Vendetta_2005 iriverU10.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\V.For.Vendetta.FRENCH.DVDSCR.XVID.By.Kopake.For.Warez fr-x.com.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\V For Vendetta FRENCH CAM REPACK 1CD XViD-COBRA .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\[email protected]
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Until The End Of The World (Wim Wenders 1991) CD2 srt.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Until The End Of The World (Wim Wenders 1991) CD2 .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Until The End Of The World (Wim Wenders 1991) CD1 srt.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Until The End Of The World (Wim Wenders 1991) CD1 .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Unseen_Killers_3-sHeLL-FINAL-2005.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\United93 camera vcd cam to KVCD (Code9-group.org).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\UniNettuno Propedeutico Matematica s1e28 40.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Undiscovered (2005).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Under The Tuscan Sun 2003 (Lektor PL) B3S (Osloskop net) .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Una.Pelicula.de.Huevos.TS-Screener.www.emulebit.com.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Una Navidad De Locos .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Una Cancion del Pasado Spanish DvDScreener .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Una Cancion del Pasado Spanish CVCD DvDScreener .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Una Bala En La Cabeza 2CDs.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Un.Toque.De.Infidelidad Spanish. WWW.Bit azos.com. .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Un mercoledi da leoni.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Un Entrenador Genial Spanish .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Umbilical Brothers - Speedmouse.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\ULYSSES_31_DVD1.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Ultraviolet.REAL.PROPER.DVDSCR.XviD-PUKKA.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Ultimo tango a Parigi(1972) ALIEN.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\UFO - The Untold History of the Disclosure Project.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\UFC 43 - Meltdown.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Two Hands vid Bundy.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\TW.Rollin.With.The.Nines.2006.VCD.SCREENER-h4x0r3d.KVCD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\TW.Poseidon.CAM.VCD-h4x0r3d.KVCD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\TW.Failure.To.Launch.SCREENER.h4x0r3d.KVCD.SAMPLE.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\TW.Failure.To.Launch.SCREENER.h4x0r3d.KVCD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Turtles Can Fly.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Turkish Delight 1973 ratDVD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Turkey Shoot AKA Escape 2000 (1982) (Incl extras).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Trzy pogrzeby Melquiadesa Estrady (2005) Xvid DVDScr 2CD www warezonek xt pl.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Trinity and Sartana 1972 Western www.publicdomain s.com.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Transamerica.LiMiTED.DVDSCR.XViD-TFF - - - FIXED tff-trans.part02.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\trancendental Betales.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\TRamAHikari_Sentai_Maskman_2_a.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Trade.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Touch of Evil - Orson Welles.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Toto Che Visse Due Volte .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Total_Onslaught-Complete_36_DVD_Set viD-zXc.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Total Training for Adobe After Effects 6 - ratDVD 2 - 7 of 13.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Total Recall.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Tornado CVCD .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Tornad .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Tormenta De Verano -Spanish- DVDScreener XviD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Tormenta De Veran .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\TomAndJerryTheFastAndTheFurry2005 14 12 05 pass.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Tom Horn 1980 ratDVD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Tobe.Hoopers.Mortuary.FRENCH.FS.DVDSCR.XviD-CiNEFOX.By.Kopake.For.Warez .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\To Have and Have Not 1944 Hawks XviD FZB.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\TNT Village DivX ITA Luttazzi - Adenoidi 2003.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\TNT Village DivX ITA Beppe Grillo - Time Out - 2000.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\TNA Turning Point Streamcap nsv.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\TMDHarry.Potter.And.The.Goblet.Of.Fire.(maVen).TS.(2of2).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\TMDHarry.Potter.And.The.Goblet.Of.Fire.(maVen).TS.(1of2).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Tim Robbins - Embedded Live divx.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Thundercats_-_1x20_-_The_Astral_Prison.(TV).english.www.tvunderground.org.ru.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\This Man Cant Die 1967.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Thirty-Seven Chewies a kookie piece of social criticism .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\THIRTEEN.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\TheHarderTheyCome.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\THE_THREE_STOOGES_IN_COLOR.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The.Simpsons.S17E04-11.FLiPP3R.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\the.simpsons.1720.pdtv-lol.VTV.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The.Land.Before.Time--.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The.Devils.Own.DVD.Xvid-rodya.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The.Big.One www.emulebit.com.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Wild By Kopake.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\THE WARRIORS.FS.DIVX.AC3 .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Villian.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\the up in smoke tour by-vlb (Eminem,Ice Cube,Dr.Dree,Snoop Dogg).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Trollenberg Terror_AKA The Crawling Eye.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Triplets of Belleville (2003) NTSC DVDr Quality Broth RG.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Transporter 2002 QUALiTY-RG .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Sentinel TS xVID LRC 04 05 06 pass.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Sentinel TS xVID-LRC SceneMachine.org.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\the scene xvid episode 15 .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\the room8.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Roller Blade Seven 1991 PAL VHSRip XviD-ANON.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Ringer viD-LMG SceneMachine.org.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Residents The Commercial DVD .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Quick and the Dead Sharon Stone.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Prophecy 1-3.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Prodigy Their Law The Singles 1990-2005 2005 viD-CRDS SceneMachine.org.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Phantom of the Opera - Resynched (DivX).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Perfect ManIdealny Facet 2005 LEKTOR XVID SUBSwww warezonek xt pl.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Pentagons New Map (FascismCorporatism for dummies) (2004).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Passion of the Christ 2004 XviD Beefstew RG.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Passion Of The Christ - Dowloaders - leo japones.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Outlaw Josey Wales Clint EastwoodXviD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Net 2 0 2006 STV DVDSCR XviD 15 12 05 pass.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Nazis A Warning From History.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Message 1 CD DVD Rip Eng (The Story Of Islam).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Mars Volta - Inertiatic E S P.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Lord of the Rings - Special Abridged Edition (DivX).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The L Word s01 ep 01 02 - Pilot 3293321 TPB.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Killer.DIVX.AC3 .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Iron Giant.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Invisible Woman_.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Greatest Game Ever Played.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Great Water 2004 LiMiTED viD-PuRE www shortyforum com.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Gate.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Flintstones.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Dark Side Of The Heart 1992 viD-iMBT.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Dark 2005 QUALiTY RG.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Constant Gardener DVDR-Replica.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Cave FRENCH DVDSCR XViD-FLNC .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Bunny Guards vs The Forces of Evil.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The BodyGuard Spanish .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The BodyGuard CVCD .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Blue Screen Of Death divx.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Black Door Spanish CVCD .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Black Door Spanish .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Bible and Health (Kent Hovind).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Beatles (video) - Yellow Submarine (Film - 1968) .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Beatles - Help (The Movie) .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Baxter 2005 LiMiTeD viD 14 12 05 pass.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Atrocity Exhibition (2000) DivX C.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The Astaire and Rogers Collection viD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\the art of human dissection.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\The 40 Year Old Virgin UNRATED DVDR-Replica tl.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\terreur sur la ligne remake.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Terapia.Genetica.DVBRip.www.emulebit.com.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Tenjo Tenge Vol.7 by dl.am.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Tenjo Tenge Vol.6 by dl.am.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Tank GirlDVD Rip.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Tamara 2005 LiMiTED viD 16 12 05 pass.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Systm Episode 2 MythTV XVID.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Syriana viD-DoNE SceneMachine.org.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sylvie Joly La Cigale Et La Joly FRENCH ViD-STuFF ALLTEAM.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Super Palestine (The Israeli Terror in Palestine).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Super Kickers 2006 S01E51 Der Traumschuss German dTV XviD-NMP.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Super Kickers 2006 S01E50 Kampf der Rivalen German dTV XviD NMP.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Super Kickers 2006 S01E49 Das Ziel 10 Tore und 10 Vorlagen German dTV XviD NMP.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sunrise Festival 2005 (oficjalny film) SVCD-PALSTEREO1cdMDS-malibu.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sunrise Festival 2005 - httpwww.mdt-agency.pl.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Such Great Heights acrobatic video - 2005 - Theora.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Storst Av Allt 2005 SWEDISH viD-BIO.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Stoned.2005.LIMITED viD-FiCO.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Stephen Colbert - 2006 White House Correspondents Dinner.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Stay.Alive.CVCD.V.O.Sub.Spanish.TeleSync.WWW.ZonaKXviD.ya.st.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Star Wars Episodio III La venganza de los Sith Spanish.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Star Wars - Clone Wars (PSP).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\spinn och jerkbaitfiske efter vårgädda.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Spiderman 2 2004 Full DVDr Quality Broth RG.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Speedy Gonzales.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sonic_Jihad12.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sola06_Expedition_H.beta_www.falky.ch_preDVD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sobreviviendo a la Navidad CVCD .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sobreviviendo a la Navidad .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sobre Ruedas DVD SCREENER.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Snuten i Hollywood.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Snatch (divx v fr)(1) .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sleepy Hollow .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\SKGSA_K_640x360.divx.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Skenderbeu CD2 Shqip Albanian avi 3428037 TPB.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Six La Hermandad Spanish CVCD .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sin City RECUT EXTENDED UNRATED DVDR-Replica.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sin City CVCD .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sin City 2CDs Spanish.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Silent Hill 2006 Full Unedited Promo (english).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Shopgirl DVDSCR XviD PuRE 26 12 05 pass.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Shooting Dogs vid28 12 05 pass.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sharkman Spanish CVCD .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sharkman Spanish .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Seventh Seal, The 1957 Ingmar Bergman ViD - 833f d3m0n.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Serial.Experiments.Lain.10-13.by.BigXGenesis.for. dl.am.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Serenity DVDScreener.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sener SenIlyas Salman - Cicek Abbas By SerdaL.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sener SenIlyas Salman - Banker Bilo .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Semen Una Historia de Amor RATDVDSpanishSubEnglishwww pc com.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Seinse.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\SeductionThe Cruel WomanGerman SM[bleep].avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Secreto De Confesion CVCD .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Secreto De Confesion .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Se.Monto.La.Gorda Spanish.www.emulebit.com.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Scrubs.S05E22.iriverU10.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Scrubs.S05E21.iriverU10.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Scrubs.S05E20.iriverU10.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Scrubs Temporada 1 Capitulo 17 DVB.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Scooby Doo in Wheres My Mummy 2005 TV viD 13 12 05 pass.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\SchrammGERDivxGOREwww warezonek xt pl.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\School Rumble Vol.3 by dl.am.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\School for seduction (IRENA).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Schindlers List 2DVD NTSC.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Saw 2004 QUALiTY-RG .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Saw 2 (Turkce Dublaj) MVCD-61.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Salaam Bombay 1988 viD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sachsen Paule - Der Ossirammler - DVD Rip - MVCD - by Paolo Pinkel .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\sa-sh-ts.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Sønnen Fra America.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\S_S.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\S.Paradjanov - Kievskiy Freskiy - Kiev Frescos (1966 - 15minutes-TVrip).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Run Lola Run(external Eng,Fra Subs).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rumor Has It CAM HYdRO 31 12 05 pass.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\rum-320-240.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\rubiks cube in 1649 .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\rr_avalon_test.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rounders Eng 1998 ALIEN www warezonek xt pl.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rounders-DIVXSquiggiE.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rome - Rzym (2005)Lektor PLS01E02TV-HBORmvBusterS.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rome - Rzym (2005)Lektor PLS01E01TV-HBORmvBusterS.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rollin With The Nines 2006 VCD SCREEENER-SaGa(Invite-Only.org).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Roller Blade (1986).avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Roll Bounce Proper CAM-DVD Encode.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Robotech The Movie.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Robins hood.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rob_Warr.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Roadrunner-united_The-allstarsessions.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Ringo and Amon visit Xeno 0001 .avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\reklame s100 raw.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rejseholdet_afsnit_10_Svenborg_SVCD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rejseholdet_afsnit_09_Holbæk,_Udby_del_2_SVCD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rejseholdet_afsnit_08_Holbæk,_Udby_del_1_SVCD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rejseholdet_afsnit_07_Esbjerg_SVCD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rejseholdet_afsnit_06_Roskilde_SVCD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rejseholdet_afsnit_05_Nødebo_SVCD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rejseholdet_afsnit_04_Nakskov_SVCD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rejseholdet_afsnit_03_Horsens_del_2_SVCD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rejseholdet_afsnit_02_Horsens_del_1_SVCD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Rejseholdet_afsnit_01_Hillerød_SVCD.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\ReikaKatsuragi www tok-kong com.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Red Hot Chili Peppers - Dani California MTVRipiriverU10.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Red Hot Chili Peppers - Dani California MTV Rip.avi
2008-04-28 00:41 39576 --a------ C:\Users\Rachel\!\Reacute;servoir Dogs .avi


((((((((((((((((((((((((((((( snapshot@2008-05-03_21.47.36.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-04 01:29:36 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-04 18:01:46 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-03 16:09:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-04 14:45:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-03 16:09:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-04 14:45:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-03 16:12:45 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-04 14:48:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-03 16:12:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-04 14:48:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-03 23:50:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-04 14:47:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-03 23:50:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-04 14:47:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-03 23:50:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-04 14:47:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=C:\Windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2007-09-07 02:49 159744 C:\Program Files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcf449fba]
C:\Users\Rachel\AppData\Local\Temp\pnasakbe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\Rachel\AppData\Local\Temp\ssqOIBtq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--------- 2007-07-27 18:43 118784 C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
--a------ 2007-10-11 11:49 465136 C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-10-09 20:57 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2007-05-25 02:03 17920 C:\Dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2006-11-02 08:35 125440 C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-02-29 11:41 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-12-14 23:53 154136 C:\Windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-03-21 15:00 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-12-14 23:54 137752 C:\Windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-10-03 13:37 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware Reboot]
--a------ 2008-04-07 20:17 1175160 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
--a------ 2007-08-28 01:51 36864 C:\Windows\OEM02Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a------ 2007-08-27 05:21 1807696 C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2007-11-01 17:39 189736 C:\Program Files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-12-14 23:53 133656 C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-03-05 23:21 1232896 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-11-12 07:07 405504 C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-09 20:40 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-02-29 18:55 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 08:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B7A81D67-136B-49A7-8AD6-AB42EBD63D62}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{BF9FD3BA-EA9A-43E8-B637-591ABDF24030}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{BAFBB4ED-EC0C-43BB-9FB8-940364289AEF}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{9E79D527-BBD4-4192-8037-2AF2E730ED17}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{88CFAA95-FCA4-46ED-9247-19EE0E6270EE}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2BEB06AB-2449-4F74-B248-E2141C7DC064}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{CFF3418A-9671-4DC3-A0D1-361976F3238E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{863C33D0-81F2-4CEC-82

Edited by sisa722, 05 May 2008 - 02:28 PM.

  • 0

#6
sisa722
Posted 05 May 2008 - 02:31 PM

sisa722

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
"{863C33D0-81F2-4CEC-826F-E635F84E1841}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{098D8314-6EC5-4796-9C52-6F28C2033B65}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F7DD7809-4460-43C2-9F10-BF0F7F56E463}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B00D04D4-A765-4D74-BFEE-672F57484C03}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E5D34C9F-612A-4E03-BA8C-2C6965BC9933}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 adwarealert;adwarealert;C:\Windows\system32\DRIVERS\adwarealert.sys [2008-04-24 13:46]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 07:07]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;C:\Windows\system32\DRIVERS\datunidr.sys [2007-08-23 20:29]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 20:39]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 21:37]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 19:13]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 19:13]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-12-14 23:53]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-12-14 23:54]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 01:51]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 01:51]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 01:31]
S3 DellAMBrokerService;DellAMBrokerService;"C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe" [2007-10-11 11:49]
S3 PTproct;PTproct;C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [2006-10-05 18:07]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 03:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 14:31:49 C:\Windows\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
- C:\Program Files\AdwareAlert
"2008-03-08 01:42:29 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-30 01:56:44 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-30 01:56:44 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-05-04 15:37:08 C:\Windows\Tasks\User_Feed_Synchronization-{4F32B8DA-94A1-456C-B67C-C330643BF1EE}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 14:15:44
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-04 14:16:51
ComboFix-quarantined-files.txt 2008-05-04 18:16:43
ComboFix2.txt 2008-05-04 01:48:13

Pre-Run: 98,734,301,184 bytes free
Post-Run: 98,701,885,440 bytes free

32620 --- E O F --- 2008-04-09 04:03:59
  • 0

#7
greyknight17
Posted 05 May 2008 - 07:24 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Disconnect from the internet and turn off all your security programs now. Just want to be sure they are not interfering with the fix here.

Don't worry about all those files. It seems this infection is on a rampage lately. You are one of the small handful of users who have this issue. There was another user that has twice as much files in their log :)

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

KILLALL::
Folder::
C:\Users\Rachel\!
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcf449fba]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is it running so far?
  • 0

#8
sisa722
Posted 05 May 2008 - 10:47 PM

sisa722

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ok....i followed your instructions and everytime combo fix starts, the computer reboots itself and there is no log...i did it 3 times and the third time it says it cannot run program. ahhhh i'm sorry if this is alot of work :) this virus doesn't want to leave!! lol

Edited by sisa722, 06 May 2008 - 09:43 AM.

  • 0

#9
sisa722
Posted 06 May 2008 - 06:52 AM

sisa722

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
hi i have a question...my laptop is only a few months old...i don't have much important stuff on it yet that i don't already have backuped...so my question is...would it be easier to just re-formatted it...i have the windows vista cd. will that eliminate the virus?

if not what if i try to delete those movies myself instead of using combofix...could it be that its too large and that's why it keeps restarting?
  • 0

#10
sisa722
Posted 06 May 2008 - 01:23 PM

sisa722

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ok...i hope i didn't do something bad...but i'm a little impulsive...i went ahead and i think i deleted that folder and movies manual...there was 22,840 .avi's in that folder and it was 852 mb large!! anyway i then ran combofix again with the first CFScript quote you gave me and the movies don't show anymore?? did i do a good or bad thing??

here is the log:

ComboFix 08-05-01.3 - Rachel 2008-05-06 15:02:52.11 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1113 [GMT -4:00]
Running from: C:\Users\Rachel\Desktop\ComboFix2.exe
Command switches used :: C:\Users\Rachel\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Users\Rachel\AppData\Local\Temp\pnasakbe.dll
C:\Users\Rachel\AppData\Local\Temp\ssqOIBtq.dll
.

((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.

2008-05-06 09:01 . 2008-05-06 09:01 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{cd66625f-1b6b-11dd-9fac-001e4ce3d9be}.TMContainer00000000000000000002.regtrans-ms
2008-05-06 09:01 . 2008-05-06 09:01 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{cd66625f-1b6b-11dd-9fac-001e4ce3d9be}.TMContainer00000000000000000001.regtrans-ms
2008-05-06 09:01 . 2008-05-06 09:01 65,536 --ahs---- C:\Users\Public\NTUSER.DAT{cd66625f-1b6b-11dd-9fac-001e4ce3d9be}.TM.blf
2008-05-06 09:01 . 2008-05-06 09:01 5,120 --ah----- C:\Users\Public\NTUSER.DAT.LOG1
2008-05-06 09:01 . 2008-05-06 09:01 0 --ah----- C:\Users\Public\NTUSER.DAT.LOG2
2008-05-03 11:57 . 2008-05-03 11:57 <DIR> d-------- C:\Program Files\Panda Security
2008-05-03 10:49 . 2008-05-03 10:49 <DIR> d--h----- C:\Users\Rachel\AppData\Roaming\SUPERAntiSpyware.com
2008-05-03 10:49 . 2008-05-03 10:49 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-03 10:49 . 2008-05-03 10:49 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-03 10:49 . 2008-05-06 00:34 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-03 10:18 . 2008-05-03 10:18 <DIR> d--h----- C:\Users\Rachel\AppData\Roaming\Malwarebytes
2008-05-03 10:18 . 2008-05-03 10:18 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-03 10:18 . 2008-05-03 10:18 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-03 10:17 . 2008-05-03 10:17 <DIR> d--h----- C:\Users\Rachel\AppData\Roaming\Download Manager
2008-05-01 21:23 . 2008-05-01 21:23 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-05-01 21:23 . 2008-04-24 13:46 22,512 --a------ C:\Windows\System32\drivers\adwarealert.sys
2008-05-01 20:49 . 2008-05-01 20:49 <DIR> d-------- C:\VundoFix Backups
2008-04-29 19:08 . 2008-04-29 19:08 <DIR> d-------- C:\mcafee_mcpr
2008-04-29 18:53 . 2008-05-06 09:03 <DIR> d-------- C:\Users\All Users\McAfee
2008-04-29 18:53 . 2008-05-06 09:03 <DIR> d-------- C:\ProgramData\McAfee
2008-04-28 00:20 . 2008-04-28 00:20 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-28 00:20 . 2008-04-28 00:20 1,409 --a------ C:\Windows\QTFont.for
2008-04-27 11:35 . 2008-04-27 11:35 0 --a------ C:\Windows\cdplayer.ini
2008-04-27 11:34 . 2008-04-27 11:41 <DIR> d-------- C:\Program Files\Feurio
2008-04-15 18:29 . 2008-04-15 18:29 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-09 20:40 . 2008-04-09 20:40 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-09 20:40 . 2008-04-09 20:40 <DIR> d-------- C:\Program Files\Common Files\Real
2008-04-08 18:31 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-08 18:31 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-08 18:31 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-08 18:31 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-08 18:31 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-08 18:31 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-08 18:31 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-08 18:31 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-08 18:31 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-08 18:30 . 2008-02-29 00:16 2,027,008 --a------ C:\Windows\System32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 16:14 --------- d-----w C:\Program Files\Trend Micro
2008-04-30 02:35 --------- d--h--w C:\Users\Rachel\AppData\Roaming\LimeWire
2008-04-30 02:01 --------- d-----w C:\Program Files\LimeWire
2008-04-28 01:48 --------- d-----w C:\ProgramData\Roxio
2008-04-10 00:40 --------- d-----w C:\Program Files\Real
2008-04-09 23:15 --------- d-----w C:\Program Files\Windows Mail
2008-03-27 03:41 --------- d--h--w C:\Users\Rachel\AppData\Roaming\Apple Computer
2008-03-25 03:47 --------- d-----w C:\Program Files\Safari
2008-03-21 03:02 --------- d--h--w C:\Users\Rachel\AppData\Roaming\Roxio
2008-03-20 00:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-13 23:53 0 ---ha-w C:\Users\Rachel\AppData\Roaming\wklnhst.dat
2008-03-13 23:53 --------- d--h--w C:\Users\Rachel\AppData\Roaming\Template
2008-03-08 06:42 --------- d--h--w C:\Users\Rachel\AppData\Roaming\Intel
2008-03-08 01:42 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-08 01:42 --------- d-----w C:\Program Files\Windows Live Favorites
2008-03-08 01:41 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 01:41 --------- d-----w C:\Program Files\Windows Live
2008-03-08 01:35 --------- d-----w C:\ProgramData\WLInstaller
2008-03-08 01:19 --------- d--h--w C:\Users\Rachel\AppData\Roaming\GTek
2008-03-08 00:16 --------- d-----w C:\ProgramData\AOL OCP
2008-03-08 00:15 --------- d--h--w C:\Users\Rachel\AppData\Roaming\acccore
2008-03-08 00:15 --------- d-----w C:\Program Files\AIM6
2008-03-08 00:14 --------- d-----w C:\ProgramData\AOL
2008-03-08 00:14 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-06 03:27 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-06 03:25 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-06 03:25 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-06 03:25 --------- d-----w C:\ProgramData\Apple Computer
2008-03-06 03:25 --------- d-----w C:\Program Files\iTunes
2008-03-06 03:25 --------- d-----w C:\Program Files\iPod
2008-03-06 03:23 --------- d-----w C:\ProgramData\Apple
2008-03-06 03:23 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-06 03:22 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-06 03:22 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-06 03:22 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-06 03:22 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-06 03:22 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-06 03:22 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-06 03:22 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-03-06 03:22 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-06 03:20 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-06 03:16 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-06 03:07 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-06 03:07 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-06 03:07 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-06 03:07 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-03-06 03:07 33,624 ----a-w C:\Windows\System32\wups.dll
2008-03-06 03:07 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-03-06 03:07 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-03-06 03:07 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-03-06 03:07 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-02-29 23:06 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-02-29 23:05 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-02-29 23:05 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-02-29 23:05 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-02-29 23:05 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-02-29 23:05 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-02-29 23:05 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-02-29 23:02 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-02-29 23:02 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-02-29 23:02 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-02-29 23:02 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-02-29 23:02 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-02-29 23:02 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-02-29 23:02 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-02-29 23:00 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-02-29 22:57 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-02-29 22:56 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-02-29 22:56 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-02-29 22:56 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-02-29 22:56 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-02-29 22:55 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-02-29 22:55 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-02-29 22:55 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-02-29 22:55 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-02-29 22:52 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-02-29 22:52 36,864 ----a-w C:\Windows\System32\wmdmps.dll
2008-02-29 22:52 311,296 ----a-w C:\Windows\System32\mswmdm.dll
2008-02-29 22:52 31,744 ----a-w C:\Windows\System32\wmdmlog.dll
2008-02-29 22:52 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-02-29 22:50 53,760 ----a-w C:\Windows\System32\Mcx2Svc.dll
2008-02-29 22:50 475,136 ----a-w C:\Windows\System32\evr.dll
2008-02-29 22:50 414,208 ----a-w C:\Windows\System32\msdri.dll
2008-02-29 22:50 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-02-29 22:50 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-02-29 22:50 22,632 ----a-w C:\Windows\System32\streamci.dll
2008-02-29 22:50 160,872 ----a-w C:\Windows\System32\halmacpi.dll
2008-02-29 22:50 135,680 ----a-w C:\Windows\System32\wusa.exe
2008-02-29 22:50 134,760 ----a-w C:\Windows\System32\halacpi.dll
2008-02-29 22:50 134,144 ----a-w C:\Windows\System32\rdpdd.dll
2008-02-29 15:15 174 --sha-w C:\Program Files\desktop.ini
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Users\Rachel\! ----

C:\Users\Rachel\!\


((((((((((((((((((((((((((((( snapshot@2008-05-03_21.47.36.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-04 01:29:36 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-06 18:39:24 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-03 16:09:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-06 18:39:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-03 16:09:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-06 18:39:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-03 16:12:45 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-06 18:42:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-03 16:12:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-06 18:42:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-03 23:50:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-06 12:42:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-03 23:50:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-06 12:42:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-03 23:50:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-06 12:42:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-03 14:35:19 5,030 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1932921871-4133750154-1044134656-1000_UserData.bin
+ 2008-05-06 18:42:33 5,182 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1932921871-4133750154-1044134656-1000_UserData.bin
- 2008-05-03 14:35:18 62,694 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-06 18:42:33 66,710 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-03 14:35:03 41,704 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-06 14:35:25 43,052 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=C:\Windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2007-09-07 02:49 159744 C:\Program Files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--------- 2007-07-27 18:43 118784 C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
--a------ 2007-10-11 11:49 465136 C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-10-09 20:57 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2007-05-25 02:03 17920 C:\Dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2006-11-02 08:35 125440 C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-02-29 11:41 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-12-14 23:53 154136 C:\Windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-03-21 15:00 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-12-14 23:54 137752 C:\Windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-10-03 13:37 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware Reboot]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
--a------ 2007-08-28 01:51 36864 C:\Windows\OEM02Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a------ 2007-08-27 05:21 1807696 C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2007-11-01 17:39 189736 C:\Program Files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-12-14 23:53 133656 C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-03-05 23:21 1232896 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-11-12 07:07 405504 C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-09 20:40 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-02-29 18:55 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 08:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B7A81D67-136B-49A7-8AD6-AB42EBD63D62}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{BF9FD3BA-EA9A-43E8-B637-591ABDF24030}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{BAFBB4ED-EC0C-43BB-9FB8-940364289AEF}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{9E79D527-BBD4-4192-8037-2AF2E730ED17}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{88CFAA95-FCA4-46ED-9247-19EE0E6270EE}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2BEB06AB-2449-4F74-B248-E2141C7DC064}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{CFF3418A-9671-4DC3-A0D1-361976F3238E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{863C33D0-81F2-4CEC-826F-E635F84E1841}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{098D8314-6EC5-4796-9C52-6F28C2033B65}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F7DD7809-4460-43C2-9F10-BF0F7F56E463}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B00D04D4-A765-4D74-BFEE-672F57484C03}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 adwarealert;adwarealert;C:\Windows\system32\DRIVERS\adwarealert.sys [2008-04-24 13:46]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 07:07]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;C:\Windows\system32\DRIVERS\datunidr.sys [2007-08-23 20:29]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 20:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-12-14 23:53]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-12-14 23:54]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 01:51]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 01:51]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 01:31]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 21:37]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 19:13]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 19:13]
S3 DellAMBrokerService;DellAMBrokerService;"C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe" [2007-10-11 11:49]
S3 PTproct;PTproct;C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [2006-10-05 18:07]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 03:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 14:31:49 C:\Windows\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
- C:\Program Files\AdwareAlert
"2008-03-08 01:42:29 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-05 23:22:24 C:\Windows\Tasks\User_Feed_Synchronization-{4F32B8DA-94A1-456C-B67C-C330643BF1EE}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 15:05:18
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-06 15:07:43
ComboFix-quarantined-files.txt 2008-05-06 19:06:48
ComboFix2.txt 2008-05-06 18:28:21
ComboFix3.txt 2008-05-06 15:30:45
ComboFix4.txt 2008-05-06 14:23:40
ComboFix5.txt 2008-05-04 18:16:52

Pre-Run: 98,994,814,976 bytes free
Post-Run: 98,972,487,680 bytes free

317 --- E O F --- 2008-04-09 04:03:59
  • 0

#11
sisa722
Posted 07 May 2008 - 03:38 PM

sisa722

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
hi there...i just ran the panda scan...and it says i have 24 infected files. i am copy and pasteing the log.

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-07 17:29:44
PROTECTIONS: 2
MALWARE: 24
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
PC-cillin Internet Security - Virus Protectio14.70.1014 No No
McAfee VirusScan Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@tradedoubler[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@mediaplex[1].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@apmebf[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@advertising[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@zedo[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@adrevolver[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@target[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@atwola[1].txt
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Users\Rachel\Desktop\ComboFix2.exe[327882R2FWJFW\NirCmdC.cfexe]
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location �ֶ`��
3
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description �ֶ`��
3
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
  • 0

#12
greyknight17
Posted 08 May 2008 - 08:58 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Yep, that's ok to delete them manually.

For those files found by Panda, most are just cookie files. You may delete them all if you wish or use ATF Cleaner which should get rid of them.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#13
sisa722
Posted 09 May 2008 - 06:10 AM

sisa722

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
thank youuu everything works now!!
  • 0

#14
greyknight17
Posted 10 May 2008 - 02:39 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP